pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q3]: pkgsrc/textproc/libxml Pullup ticket 147 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4cb3ef1c6c48
branches:  pkgsrc-2004Q3
changeset: 480749:4cb3ef1c6c48
user:      salo <salo%pkgsrc.org@localhost>
date:      Wed Nov 24 22:40:34 2004 +0000

description:
Pullup ticket 147 - requested by Julio M. Merino Vidal
security fix for libxml

        Module Name:    pkgsrc
        Committed By:   jmmv
        Date:           Sat Nov 20 22:07:49 UTC 2004

        Modified Files:
                pkgsrc/textproc/libxml: Makefile buildlink3.mk distinfo
        Added Files:
                pkgsrc/textproc/libxml/patches: patch-ad patch-ae

        Log Message:
        Backport security fixes (in the nanohttp and the nanoftp modules)
        from libxml2 (several buffer overflows).  Bump PKGREVISION to 3.

diffstat:

 textproc/libxml/Makefile         |    4 +-
 textproc/libxml/distinfo         |    4 +-
 textproc/libxml/patches/patch-ad |  106 +++++++++++++++++++++++++++++++++++++++
 textproc/libxml/patches/patch-ae |   47 +++++++++++++++++
 4 files changed, 158 insertions(+), 3 deletions(-)

diffs (189 lines):

diff -r 00194a734ed5 -r 4cb3ef1c6c48 textproc/libxml/Makefile
--- a/textproc/libxml/Makefile  Fri Nov 19 17:45:08 2004 +0000
+++ b/textproc/libxml/Makefile  Wed Nov 24 22:40:34 2004 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.31 2004/02/15 12:27:10 jlam Exp $
+# $NetBSD: Makefile,v 1.31.6.1 2004/11/24 22:40:34 salo Exp $
 #
 
 DISTNAME=              libxml-1.8.17
-PKGREVISION=           1
+PKGREVISION=           3
 CATEGORIES=            textproc devel lang gnome
 MASTER_SITES=          ftp://rpmfind.net/pub/veillard/ \
                        ${MASTER_SITE_GNOME:=sources/libxml/1.8/}
diff -r 00194a734ed5 -r 4cb3ef1c6c48 textproc/libxml/distinfo
--- a/textproc/libxml/distinfo  Fri Nov 19 17:45:08 2004 +0000
+++ b/textproc/libxml/distinfo  Wed Nov 24 22:40:34 2004 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.8 2003/04/25 03:09:08 martti Exp $
+$NetBSD: distinfo,v 1.8.8.1 2004/11/24 22:40:34 salo Exp $
 
