Pullup ticket #3654 - requested by tron

textproc/libxml2 security patch Revisions pulled up: - textproc/libxml2/Makefile 1.112 - textproc/libxml2/distinfo 1.86 - textproc/libxml2/patches/patch-al 1.3 --- Module Name: pkgsrc Committed By: drochner Date: Tue Jan 17 14:43:44 UTC 2012 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-al Log Message: add patch from upstream to fix potential DOS problem (CVE-2011-3905) bump PKGREV
author: sbd <sbd@pkgsrc.org> 2012-01-19 06:07:36 +0000
committer: sbd <sbd@pkgsrc.org> 2012-01-19 06:07:36 +0000
commit: adb06b61ae0c4a6792c6b5f3bc8836ba892256da (patch)
tree: e64d7d1946634a1870446a2ed4f2775483115490
parent: 1afb3c9ab782fc42535bce183751ad829f046ec1 (diff)
download: pkgsrc-adb06b61ae0c4a6792c6b5f3bc8836ba892256da.tar.gz
3 files changed, 57 insertions, 7 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index b64a443ced4..c482268aa48 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.110.2.1 2012/01/13 13:10:41 tron Exp $
+# $NetBSD: Makefile,v 1.110.2.2 2012/01/19 06:07:36 sbd Exp $
 
 DISTNAME=	libxml2-2.7.8
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 0b616061b91..39c9a86df2c 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84.2.1 2012/01/13 13:10:42 tron Exp $
+$NetBSD: distinfo,v 1.84.2.2 2012/01/19 06:07:36 sbd Exp $
 
 SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40
 RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47
@@ -11,6 +11,6 @@ SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd
 SHA1 (patch-ag) = ab4aeeb8ca696b88285274760ab3ef08800773a0
 SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4
 SHA1 (patch-ak) = 5e0e9807d7ae0bc93a5583a61bb88a49ec1751e8
-SHA1 (patch-al) = a52bde60a5f42758036639f069df64e8ff7e4b11
+SHA1 (patch-al) = 45f984fef5cf5d04c46e940867707897396a9c9f
 SHA1 (patch-include_libxml_xpath.h) = 3fc74551a7843668cf9ffee19b1f20ccb674e153
 SHA1 (patch-xpointer.c) = fa720fd515bab3f99bb11bf56320b3ad8e5fb211
diff --git a/textproc/libxml2/patches/patch-al b/textproc/libxml2/patches/patch-al
index b2f76f5aaee..9338081eb49 100644
--- a/textproc/libxml2/patches/patch-al
+++ b/textproc/libxml2/patches/patch-al
@@ -1,10 +1,11 @@
-$NetBSD: patch-al,v 1.1.8.1 2012/01/13 13:10:42 tron Exp $
+$NetBSD: patch-al,v 1.1.8.2 2012/01/19 06:07:36 sbd Exp $
 
 -from gnome git: Fix some potential problems on reallocation failures
 -CVE-2011-3919
 -from gnome git: Fix memory corruption
+-CVE-2011-3905
 
---- parser.c.orig	2010-11-04 15:55:45.000000000 +0000
+--- parser.c.orig	2012-01-17 10:21:47.000000000 +0000
 +++ parser.c
 @@ -1819,15 +1819,14 @@ namePush(xmlParserCtxtPtr ctxt, const xm
  
@@ -33,7 +34,27 @@ $NetBSD: patch-al,v 1.1.8.1 2012/01/13 13:10:42 tron Exp $
  		}
  		for (;i > 0;i--)
  		    buffer[nbchars++] = *cur++;
-@@ -6992,6 +6991,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+@@ -4949,7 +4948,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ 		    (ctxt->sax->processingInstruction != NULL))
+ 		    ctxt->sax->processingInstruction(ctxt->userData,
+ 		                                     target, NULL);
+-		ctxt->instate = state;
++		if (ctxt->instate != XML_PARSER_EOF)
++		    ctxt->instate = state;
+ 		return;
+ 	    }
+ 	    buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
+@@ -5029,7 +5029,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ 	} else {
+ 	    xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
+ 	}
+-	ctxt->instate = state;
++	if (ctxt->instate != XML_PARSER_EOF)
++	    ctxt->instate = state;
+     }
+ }
+ 
+@@ -6992,6 +6993,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
  		    ent->owner = 1;
  		    while (list != NULL) {
  			list->parent = (xmlNodePtr) ent;
@@ -41,3 +62,32 @@ $NetBSD: patch-al,v 1.1.8.1 2012/01/13 13:10:42 tron Exp $
  			if (list->next == NULL)
  			    ent->last = list;
  			list = list->next;
+@@ -9588,6 +9590,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
+     else
+ 	name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++    if (ctxt->instate == XML_PARSER_EOF)
++	return;
+     if (name == NULL) {
+ 	spacePop(ctxt);
+         return;
+@@ -10967,6 +10971,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctx
+ 		else
+ 		    name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++		if (ctxt->instate == XML_PARSER_EOF)
++		    goto done;
+ 		if (name == NULL) {
+ 		    spacePop(ctxt);
+ 		    ctxt->instate = XML_PARSER_EOF;
+@@ -11153,7 +11159,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctx
+ 		  else
+ 		    xmlParseEndTag1(ctxt, 0);
+ #endif /* LIBXML_SAX1_ENABLED */
+-		if (ctxt->nameNr == 0) {
++		if (ctxt->instate == XML_PARSER_EOF) {
++		    /* Nothing */
++		} else if (ctxt->nameNr == 0) {
+ 		    ctxt->instate = XML_PARSER_EPILOG;
+ 		} else {
+ 		    ctxt->instate = XML_PARSER_CONTENT;
author	sbd <sbd@pkgsrc.org>	2012-01-19 06:07:36 +0000
committer	sbd <sbd@pkgsrc.org>	2012-01-19 06:07:36 +0000
commit	adb06b61ae0c4a6792c6b5f3bc8836ba892256da (patch)
tree	e64d7d1946634a1870446a2ed4f2775483115490
parent	1afb3c9ab782fc42535bce183751ad829f046ec1 (diff)
download	pkgsrc-adb06b61ae0c4a6792c6b5f3bc8836ba892256da.tar.gz