diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2016-12-28 17:14:20 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2016-12-28 17:14:20 +0000 |
commit | cf13894f196ecc0d510f201da10e960b92e3fbf1 (patch) | |
tree | 09563c5e2482f00010ac6ce8f87d72fb9d8ba941 /textproc/libxml2/patches/patch-xpointer.c | |
parent | 9606a53ef5334d52a848b4b1e8feeb5cf0550b1c (diff) | |
download | pkgsrc-cf13894f196ecc0d510f201da10e960b92e3fbf1.tar.gz |
Pullup ticket #5175 - requested by sevan
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile.common 1.4
- textproc/libxml2/distinfo 1.114
- textproc/libxml2/patches/patch-result_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-test_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-xpath.c 1.1
- textproc/libxml2/patches/patch-xpointer.c 1.4
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Dec 27 02:34:34 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase
patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c
Log Message:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
Diffstat (limited to 'textproc/libxml2/patches/patch-xpointer.c')
-rw-r--r-- | textproc/libxml2/patches/patch-xpointer.c | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c new file mode 100644 index 00000000000..da3d7be8f7c --- /dev/null +++ b/textproc/libxml2/patches/patch-xpointer.c @@ -0,0 +1,102 @@ +$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $ + +CVE-2016-4658 +https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b + +CVE-2016-5131 +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + +--- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000 ++++ xpointer.c +@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode + ret->here = here; + ret->origin = origin; + +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", +- xmlXPtrRangeToFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range", + xmlXPtrRangeFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", +@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse + * @nargs: the number of args + * + * Implement the range-to() XPointer function ++ * ++ * Obsolete. range-to is not a real function but a special type of location ++ * step which is handled in xpath.c. + */ + void +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { +- xmlXPathObjectPtr range; +- const xmlChar *cur; +- xmlXPathObjectPtr res, obj; +- xmlXPathObjectPtr tmp; +- xmlLocationSetPtr newset = NULL; +- xmlNodeSetPtr oldset; +- int i; +- +- if (ctxt == NULL) return; +- CHECK_ARITY(1); +- /* +- * Save the expression pointer since we will have to evaluate +- * it multiple times. Initialize the new set. +- */ +- CHECK_TYPE(XPATH_NODESET); +- obj = valuePop(ctxt); +- oldset = obj->nodesetval; +- ctxt->context->node = NULL; +- +- cur = ctxt->cur; +- newset = xmlXPtrLocationSetCreate(NULL); +- +- for (i = 0; i < oldset->nodeNr; i++) { +- ctxt->cur = cur; +- +- /* +- * Run the evaluation with a node list made of a single item +- * in the nodeset. +- */ +- ctxt->context->node = oldset->nodeTab[i]; +- tmp = xmlXPathNewNodeSet(ctxt->context->node); +- valuePush(ctxt, tmp); +- +- xmlXPathEvalExpr(ctxt); +- CHECK_ERROR; +- +- /* +- * The result of the evaluation need to be tested to +- * decided whether the filter succeeded or not +- */ +- res = valuePop(ctxt); +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); +- if (range != NULL) { +- xmlXPtrLocationSetAdd(newset, range); +- } +- +- /* +- * Cleanup +- */ +- if (res != NULL) +- xmlXPathFreeObject(res); +- if (ctxt->value == tmp) { +- res = valuePop(ctxt); +- xmlXPathFreeObject(res); +- } +- +- ctxt->context->node = NULL; +- } +- +- /* +- * The result is used as the new evaluation set. +- */ +- xmlXPathFreeObject(obj); +- ctxt->context->node = NULL; +- ctxt->context->contextSize = -1; +- ctxt->context->proximityPosition = -1; +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, ++ int nargs ATTRIBUTE_UNUSED) { ++ XP_ERROR(XPATH_EXPR_ERROR); + } + + /** |