add patch from upstream to fix Multiple Use-After-Free Vulnerabilities

(no CVE# assigned yet) bump PKGREV
author: drochner <drochner> 2013-04-18 10:17:42 +0000
committer: drochner <drochner> 2013-04-18 10:17:42 +0000
commit: 7fa8285c18c892911f254ba2a0a156e306706c00 (patch)
tree: 4eb78cedef57fc08e34b8a82de6042cc6d1f4328 /textproc/libxml2
parent: ce3f9f6586af2ae746e3729c946a565223710a3e (diff)
download: pkgsrc-7fa8285c18c892911f254ba2a0a156e306706c00.tar.gz
4 files changed, 75 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index bc38270350e..040f69e0108 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.123 2013/03/08 23:59:31 tez Exp $
+# $NetBSD: Makefile,v 1.124 2013/04/18 10:17:42 drochner Exp $
 
 DISTNAME=	libxml2-2.9.0
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index eeacb3976be..b0a729c832b 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.98 2013/03/08 23:59:31 tez Exp $
+$NetBSD: distinfo,v 1.99 2013/04/18 10:17:42 drochner Exp $
 
 SHA1 (libxml2-2.9.0.tar.gz) = a43d7c0a8e463ac5a7846254f2a732a9af146fab
 RMD160 (libxml2-2.9.0.tar.gz) = d025639320bb34adbc45a43f46354190f6bbb7b5
 Size (libxml2-2.9.0.tar.gz) = 5161069 bytes
 SHA1 (patch-CVE-2012-5134) = 22caaed2b03334d42253b2b1c5a43473e6c8b4dc
 SHA1 (patch-CVE-2013-0338-CVE-2013-0339) = d9eb3fe147dff5afd6920d818e5f982505e0663f
+SHA1 (patch-SA53061_1) = 388ab6c360d8ff7468316960f3ca10182be638a8
+SHA1 (patch-SA53061_2) = c6a61235f0fcb6a00677a3582450700281eaa3ed
 SHA1 (patch-aa) = 6fcfb2e1ac374a7a047ee188a61ef218106ee54a
 SHA1 (patch-ab) = 8a7a5ae0c9d129826485c74f29cf4de3199212e7
 SHA1 (patch-ac) = 101cd554fd22e8e9817e21591240eb784b1219b5
diff --git a/textproc/libxml2/patches/patch-SA53061_1 b/textproc/libxml2/patches/patch-SA53061_1
new file mode 100644
index 00000000000..bb25f5550f5
--- /dev/null
+++ b/textproc/libxml2/patches/patch-SA53061_1
@@ -0,0 +1,23 @@
+$NetBSD$
+
+upstream commit de0cc20c29cb3f056062925395e0f68d2250a46f
+
+--- HTMLparser.c.orig	2012-09-11 04:23:25.000000000 +0000
++++ HTMLparser.c
+@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, c
+ 	    if ((in->encoder != NULL) && (in->buffer != NULL) &&
+ 		    (in->raw != NULL)) {
+ 		int nbchars;
++		size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
++		size_t current = ctxt->input->cur - ctxt->input->base;
+ 
+ 		nbchars = xmlCharEncInput(in);
+ 		if (nbchars < 0) {
+@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, c
+ 			         "encoder error\n", NULL, NULL);
+ 		    return(XML_ERR_INVALID_ENCODING);
+ 		}
++		xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
+ 	    }
+ 	}
+     }
diff --git a/textproc/libxml2/patches/patch-SA53061_2 b/textproc/libxml2/patches/patch-SA53061_2
new file mode 100644
index 00000000000..cf3618bdd5f
--- /dev/null
+++ b/textproc/libxml2/patches/patch-SA53061_2
@@ -0,0 +1,47 @@
+$NetBSD: patch-SA53061_2,v 1.1 2013/04/18 10:17:42 drochner Exp $
+
+upstream commit de0cc20c29cb3f056062925395e0f68d2250a46f
+
+--- parser.c.orig	2013-04-18 10:04:15.000000000 +0000
++++ parser.c
+@@ -12156,7 +12156,7 @@ xmldecl_done:
+                 remain = 0;
+             }
+         }
+-	res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
++	res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
+ 	if (res < 0) {
+ 	    ctxt->errNo = XML_PARSER_EOF;
+ 	    ctxt->disableSAX = 1;
+@@ -12173,6 +12173,8 @@ xmldecl_done:
+ 	    if ((in->encoder != NULL) && (in->buffer != NULL) &&
+ 		    (in->raw != NULL)) {
+ 		int nbchars;
++		size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
++		size_t current = ctxt->input->cur - ctxt->input->base;
+ 
+ 		nbchars = xmlCharEncInput(in);
+ 		if (nbchars < 0) {
+@@ -12181,6 +12183,7 @@ xmldecl_done:
+ 				    "xmlParseChunk: encoder error\n");
+ 		    return(XML_ERR_INVALID_ENCODING);
+ 		}
++		xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
+ 	    }
+ 	}
+     }
+@@ -12220,7 +12223,14 @@ xmldecl_done:
+     }
+     if ((end_in_lf == 1) && (ctxt->input != NULL) &&
+         (ctxt->input->buf != NULL)) {
++	size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer,
++					 ctxt->input);
++	size_t current = ctxt->input->cur - ctxt->input->base;
++
+ 	xmlParserInputBufferPush(ctxt->input->buf, 1, "\r");
++
++	xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input,
++			      base, current);
+     }
+     if (terminate) {
+ 	/*
author	drochner <drochner>	2013-04-18 10:17:42 +0000
committer	drochner <drochner>	2013-04-18 10:17:42 +0000
commit	7fa8285c18c892911f254ba2a0a156e306706c00 (patch)
tree	4eb78cedef57fc08e34b8a82de6042cc6d1f4328 /textproc/libxml2
parent	ce3f9f6586af2ae746e3729c946a565223710a3e (diff)
download	pkgsrc-7fa8285c18c892911f254ba2a0a156e306706c00.tar.gz