diff options
| author | drochner <drochner@pkgsrc.org> | 2011-01-03 12:17:43 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-01-03 12:17:43 +0000 |
| commit | f344d28b5ed196848d6dc84e7149a74cb2344a1e (patch) | |
| tree | 51c66e6986e53707d5df5cedace2f88c18d774b8 /textproc | |
| parent | a91545595d010648f6457df806880e2d89c85fde (diff) | |
| download | pkgsrc-f344d28b5ed196848d6dc84e7149a74cb2344a1e.tar.gz | |
add 3 patches from gnome git:
-fix realloc error handling bug
-fix potential double free (CVE-2010-4494 / SA42721)
bump PKGREVISION
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/libxml2/Makefile | 4 | ||||
| -rw-r--r-- | textproc/libxml2/distinfo | 3 | ||||
| -rw-r--r-- | textproc/libxml2/patches/patch-ak | 45 |
3 files changed, 49 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index e6bc62277e4..53cf0c6c42b 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.106 2010/11/26 13:43:24 drochner Exp $ +# $NetBSD: Makefile,v 1.107 2011/01/03 12:17:43 drochner Exp $ DISTNAME= libxml2-2.7.8 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index f1e50b62f38..1e9123a3cbf 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.81 2010/11/26 13:43:24 drochner Exp $ +$NetBSD: distinfo,v 1.82 2011/01/03 12:17:43 drochner Exp $ SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40 RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47 @@ -10,3 +10,4 @@ SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4 +SHA1 (patch-ak) = 7cec0f12a89087df91c0e1d84400a6b91df56211 diff --git a/textproc/libxml2/patches/patch-ak b/textproc/libxml2/patches/patch-ak new file mode 100644 index 00000000000..ad6cb3708b2 --- /dev/null +++ b/textproc/libxml2/patches/patch-ak @@ -0,0 +1,45 @@ +$NetBSD: patch-ak,v 1.1 2011/01/03 12:17:43 drochner Exp $ + +from gnome git: +-fix realloc bug +-fix CVE-2010-4494 / SA42721 + +--- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000 ++++ xpath.c +@@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } ++ cur->nodeMax *= 2; + cur->nodeTab = temp; + } + if (val->type == XML_NAMESPACE_DECL) { +@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { + xmlXPathObjectPtr tmp; +- /* pop the result */ ++ /* pop the result if any */ + tmp = valuePop(ctxt); +- xmlXPathReleaseObject(xpctxt, tmp); +- /* then pop off contextObj, which will be freed later */ +- valuePop(ctxt); ++ if (tmp != contextObj) { ++ /* ++ * Free up the result ++ * then pop off contextObj, which will be freed later ++ */ ++ xmlXPathReleaseObject(xpctxt, tmp); ++ valuePop(ctxt); ++ } + goto evaluation_error; + } + |