diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2016-12-04 15:40:22 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2016-12-04 15:40:22 +0000 |
| commit | e30c0d8101d4d6b23aa1bfba44ba43aae86a2efc (patch) | |
| tree | a690b05f133262043ab37aa1975639c05b4be993 | |
| parent | 5a4d935c0b5b8444fd2801b9292275bafc4f05f6 (diff) | |
| download | pkgsrc-e30c0d8101d4d6b23aa1bfba44ba43aae86a2efc.tar.gz | |
Pullup ticket #5168 - requested by sevan
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile.common 1.3
- textproc/libxml2/distinfo 1.113
- textproc/libxml2/patches/patch-parseInternals.c 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Wed Nov 30 14:46:22 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-parseInternals.c
Log Message:
Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.
| -rw-r--r-- | textproc/libxml2/Makefile.common | 3 | ||||
| -rw-r--r-- | textproc/libxml2/distinfo | 3 | ||||
| -rw-r--r-- | textproc/libxml2/patches/patch-parseInternals.c | 18 |
3 files changed, 22 insertions, 2 deletions
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common index 5e32f974df6..535f3d529d7 100644 --- a/textproc/libxml2/Makefile.common +++ b/textproc/libxml2/Makefile.common @@ -1,9 +1,10 @@ -# $NetBSD: Makefile.common,v 1.2 2016/05/28 06:47:51 wiz Exp $ +# $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $ # # used by textproc/libxml2/Makefile # used by textproc/py-libxml2/Makefile DISTNAME= libxml2-2.9.4 +PKGREVISION= 1 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 6c366152326..f6f1e6660e5 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.112 2016/05/25 07:16:36 he Exp $ +$NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $ SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 @@ -10,6 +10,7 @@ SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621 SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 +SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 diff --git a/textproc/libxml2/patches/patch-parseInternals.c b/textproc/libxml2/patches/patch-parseInternals.c new file mode 100644 index 00000000000..bb300189073 --- /dev/null +++ b/textproc/libxml2/patches/patch-parseInternals.c @@ -0,0 +1,18 @@ +$NetBSD: patch-parseInternals.c,v 1.1.2.2 2016/12/04 15:40:22 bsiegert Exp $ + +CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726 + +--- parserInternals.c.orig 2016-11-30 14:35:55.000000000 +0000 ++++ parserInternals.c +@@ -1438,6 +1438,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr + break; + case XML_EXTERNAL_GENERAL_PARSED_ENTITY: + case XML_EXTERNAL_PARAMETER_ENTITY: ++ if (((ctxt->options & XML_PARSE_NOENT) == 0) && ++ ((ctxt->options & XML_PARSE_DTDVALID) == 0)) { ++ xmlErrInternal(ctxt, "xmlNewEntityInputStream will not read content for external entity\n", ++ NULL); ++ } + return(xmlLoadExternalEntity((char *) entity->URI, + (char *) entity->ExternalID, ctxt)); + case XML_INTERNAL_GENERAL_ENTITY: |