Pullup ticket #5478 - requested by sevan

textproc/libxml2: security fix Revisions pulled up: - textproc/libxml2/Makefile 1.144 - textproc/libxml2/distinfo 1.115 - textproc/libxml2/patches/patch-valid.c 1.1 --- Module Name: pkgsrc Committed By: maya Date: Sun Jun 11 04:40:53 UTC 2017 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo Added Files: pkgsrc/textproc/libxml2/patches: patch-valid.c Log Message: libxml2: Apply upstream patch for CVE-2017-5969. (Minor issue, only a denial-of-service when using recover mode) bump PKGREVISION
author: bsiegert <bsiegert@pkgsrc.org> 2017-06-21 18:17:36 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2017-06-21 18:17:36 +0000
commit: 1315fd13c2f0e485d325fd82f01a7dc7e0f5f5bf (patch)
tree: 6e39e72fd62ea682b94424f9df58aa2777e4bf13 /textproc/libxml2
parent: 92f97f81789559fa3fdb769150dc9adf78153585 (diff)
download: pkgsrc-1315fd13c2f0e485d325fd82f01a7dc7e0f5f5bf.tar.gz
3 files changed, 59 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 25c099685b9..d7adf37511b 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.143 2016/12/30 02:17:48 dholland Exp $
+# $NetBSD: Makefile,v 1.143.2.1 2017/06/21 18:17:36 bsiegert Exp $
 
 .include "../../textproc/libxml2/Makefile.common"
 
-PKGREVISION=	2
+PKGREVISION=	3
 
 COMMENT=	XML parser library from the GNOME project
 LICENSE=	modified-bsd
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index e3861c06363..4f7ade59986 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $
+$NetBSD: distinfo,v 1.114.4.1 2017/06/21 18:17:36 bsiegert Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -16,6 +16,7 @@ SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
 SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
+SHA1 (patch-valid.c) = e6ff3a9aed6b985fcc69d214efa953a90a055d6b
 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
 SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
 SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff --git a/textproc/libxml2/patches/patch-valid.c b/textproc/libxml2/patches/patch-valid.c
new file mode 100644
index 00000000000..aef99af4a8e
--- /dev/null
+++ b/textproc/libxml2/patches/patch-valid.c
@@ -0,0 +1,55 @@
+$NetBSD: patch-valid.c,v 1.2.2.2 2017/06/21 18:17:36 bsiegert Exp $
+
+Upstream commit by Daniel Veillard
+
+Fix NULL pointer deref in xmlDumpElementContent
+Can only be triggered in recovery mode.
+Fixes bug 758422 (CVE-2017-5969).
+
+
+--- valid.c.orig	2016-05-23 07:25:25.000000000 +0000
++++ valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, 
+ 	    xmlBufferWriteCHAR(buf, content->name);
+ 	    break;
+ 	case XML_ELEMENT_CONTENT_SEQ:
+-	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	    if ((content->c1 != NULL) &&
++	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " , ");
+-	    if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+-	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	    if ((content->c2 != NULL) &&
++	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++	         ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c2, 0);
+ 	    break;
+ 	case XML_ELEMENT_CONTENT_OR:
+-	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	    if ((content->c1 != NULL) &&
++	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " | ");
+-	    if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+-	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	    if ((content->c2 != NULL) &&
++	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++	         ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	    else
+ 		xmlDumpElementContent(buf, content->c2, 0);
author	bsiegert <bsiegert@pkgsrc.org>	2017-06-21 18:17:36 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2017-06-21 18:17:36 +0000
commit	1315fd13c2f0e485d325fd82f01a7dc7e0f5f5bf (patch)
tree	6e39e72fd62ea682b94424f9df58aa2777e4bf13 /textproc/libxml2
parent	92f97f81789559fa3fdb769150dc9adf78153585 (diff)
download	pkgsrc-1315fd13c2f0e485d325fd82f01a7dc7e0f5f5bf.tar.gz