summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsevan <sevan@pkgsrc.org>2016-11-30 14:46:22 +0000
committersevan <sevan@pkgsrc.org>2016-11-30 14:46:22 +0000
commit4c2633d35f2fac4984a33829dc0efd4a9b479b1b (patch)
tree4f62cec39c2b0a62643e14cedb5494ce55b370e4
parent71f5978fdc5303cc32886e865e8c10e9214a682b (diff)
downloadpkgsrc-4c2633d35f2fac4984a33829dc0efd4a9b479b1b.tar.gz
Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.
-rw-r--r--textproc/libxml2/Makefile.common3
-rw-r--r--textproc/libxml2/distinfo3
-rw-r--r--textproc/libxml2/patches/patch-parseInternals.c18
3 files changed, 22 insertions, 2 deletions
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common
index 5e32f974df6..af287081af7 100644
--- a/textproc/libxml2/Makefile.common
+++ b/textproc/libxml2/Makefile.common
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2 2016/05/28 06:47:51 wiz Exp $
+# $NetBSD: Makefile.common,v 1.3 2016/11/30 14:46:22 sevan Exp $
#
# used by textproc/libxml2/Makefile
# used by textproc/py-libxml2/Makefile
DISTNAME= libxml2-2.9.4
+PKGREVISION= 1
CATEGORIES= textproc
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 6c366152326..9e85ad43f49 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.112 2016/05/25 07:16:36 he Exp $
+$NetBSD: distinfo,v 1.113 2016/11/30 14:46:22 sevan Exp $
SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -10,6 +10,7 @@ SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621
SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
+SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
diff --git a/textproc/libxml2/patches/patch-parseInternals.c b/textproc/libxml2/patches/patch-parseInternals.c
new file mode 100644
index 00000000000..c14ab3d4333
--- /dev/null
+++ b/textproc/libxml2/patches/patch-parseInternals.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-parseInternals.c,v 1.1 2016/11/30 14:46:22 sevan Exp $
+
+CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
+
+--- parserInternals.c.orig 2016-11-30 14:35:55.000000000 +0000
++++ parserInternals.c
+@@ -1438,6 +1438,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr
+ break;
+ case XML_EXTERNAL_GENERAL_PARSED_ENTITY:
+ case XML_EXTERNAL_PARAMETER_ENTITY:
++ if (((ctxt->options & XML_PARSE_NOENT) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDVALID) == 0)) {
++ xmlErrInternal(ctxt, "xmlNewEntityInputStream will not read content for external entity\n",
++ NULL);
++ }
+ return(xmlLoadExternalEntity((char *) entity->URI,
+ (char *) entity->ExternalID, ctxt));
+ case XML_INTERNAL_GENERAL_ENTITY: