pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/textproc/libxml2 Add patch to fix the security vulnera...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4008eaaaed76
branches:  trunk
changeset: 564017:4008eaaaed76
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Aug 26 10:20:57 2009 +0000

description:
Add patch to fix the security vulnerabilites reported in CVE-2009-2414
and CVE-2009-2416.

The patch was taken from the latest Fedora 11 "libxml2" source RPM.

diffstat:

 textproc/libxml2/Makefile         |    3 +-
 textproc/libxml2/distinfo         |    3 +-
 textproc/libxml2/patches/patch-af |  162 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 166 insertions(+), 2 deletions(-)

diffs (192 lines):

diff -r 0a4c132909af -r 4008eaaaed76 textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Wed Aug 26 05:04:15 2009 +0000
+++ b/textproc/libxml2/Makefile Wed Aug 26 10:20:57 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.100 2009/02/21 13:58:49 wiz Exp $
+# $NetBSD: Makefile,v 1.101 2009/08/26 10:20:57 tron Exp $
 
 DISTNAME=      libxml2-2.7.3
+PKGREVISION=   1
 CATEGORIES=    textproc
 MASTER_SITES=  ftp://xmlsoft.org/libxml2/ \
                http://xmlsoft.org/sources/
diff -r 0a4c132909af -r 4008eaaaed76 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Wed Aug 26 05:04:15 2009 +0000
+++ b/textproc/libxml2/distinfo Wed Aug 26 10:20:57 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.71 2009/02/21 13:58:49 wiz Exp $
+$NetBSD: distinfo,v 1.72 2009/08/26 10:20:57 tron Exp $
 
