diff options
| author | sbd <sbd> | 2011-06-11 05:11:54 +0000 |
|---|---|---|
| committer | sbd <sbd> | 2011-06-11 05:11:54 +0000 |
| commit | 10113870dfd53c0ac8e69dadce5b0fa949e8d9af (patch) | |
| tree | 203eee3c2ae1e2b12a0a17c619d99c450d9f027d | |
| parent | 1861f913f627ee2561f3ca8dd9a6f861cf5b20bb (diff) | |
| download | pkgsrc-10113870dfd53c0ac8e69dadce5b0fa949e8d9af.tar.gz | |
Pullup ticket #3451 - requested by tron
textproc/libxml2 security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.109
- textproc/libxml2/distinfo 1.83
- textproc/libxml2/patches/patch-ak 1.2
- textproc/libxml2/patches/patch-al 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jun 6 12:09:01 UTC 2011
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-ak
Added Files:
pkgsrc/textproc/libxml2/patches: patch-al
Log Message:
addmore patches from upstream:
-fix more potential problems on reallocation failures (CVE-2011-1944)
-Fix memory corruption
also replace an error handling which doesn't recover from
integer overflow
bump PKGREV
| -rw-r--r-- | textproc/libxml2/Makefile | 4 | ||||
| -rw-r--r-- | textproc/libxml2/distinfo | 5 | ||||
| -rw-r--r-- | textproc/libxml2/patches/patch-ak | 122 | ||||
| -rw-r--r-- | textproc/libxml2/patches/patch-al | 14 |
4 files changed, 137 insertions, 8 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 8c24bff0cae..42a96a5cd5c 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.108 2011/02/28 14:53:04 wiz Exp $ +# $NetBSD: Makefile,v 1.108.2.1 2011/06/11 05:11:54 sbd Exp $ DISTNAME= libxml2-2.7.8 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 1e9123a3cbf..591cd1dad72 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.82 2011/01/03 12:17:43 drochner Exp $ +$NetBSD: distinfo,v 1.82.4.1 2011/06/11 05:11:54 sbd Exp $ SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40 RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47 @@ -10,4 +10,5 @@ SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4 -SHA1 (patch-ak) = 7cec0f12a89087df91c0e1d84400a6b91df56211 +SHA1 (patch-ak) = 73796d55e21d6b7dae79ac1a2abee4bc64116dbc +SHA1 (patch-al) = e5be144291a46c1b5e9720ac9d02c1fb00c6ea20 diff --git a/textproc/libxml2/patches/patch-ak b/textproc/libxml2/patches/patch-ak index ad6cb3708b2..a54dcd93b5c 100644 --- a/textproc/libxml2/patches/patch-ak +++ b/textproc/libxml2/patches/patch-ak @@ -1,12 +1,45 @@ -$NetBSD: patch-ak,v 1.1 2011/01/03 12:17:43 drochner Exp $ +$NetBSD: patch-ak,v 1.1.4.1 2011/06/11 05:11:54 sbd Exp $ from gnome git: --fix realloc bug +-fix realloc bugs (CVE-2011-1944) -fix CVE-2010-4494 / SA42721 --- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000 +++ xpath.c -@@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm +@@ -722,14 +722,13 @@ xmlXPathCompExprAdd(xmlXPathCompExprPtr + if (comp->nbStep >= comp->maxStep) { + xmlXPathStepOp *real; + +- comp->maxStep *= 2; + real = (xmlXPathStepOp *) xmlRealloc(comp->steps, +- comp->maxStep * sizeof(xmlXPathStepOp)); ++ comp->maxStep * 2 * sizeof(xmlXPathStepOp)); + if (real == NULL) { +- comp->maxStep /= 2; + xmlXPathErrMemory(NULL, "adding step\n"); + return(-1); + } ++ comp->maxStep *= 2; + comp->steps = real; + } + comp->last = comp->nbStep; +@@ -3522,13 +3521,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } ++ cur->nodeMax *= 2; + cur->nodeTab = temp; + } + cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns); +@@ -3575,13 +3574,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm } else if (cur->nodeNr == cur->nodeMax) { xmlNodePtr *temp; @@ -22,7 +55,88 @@ from gnome git: cur->nodeTab = temp; } if (val->type == XML_NAMESPACE_DECL) { -@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm +@@ -3627,14 +3626,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } + cur->nodeTab = temp; ++ cur->nodeMax *= 2; + } + if (val->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) val; +@@ -3738,13 +3737,13 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, + } else if (val1->nodeNr == val1->nodeMax) { + xmlNodePtr *temp; + +- val1->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } ++ val1->nodeMax *= 2; + val1->nodeTab = temp; + } + if (n2->type == XML_NAMESPACE_DECL) { +@@ -3800,13 +3799,13 @@ xmlXPathNodeSetMergeUnique(xmlNodeSetPtr + } else if (val1->nodeNr == val1->nodeMax) { + xmlNodePtr *temp; + +- val1->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } ++ val1->nodeMax *= 2; + val1->nodeTab = temp; + } + if (val2->nodeTab[i]->type == XML_NAMESPACE_DECL) { +@@ -3907,13 +3906,13 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } ++ set1->nodeMax *= 2; + set1->nodeTab = temp; + } + if (n2->type == XML_NAMESPACE_DECL) { +@@ -3991,13 +3990,13 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } ++ set1->nodeMax *= 2; + set1->nodeTab = temp; + } + set1->nodeTab[set1->nodeNr++] = n2; +@@ -11763,11 +11762,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { xmlXPathObjectPtr tmp; diff --git a/textproc/libxml2/patches/patch-al b/textproc/libxml2/patches/patch-al new file mode 100644 index 00000000000..438085b8e91 --- /dev/null +++ b/textproc/libxml2/patches/patch-al @@ -0,0 +1,14 @@ +$NetBSD: patch-al,v 1.1.2.2 2011/06/11 05:11:54 sbd Exp $ + +from gnome git: Fix memory corruption + +--- parser.c.orig 2010-11-04 15:55:45.000000000 +0000 ++++ parser.c +@@ -6992,6 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) + ent->owner = 1; + while (list != NULL) { + list->parent = (xmlNodePtr) ent; ++ xmlSetTreeDoc(list, ent->doc); + if (list->next == NULL) + ent->last = list; + list = list->next; |