diff options
author | tron <tron@pkgsrc.org> | 2009-08-26 10:20:57 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2009-08-26 10:20:57 +0000 |
commit | 14a249445e4959880afd1bb942b6cf86755a72c0 (patch) | |
tree | 612db07b9e796f831d4a790d6b1cc1414c4cda86 /textproc | |
parent | a6bcba5aee89ec03b1f2e2b92b6a7864234e71b6 (diff) | |
download | pkgsrc-14a249445e4959880afd1bb942b6cf86755a72c0.tar.gz |
Add patch to fix the security vulnerabilites reported in CVE-2009-2414
and CVE-2009-2416.
The patch was taken from the latest Fedora 11 "libxml2" source RPM.
Diffstat (limited to 'textproc')
-rw-r--r-- | textproc/libxml2/Makefile | 3 | ||||
-rw-r--r-- | textproc/libxml2/distinfo | 3 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-af | 162 |
3 files changed, 166 insertions, 2 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index f51b6a2a632..a750e5206e0 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.100 2009/02/21 13:58:49 wiz Exp $ +# $NetBSD: Makefile,v 1.101 2009/08/26 10:20:57 tron Exp $ DISTNAME= libxml2-2.7.3 +PKGREVISION= 1 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 9e4949baca8..0f0d778b5d6 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.71 2009/02/21 13:58:49 wiz Exp $ +$NetBSD: distinfo,v 1.72 2009/08/26 10:20:57 tron Exp $ SHA1 (libxml2-2.7.3.tar.gz) = fd4e427fb55c977876bc74c0e552ef7d3d794a07 RMD160 (libxml2-2.7.3.tar.gz) = 14018347531fd135366cee9fd9d760a1988546e2 @@ -8,3 +8,4 @@ SHA1 (patch-ab) = a8dc745539528db69bf1ccb8977a69c24fa818e3 SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8 +SHA1 (patch-af) = 6db7c8cb6f697ecf1eecb578eafdd561d9bb8dad diff --git a/textproc/libxml2/patches/patch-af b/textproc/libxml2/patches/patch-af new file mode 100644 index 00000000000..281c73ad32a --- /dev/null +++ b/textproc/libxml2/patches/patch-af @@ -0,0 +1,162 @@ +$NetBSD: patch-af,v 1.5 2009/08/26 10:20:57 tron Exp $ + +Fix for CVE-2009-2414 and CVE-2009-2416 taken from here: +http://download.fedora.redhat.com/pub/fedora/linux/updates/11/SRPMS/libxml2-2.7.3-3.fc11.src.rpm + +--- parser.c.orig 2009-01-17 13:45:35.000000000 +0000 ++++ parser.c 2009-08-26 11:06:38.000000000 +0100 +@@ -5306,7 +5306,8 @@ + if (name == NULL) { + xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED, + "Name expected in NOTATION declaration\n"); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + tmp = ret; + while (tmp != NULL) { +@@ -5322,7 +5323,10 @@ + } + if (tmp == NULL) { + cur = xmlCreateEnumeration(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5333,9 +5337,8 @@ + } while (RAW == '|'); + if (RAW != ')') { + xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL); +- if ((last != NULL) && (last != ret)) +- xmlFreeEnumeration(last); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); +@@ -5390,7 +5393,10 @@ + cur = xmlCreateEnumeration(name); + if (!xmlDictOwns(ctxt->dict, name)) + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5758,9 +5764,10 @@ + } + + /** +- * xmlParseElementChildrenContentDecl: ++ * xmlParseElementChildrenContentDeclPriv: + * @ctxt: an XML parser context + * @inputchk: the input used for the current entity, needed for boundary checks ++ * @depth: the level of recursion + * + * parse the declaration for a Mixed Element content + * The leading '(' and spaces have been skipped in xmlParseElementContentDecl +@@ -5788,12 +5795,20 @@ + * Returns the tree of xmlElementContentPtr describing the element + * hierarchy. + */ +-xmlElementContentPtr +-xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) { ++static xmlElementContentPtr ++xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, ++ int depth) { + xmlElementContentPtr ret = NULL, cur = NULL, last = NULL, op = NULL; + const xmlChar *elem; + xmlChar type = 0; + ++ if (((depth > 128) && ((ctxt->options & XML_PARSE_HUGE) == 0)) || ++ (depth > 2048)) { ++ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED, ++"xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE\n", ++ depth); ++ return(NULL); ++ } + SKIP_BLANKS; + GROW; + if (RAW == '(') { +@@ -5802,7 +5817,8 @@ + /* Recurse on first child */ + NEXT; + SKIP_BLANKS; +- cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid); ++ cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, ++ depth + 1); + SKIP_BLANKS; + GROW; + } else { +@@ -5934,7 +5950,8 @@ + /* Recurse on second child */ + NEXT; + SKIP_BLANKS; +- last = xmlParseElementChildrenContentDecl(ctxt, inputid); ++ last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, ++ depth + 1); + SKIP_BLANKS; + } else { + elem = xmlParseName(ctxt); +@@ -6045,6 +6062,44 @@ + } + + /** ++ * ++ * xmlParseElementChildrenContentDecl: ++ * @ctxt: an XML parser context ++ * @inputchk: the input used for the current entity, needed for boundary checks ++ * @depth: the level of recursion ++ * ++ * parse the declaration for a Mixed Element content ++ * The leading '(' and spaces have been skipped in xmlParseElementContentDecl ++ * ++ * [47] children ::= (choice | seq) ('?' | '*' | '+')? ++ * ++ * [48] cp ::= (Name | choice | seq) ('?' | '*' | '+')? ++ * ++ * [49] choice ::= '(' S? cp ( S? '|' S? cp )* S? ')' ++ * ++ * [50] seq ::= '(' S? cp ( S? ',' S? cp )* S? ')' ++ * ++ * [ VC: Proper Group/PE Nesting ] applies to [49] and [50] ++ * TODO Parameter-entity replacement text must be properly nested ++ * with parenthesized groups. That is to say, if either of the ++ * opening or closing parentheses in a choice, seq, or Mixed ++ * construct is contained in the replacement text for a parameter ++ * entity, both must be contained in the same replacement text. For ++ * interoperability, if a parameter-entity reference appears in a ++ * choice, seq, or Mixed construct, its replacement text should not ++ * be empty, and neither the first nor last non-blank character of ++ * the replacement text should be a connector (| or ,). ++ * ++ * Returns the tree of xmlElementContentPtr describing the element ++ * hierarchy. ++ */ ++xmlElementContentPtr ++xmlParseElementChildrenContentDecl(xmlParserCtxtPtr ctxt, int inputchk) { ++ /* stub left for API/ABI compat */ ++ return(xmlParseElementChildrenContentDeclPriv(ctxt, inputchk, 1)); ++} ++ ++/** + * xmlParseElementContentDecl: + * @ctxt: an XML parser context + * @name: the name of the element being defined. +@@ -6080,7 +6135,7 @@ + tree = xmlParseElementMixedContentDecl(ctxt, inputid); + res = XML_ELEMENT_TYPE_MIXED; + } else { +- tree = xmlParseElementChildrenContentDecl(ctxt, inputid); ++ tree = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, 1); + res = XML_ELEMENT_TYPE_ELEMENT; + } + SKIP_BLANKS; |