CVS commit: pkgsrc/textproc/libxml2

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/libxml2
From: "Tim Zingelman" <tez%netbsd.org@localhost>
Date: Wed, 20 Jun 2018 18:22:45 +0000

Module Name:    pkgsrc
Committed By:   tez
Date:           Wed Jun 20 18:22:45 UTC 2018

Modified Files:
        pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
        pkgsrc/textproc/libxml2/patches: patch-xzlib.c

Log Message:
libxml2: Fix for CVE-2018-9251

from https://bugzilla.gnome.org/show_bug.cgi?id=794914


To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.124 -r1.125 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/textproc/libxml2/patches/patch-xzlib.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/libxml2/Makefile
diff -u pkgsrc/textproc/libxml2/Makefile:1.147 pkgsrc/textproc/libxml2/Makefile:1.148
--- pkgsrc/textproc/libxml2/Makefile:1.147      Wed Mar 14 10:49:00 2018
+++ pkgsrc/textproc/libxml2/Makefile    Wed Jun 20 18:22:45 2018
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.147 2018/03/14 10:49:00 maya Exp $
+# $NetBSD: Makefile,v 1.148 2018/06/20 18:22:45 tez Exp $
 
 .include "../../textproc/libxml2/Makefile.common"
 
+PKGREVISION=   1
+
 COMMENT=       XML parser library from the GNOME project
 LICENSE=       modified-bsd
 

Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.124 pkgsrc/textproc/libxml2/distinfo:1.125
--- pkgsrc/textproc/libxml2/distinfo:1.124      Sun Mar 11 17:49:53 2018
+++ pkgsrc/textproc/libxml2/distinfo    Wed Jun 20 18:22:45 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.124 2018/03/11 17:49:53 wiz Exp $
+$NetBSD: distinfo,v 1.125 2018/06/20 18:22:45 tez Exp $
 
 SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
 RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -13,3 +13,4 @@ SHA1 (patch-encoding.c) = 6cf0a7d421828b
 SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
 SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
 SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-xzlib.c) = eb20e3ef1504dacf1363f86c662918365306e84c

Added files:

Index: pkgsrc/textproc/libxml2/patches/patch-xzlib.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-xzlib.c:1.3
--- /dev/null   Wed Jun 20 18:22:45 2018
+++ pkgsrc/textproc/libxml2/patches/patch-xzlib.c       Wed Jun 20 18:22:45 2018
@@ -0,0 +1,17 @@
+$NetBSD: patch-xzlib.c,v 1.3 2018/06/20 18:22:45 tez Exp $
+
+Fix for CVE-2018-9251 from https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+--- xzlib.c.orig       2018-06-20 16:11:09.322482100 +0000
++++ xzlib.c
+@@ -575,6 +575,10 @@ xz_decomp(xz_statep state)
+         } else                  /* state->how == LZMA */
+ #endif
+             ret = lzma_code(strm, action);
++        if (ret == LZMA_MEMLIMIT_ERROR) {
++            xz_error(state, LZMA_MEMLIMIT_ERROR, "memory limit error");
++            return -1;
++        }
+         if (ret == LZMA_MEM_ERROR) {
+             xz_error(state, LZMA_MEM_ERROR, "out of memory");
+             return -1;

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/games/wtf
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/games/wtf
Indexes:

Home | Main Index | Thread Index | Old Index