diff options
| author | maya <maya@pkgsrc.org> | 2017-06-11 04:40:53 +0000 |
|---|---|---|
| committer | maya <maya@pkgsrc.org> | 2017-06-11 04:40:53 +0000 |
| commit | 98505069e34a56661d83c73a92b3f776047ffef2 (patch) | |
| tree | 64768395a388a0cd8f884967f6e20d80bc6ec5e0 /textproc | |
| parent | 6a6b94bf24e703cb6b4fd2abbf8985c1ed29fe6b (diff) | |
| download | pkgsrc-98505069e34a56661d83c73a92b3f776047ffef2.tar.gz | |
libxml2: Apply upstream patch for CVE-2017-5969.
(Minor issue, only a denial-of-service when using recover mode)
bump PKGREVISION
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/libxml2/Makefile | 4 | ||||
| -rw-r--r-- | textproc/libxml2/distinfo | 3 | ||||
| -rw-r--r-- | textproc/libxml2/patches/patch-valid.c | 55 |
3 files changed, 59 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 25c099685b9..e0a7b47d0d0 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.143 2016/12/30 02:17:48 dholland Exp $ +# $NetBSD: Makefile,v 1.144 2017/06/11 04:40:53 maya Exp $ .include "../../textproc/libxml2/Makefile.common" -PKGREVISION= 2 +PKGREVISION= 3 COMMENT= XML parser library from the GNOME project LICENSE= modified-bsd diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index e3861c06363..5fcd2e272f9 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $ +$NetBSD: distinfo,v 1.115 2017/06/11 04:40:53 maya Exp $ SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 @@ -16,6 +16,7 @@ SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 +SHA1 (patch-valid.c) = e6ff3a9aed6b985fcc69d214efa953a90a055d6b SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00 SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032 diff --git a/textproc/libxml2/patches/patch-valid.c b/textproc/libxml2/patches/patch-valid.c new file mode 100644 index 00000000000..d7a04e4778a --- /dev/null +++ b/textproc/libxml2/patches/patch-valid.c @@ -0,0 +1,55 @@ +$NetBSD: patch-valid.c,v 1.1 2017/06/11 04:40:53 maya Exp $ + +Upstream commit by Daniel Veillard + +Fix NULL pointer deref in xmlDumpElementContent +Can only be triggered in recovery mode. +Fixes bug 758422 (CVE-2017-5969). + + +--- valid.c.orig 2016-05-23 07:25:25.000000000 +0000 ++++ valid.c +@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, + xmlBufferWriteCHAR(buf, content->name); + break; + case XML_ELEMENT_CONTENT_SEQ: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " , "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || +- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); + break; + case XML_ELEMENT_CONTENT_OR: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " | "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || +- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); |