 SHA1 (libxml2-2.7.3.tar.gz) = fd4e427fb55c977876bc74c0e552ef7d3d794a07
 RMD160 (libxml2-2.7.3.tar.gz) = 14018347531fd135366cee9fd9d760a1988546e2
@@ -8,3 +8,4 @@
 SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
 SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
 SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8
+SHA1 (patch-af) = 6db7c8cb6f697ecf1eecb578eafdd561d9bb8dad
diff -r 0a4c132909af -r 4008eaaaed76 textproc/libxml2/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-af Wed Aug 26 10:20:57 2009 +0000
@@ -0,0 +1,162 @@
+$NetBSD: patch-af,v 1.5 2009/08/26 10:20:57 tron Exp $
+
+Fix for CVE-2009-2414 and CVE-2009-2416 taken from here:
+http://download.fedora.redhat.com/pub/fedora/linux/updates/11/SRPMS/libxml2-2.7.3-3.fc11.src.rpm
+
+--- parser.c.orig      2009-01-17 13:45:35.000000000 +0000
++++ parser.c   2009-08-26 11:06:38.000000000 +0100
+@@ -5306,7 +5306,8 @@
+       if (name == NULL) {
+           xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
+                          "Name expected in NOTATION declaration\n");
+-          return(ret);
++            xmlFreeEnumeration(ret);
++          return(NULL);
+       }
+       tmp = ret;
+       while (tmp != NULL) {
+@@ -5322,7 +5323,10 @@
+       }
+       if (tmp == NULL) {
+           cur = xmlCreateEnumeration(name);
+-          if (cur == NULL) return(ret);
++          if (cur == NULL) {
++                xmlFreeEnumeration(ret);
++                return(NULL);
++            }
+           if (last == NULL) ret = last = cur;
+           else {
+               last->next = cur;
+@@ -5333,9 +5337,8 @@
+     } while (RAW == '|');
+     if (RAW != ')') {
+       xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
+-      if ((last != NULL) && (last != ret))
+-          xmlFreeEnumeration(last);
+-      return(ret);
++        xmlFreeEnumeration(ret);
++      return(NULL);
+     }
+     NEXT;
+     return(ret);
+@@ -5390,7 +5393,10 @@
+           cur = xmlCreateEnumeration(name);
+           if (!xmlDictOwns(ctxt->dict, name))
+               xmlFree(name);
+-          if (cur == NULL) return(ret);
++          if (cur == NULL) {
++                xmlFreeEnumeration(ret);
++                return(NULL);
++            }
+           if (last == NULL) ret = last = cur;
+           else {
+               last->next = cur;
+@@ -5758,9 +5764,10 @@
+ }
+ 
+ /**
+- * xmlParseElementChildrenContentDecl:
++ * xmlParseElementChildrenContentDeclPriv:
+  * @ctxt:  an XML parser context
+  * @inputchk:  the input used for the current entity, needed for boundary checks
++ * @depth: the level of recursion
+  *
+  * parse the declaration for a Mixed Element content
+  * The leading '(' and spaces have been skipped in xmlParseElementContentDecl
+@@ -5788,12 +5795,20 @@
+  * Returns the tree of xmlElementContentPtr describing the element 
+  *          hierarchy.
+  */
+-xmlElementContentPtr
+-xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
++static xmlElementContentPtr
++xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
++                                       int depth) {
+     xmlElementContentPtr ret = NULL, cur = NULL, last = NULL, op = NULL;
+     const xmlChar *elem;
+     xmlChar type = 0;
+ 
++    if (((depth > 128) && ((ctxt->options & XML_PARSE_HUGE) == 0)) ||
++        (depth >  2048)) {
++        xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
++"xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE\n",
++                          depth);
++      return(NULL);
++    }
+     SKIP_BLANKS;
+     GROW;
+     if (RAW == '(') {
+@@ -5802,7 +5817,8 @@
+         /* Recurse on first child */
+       NEXT;
+       SKIP_BLANKS;
+-        cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
++        cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
++                                                           depth + 1);
+       SKIP_BLANKS;
+       GROW;
+     } else {
+@@ -5934,7 +5950,8 @@
+           /* Recurse on second child */
+           NEXT;
+           SKIP_BLANKS;
+-          last = xmlParseElementChildrenContentDecl(ctxt, inputid);
++          last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
++                                                          depth + 1);
+           SKIP_BLANKS;
+       } else {
+           elem = xmlParseName(ctxt);
+@@ -6045,6 +6062,44 @@
+ }
+ 
+ /**
++ *
++ * xmlParseElementChildrenContentDecl:
++ * @ctxt:  an XML parser context
++ * @inputchk:  the input used for the current entity, needed for boundary checks
++ * @depth: the level of recursion
++ *
++ * parse the declaration for a Mixed Element content
++ * The leading '(' and spaces have been skipped in xmlParseElementContentDecl
++ *
++ * [47] children ::= (choice | seq) ('?' | '*' | '+')?
++ *
++ * [48] cp ::= (Name | choice | seq) ('?' | '*' | '+')?
++ *
++ * [49] choice ::= '(' S? cp ( S? '|' S? cp )* S? ')'
++ *
++ * [50] seq ::= '(' S? cp ( S? ',' S? cp )* S? ')'
++ *
++ * [ VC: Proper Group/PE Nesting ] applies to [49] and [50]
++ * TODO Parameter-entity replacement text must be properly nested
++ *    with parenthesized groups. That is to say, if either of the
++ *    opening or closing parentheses in a choice, seq, or Mixed
++ *    construct is contained in the replacement text for a parameter
++ *    entity, both must be contained in the same replacement text. For
++ *    interoperability, if a parameter-entity reference appears in a
++ *    choice, seq, or Mixed construct, its replacement text should not
++ *    be empty, and neither the first nor last non-blank character of
++ *    the replacement text should be a connector (| or ,).
++ *
++ * Returns the tree of xmlElementContentPtr describing the element 
++ *          hierarchy.
++ */
++xmlElementContentPtr
++xmlParseElementChildrenContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
++    /* stub left for API/ABI compat */
++    return(xmlParseElementChildrenContentDeclPriv(ctxt, inputchk, 1));
++}
++
++/**
+  * xmlParseElementContentDecl:
+  * @ctxt:  an XML parser context
+  * @name:  the name of the element being defined.
+@@ -6080,7 +6135,7 @@
+         tree = xmlParseElementMixedContentDecl(ctxt, inputid);
+       res = XML_ELEMENT_TYPE_MIXED;
+     } else {
+-        tree = xmlParseElementChildrenContentDecl(ctxt, inputid);
++        tree = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, 1);
+       res = XML_ELEMENT_TYPE_ELEMENT;
+     }
+     SKIP_BLANKS;



Home | Main Index | Thread Index | Old Index