 SHA1 (libxml-1.8.17.tar.gz) = ebe7b76bb2b62c882000c1a846a6f8f8346e3bb4
 Size (libxml-1.8.17.tar.gz) = 996351 bytes
 SHA1 (patch-aa) = 977a9e7f628910c2bc7e7f3c04de9917826bc0b7
 SHA1 (patch-ab) = 6c72ef59fe094ddbb4901b0f35eb681a4d0b4ff2
 SHA1 (patch-ac) = b94818200397d6c6457053fa5fe02a6049d52c44
+SHA1 (patch-ad) = 1513deb92711d9b17114ce4a00d9d5f1714234d3
+SHA1 (patch-ae) = 7f3f56ff649f3718b855da9a2d8e6f64dee95086
diff -r 00194a734ed5 -r 4cb3ef1c6c48 textproc/libxml/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml/patches/patch-ad  Wed Nov 24 22:40:34 2004 +0000
@@ -0,0 +1,106 @@
+$NetBSD: patch-ad,v 1.2.8.1 2004/11/24 22:40:34 salo Exp $
+
+--- nanoftp.c.orig     2000-07-10 12:16:39.000000000 +0200
++++ nanoftp.c
+@@ -65,6 +65,8 @@ static char hostname[100];
+ #define FTP_GET_PASSWD                331
+ #define FTP_BUF_SIZE          512
+ 
++#define XML_NANO_MAX_URLBUF   4096
++
+ typedef struct xmlNanoFTPCtxt {
+     char *protocol;   /* the protocol name */
+     char *hostname;   /* the host name */
+@@ -203,7 +205,7 @@ static void
+ xmlNanoFTPScanURL(void *ctx, const char *URL) {
+     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+     const char *cur = URL;
+-    char buf[4096];
++    char buf[XML_NANO_MAX_URLBUF];
+     int index = 0;
+     int port = 0;
+ 
+@@ -221,7 +223,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
+     }
+     if (URL == NULL) return;
+     buf[index] = 0;
+-    while (*cur != 0) {
++    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
+         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+           buf[index] = 0;
+           ctxt->protocol = xmlMemStrdup(buf);
+@@ -234,7 +236,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
+     if (*cur == 0) return;
+ 
+     buf[index] = 0;
+-    while (1) {
++    while (index < XML_NANO_MAX_URLBUF - 1) {
+         if (cur[0] == ':') {
+           buf[index] = 0;
+           ctxt->hostname = xmlMemStrdup(buf);
+@@ -263,7 +265,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
+     else {
+         index = 0;
+         buf[index] = 0;
+-      while (*cur != 0)
++      while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+           buf[index++] = *cur++;
+       buf[index] = 0;
+       ctxt->path = xmlMemStrdup(buf);
+@@ -288,7 +290,7 @@ int
+ xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
+     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+     const char *cur = URL;
+-    char buf[4096];
++    char buf[XML_NANO_MAX_URLBUF];
+     int index = 0;
+     int port = 0;
+ 
+@@ -301,7 +303,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
+     if (ctxt->hostname == NULL)
+       return(-1);
+     buf[index] = 0;
+-    while (*cur != 0) {
++    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+           buf[index] = 0;
+           if (strcmp(ctxt->protocol, buf))
+@@ -353,7 +355,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
+     else {
+         index = 0;
+         buf[index] = 0;
+-      while (*cur != 0)
++      while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+           buf[index++] = *cur++;
+       buf[index] = 0;
+       ctxt->path = xmlMemStrdup(buf);
+@@ -374,7 +376,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
+ void
+ xmlNanoFTPScanProxy(const char *URL) {
+     const char *cur = URL;
+-    char buf[4096];
++    char buf[XML_NANO_MAX_URLBUF];
+     int index = 0;
+     int port = 0;
+ 
+@@ -393,7 +395,7 @@ xmlNanoFTPScanProxy(const char *URL) {
+ #endif
+     if (URL == NULL) return;
+     buf[index] = 0;
+-    while (*cur != 0) {
++    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+           buf[index] = 0;
+           index = 0;
+@@ -828,6 +830,11 @@ xmlNanoFTPConnect(void *ctx) {
+     if (hp == NULL)
+         return(-1);
+ 
++    if ((unsigned int) hp->h_length >
++      sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
++      return (-1);
++    }
++
+     /*
+      * Prepare the socket
+      */
diff -r 00194a734ed5 -r 4cb3ef1c6c48 textproc/libxml/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml/patches/patch-ae  Wed Nov 24 22:40:34 2004 +0000
@@ -0,0 +1,47 @@
+$NetBSD: patch-ae,v 1.1.2.2 2004/11/24 22:40:34 salo Exp $
+
+--- nanohttp.c.orig    2000-06-28 20:33:46.000000000 +0200
++++ nanohttp.c
+@@ -161,6 +161,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ct
+     const char *cur = URL;
+     char buf[4096];
+     int index = 0;
++    const int indexMax = 4096 - 1;
+     int port = 0;
+ 
+     if (ctxt->protocol != NULL) { 
+@@ -177,7 +178,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ct
+     }
+     if (URL == NULL) return;
+     buf[index] = 0;
+-    while (*cur != 0) {
++    while ((*cur != 0) && (index < indexMax)) {
+         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+           buf[index] = 0;
+           ctxt->protocol = xmlMemStrdup(buf);
+@@ -219,7 +220,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ct
+     else {
+         index = 0;
+         buf[index] = 0;
+-      while (*cur != 0)
++      while ((*cur != 0) && (index < indexMax))
+           buf[index++] = *cur++;
+       buf[index] = 0;
+       ctxt->path = xmlMemStrdup(buf);
+@@ -241,6 +242,7 @@ xmlNanoHTTPScanProxy(const char *URL) {
+     const char *cur = URL;
+     char buf[4096];
+     int index = 0;
++    const int indexMax = 4096 - 1;
+     int port = 0;
+ 
+     if (proxy != NULL) { 
+@@ -258,7 +260,7 @@ xmlNanoHTTPScanProxy(const char *URL) {
+ #endif
+     if (URL == NULL) return;
+     buf[index] = 0;
+-    while (*cur != 0) {
++    while ((*cur != 0) && (index < indexMax)) {
+         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+           buf[index] = 0;
+           index = 0;



Home | Main Index | Thread Index | Old Index