From 7fa8285c18c892911f254ba2a0a156e306706c00 Mon Sep 17 00:00:00 2001 From: drochner Date: Thu, 18 Apr 2013 10:17:42 +0000 Subject: add patch from upstream to fix Multiple Use-After-Free Vulnerabilities (no CVE# assigned yet) bump PKGREV --- textproc/libxml2/Makefile | 4 +-- textproc/libxml2/distinfo | 4 ++- textproc/libxml2/patches/patch-SA53061_1 | 23 ++++++++++++++++ textproc/libxml2/patches/patch-SA53061_2 | 47 ++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 textproc/libxml2/patches/patch-SA53061_1 create mode 100644 textproc/libxml2/patches/patch-SA53061_2 (limited to 'textproc/libxml2') diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index bc38270350e..040f69e0108 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.123 2013/03/08 23:59:31 tez Exp $ +# $NetBSD: Makefile,v 1.124 2013/04/18 10:17:42 drochner Exp $ DISTNAME= libxml2-2.9.0 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index eeacb3976be..b0a729c832b 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,10 +1,12 @@ -$NetBSD: distinfo,v 1.98 2013/03/08 23:59:31 tez Exp $ +$NetBSD: distinfo,v 1.99 2013/04/18 10:17:42 drochner Exp $ SHA1 (libxml2-2.9.0.tar.gz) = a43d7c0a8e463ac5a7846254f2a732a9af146fab RMD160 (libxml2-2.9.0.tar.gz) = d025639320bb34adbc45a43f46354190f6bbb7b5 Size (libxml2-2.9.0.tar.gz) = 5161069 bytes SHA1 (patch-CVE-2012-5134) = 22caaed2b03334d42253b2b1c5a43473e6c8b4dc SHA1 (patch-CVE-2013-0338-CVE-2013-0339) = d9eb3fe147dff5afd6920d818e5f982505e0663f +SHA1 (patch-SA53061_1) = 388ab6c360d8ff7468316960f3ca10182be638a8 +SHA1 (patch-SA53061_2) = c6a61235f0fcb6a00677a3582450700281eaa3ed SHA1 (patch-aa) = 6fcfb2e1ac374a7a047ee188a61ef218106ee54a SHA1 (patch-ab) = 8a7a5ae0c9d129826485c74f29cf4de3199212e7 SHA1 (patch-ac) = 101cd554fd22e8e9817e21591240eb784b1219b5 diff --git a/textproc/libxml2/patches/patch-SA53061_1 b/textproc/libxml2/patches/patch-SA53061_1 new file mode 100644 index 00000000000..bb25f5550f5 --- /dev/null +++ b/textproc/libxml2/patches/patch-SA53061_1 @@ -0,0 +1,23 @@ +$NetBSD$ + +upstream commit de0cc20c29cb3f056062925395e0f68d2250a46f + +--- HTMLparser.c.orig 2012-09-11 04:23:25.000000000 +0000 ++++ HTMLparser.c +@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, c + if ((in->encoder != NULL) && (in->buffer != NULL) && + (in->raw != NULL)) { + int nbchars; ++ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); ++ size_t current = ctxt->input->cur - ctxt->input->base; + + nbchars = xmlCharEncInput(in); + if (nbchars < 0) { +@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, c + "encoder error\n", NULL, NULL); + return(XML_ERR_INVALID_ENCODING); + } ++ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); + } + } + } diff --git a/textproc/libxml2/patches/patch-SA53061_2 b/textproc/libxml2/patches/patch-SA53061_2 new file mode 100644 index 00000000000..cf3618bdd5f --- /dev/null +++ b/textproc/libxml2/patches/patch-SA53061_2 @@ -0,0 +1,47 @@ +$NetBSD: patch-SA53061_2,v 1.1 2013/04/18 10:17:42 drochner Exp $ + +upstream commit de0cc20c29cb3f056062925395e0f68d2250a46f + +--- parser.c.orig 2013-04-18 10:04:15.000000000 +0000 ++++ parser.c +@@ -12156,7 +12156,7 @@ xmldecl_done: + remain = 0; + } + } +- res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk); ++ res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk); + if (res < 0) { + ctxt->errNo = XML_PARSER_EOF; + ctxt->disableSAX = 1; +@@ -12173,6 +12173,8 @@ xmldecl_done: + if ((in->encoder != NULL) && (in->buffer != NULL) && + (in->raw != NULL)) { + int nbchars; ++ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); ++ size_t current = ctxt->input->cur - ctxt->input->base; + + nbchars = xmlCharEncInput(in); + if (nbchars < 0) { +@@ -12181,6 +12183,7 @@ xmldecl_done: + "xmlParseChunk: encoder error\n"); + return(XML_ERR_INVALID_ENCODING); + } ++ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); + } + } + } +@@ -12220,7 +12223,14 @@ xmldecl_done: + } + if ((end_in_lf == 1) && (ctxt->input != NULL) && + (ctxt->input->buf != NULL)) { ++ size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer, ++ ctxt->input); ++ size_t current = ctxt->input->cur - ctxt->input->base; ++ + xmlParserInputBufferPush(ctxt->input->buf, 1, "\r"); ++ ++ xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, ++ base, current); + } + if (terminate) { + /* -- cgit v1.2.3