Add a patch to fix CVE-2009-2414 and CVE-2009-2616,

taken from openSUSE 10.3 libxml-CVE-2009-2414_CVE-2009-2616.patch.

Bump PKGREVISION.

3 files changed, 85 insertions, 3 deletions

diff --git a/textproc/libxml/Makefile b/textproc/libxml/Makefile
index f42fa95a929..b28debddc40 100644
--- a/textproc/libxml/Makefile
+++ b/textproc/libxml/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2008/07/14 12:56:13 joerg Exp $
+# $NetBSD: Makefile,v 1.40 2011/09/01 14:29:04 obache Exp $
 #
 
 DISTNAME=		libxml-1.8.17
-PKGREVISION=		3
+PKGREVISION=		4
 CATEGORIES=		textproc devel lang gnome
 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/libxml/1.8/}
 
diff --git a/textproc/libxml/distinfo b/textproc/libxml/distinfo
index 9f27e27377c..7022119ef19 100644
--- a/textproc/libxml/distinfo
+++ b/textproc/libxml/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/02/24 14:48:44 agc Exp $
+$NetBSD: distinfo,v 1.11 2011/09/01 14:29:05 obache Exp $
 
 SHA1 (libxml-1.8.17.tar.gz) = ebe7b76bb2b62c882000c1a846a6f8f8346e3bb4
 RMD160 (libxml-1.8.17.tar.gz) = 3d01879e6e5a38f4453d009ea8bd2d2fc9e86bcc
@@ -8,3 +8,4 @@ SHA1 (patch-ab) = 6c72ef59fe094ddbb4901b0f35eb681a4d0b4ff2
 SHA1 (patch-ac) = b94818200397d6c6457053fa5fe02a6049d52c44
 SHA1 (patch-ad) = 1513deb92711d9b17114ce4a00d9d5f1714234d3
 SHA1 (patch-ae) = 7f3f56ff649f3718b855da9a2d8e6f64dee95086
+SHA1 (patch-parser.c) = 23f69d3f7bf97cbfea51f5ca435064f8d423132e
diff --git a/textproc/libxml/patches/patch-parser.c b/textproc/libxml/patches/patch-parser.c
new file mode 100644
index 00000000000..59d8af39228
--- /dev/null
+++ b/textproc/libxml/patches/patch-parser.c
@@ -0,0 +1,81 @@
+$NetBSD: patch-parser.c,v 1.1 2011/09/01 14:29:05 obache Exp $
+
+* fixes CVE-2009-2414 and CVE-2009-2616.
+
+--- parser.c.orig	2001-09-14 14:09:41.000000000 +0000
++++ parser.c
+@@ -5164,11 +5164,15 @@ xmlParseNotationType(xmlParserCtxtPtr ct
+ 		                 "Name expected in NOTATION declaration\n");
+ 	    ctxt->wellFormed = 0;
+ 	    ctxt->disableSAX = 1;
+-	    return(ret);
++	    xmlFreeEnumeration(ret);
++	    return(NULL);
+ 	}
+ 	cur = xmlCreateEnumeration(name);
+ 	xmlFree(name);
+-	if (cur == NULL) return(ret);
++	if (cur == NULL) {
++	    xmlFreeEnumeration(ret);
++	    return(NULL);
++	}
+ 	if (last == NULL) ret = last = cur;
+ 	else {
+ 	    last->next = cur;
+@@ -5183,9 +5187,8 @@ xmlParseNotationType(xmlParserCtxtPtr ct
+ 	                     "')' required to finish NOTATION declaration\n");
+ 	ctxt->wellFormed = 0;
+ 	ctxt->disableSAX = 1;
+-	if ((last != NULL) && (last != ret))
+-	    xmlFreeEnumeration(last);
+-	return(ret);
++	xmlFreeEnumeration(ret);
++	return(NULL);
+     }
+     NEXT;
+     return(ret);
+@@ -5236,7 +5239,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr
+ 	}
+ 	cur = xmlCreateEnumeration(name);
+ 	xmlFree(name);
+-	if (cur == NULL) return(ret);
++	if (cur == NULL) {
++	    xmlFreeEnumeration(ret);
++	    return(NULL);
++	}
+ 	if (last == NULL) ret = last = cur;
+ 	else {
+ 	    last->next = cur;
+@@ -5715,13 +5721,22 @@ xmlParseElementChildrenContentDecl
+     xmlChar *elem;
+     xmlChar type = 0;
+ 
++    if (ctxt->depth > 128) {
++	ctxt->sax->error(ctxt->userData,
++		"xmlParseElementChildrenContentDecl : depth %d too deep\n",
++		ctxt->depth);
++	return(NULL);
++    }
++
+     SKIP_BLANKS;
+     GROW;
+     if (RAW == '(') {
+         /* Recurse on first child */
+ 	NEXT;
+ 	SKIP_BLANKS;
++	ctxt->depth++;
+         cur = ret = xmlParseElementChildrenContentDecl(ctxt);
++	ctxt->depth--;
+ 	SKIP_BLANKS;
+ 	GROW;
+     } else {
+@@ -5865,7 +5880,9 @@ xmlParseElementChildrenContentDecl
+ 	    /* Recurse on second child */
+ 	    NEXT;
+ 	    SKIP_BLANKS;
++	    ctxt->depth++;
+ 	    last = xmlParseElementChildrenContentDecl(ctxt);
++	    ctxt->depth--;
+ 	    SKIP_BLANKS;
+ 	} else {
+ 	    elem = xmlParseNameComplex(ctxt);