pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/textproc/libxml2 Pullup ticket #5478 - request...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/af3fb1ba548a
branches:  pkgsrc-2017Q1
changeset: 360422:af3fb1ba548a
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Jun 21 18:17:36 2017 +0000

description:
Pullup ticket #5478 - requested by sevan
textproc/libxml2: security fix

Revisions pulled up:
- textproc/libxml2/Makefile                                     1.144
- textproc/libxml2/distinfo                                     1.115
- textproc/libxml2/patches/patch-valid.c                        1.1

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Sun Jun 11 04:40:53 UTC 2017

   Modified Files:
           pkgsrc/textproc/libxml2: Makefile distinfo
   Added Files:
           pkgsrc/textproc/libxml2/patches: patch-valid.c

   Log Message:
   libxml2: Apply upstream patch for CVE-2017-5969.
   (Minor issue, only a denial-of-service when using recover mode)

   bump PKGREVISION

diffstat:

 textproc/libxml2/Makefile              |   4 +-
 textproc/libxml2/distinfo              |   3 +-
 textproc/libxml2/patches/patch-valid.c |  55 ++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 3 deletions(-)

diffs (90 lines):

diff -r ebac19d18da9 -r af3fb1ba548a textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Tue Jun 13 19:35:55 2017 +0000
+++ b/textproc/libxml2/Makefile Wed Jun 21 18:17:36 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.143 2016/12/30 02:17:48 dholland Exp $
+# $NetBSD: Makefile,v 1.143.2.1 2017/06/21 18:17:36 bsiegert Exp $
 
 .include "../../textproc/libxml2/Makefile.common"
 
-PKGREVISION=   2
+PKGREVISION=   3
 
 COMMENT=       XML parser library from the GNOME project
 LICENSE=       modified-bsd
diff -r ebac19d18da9 -r af3fb1ba548a textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Tue Jun 13 19:35:55 2017 +0000
+++ b/textproc/libxml2/distinfo Wed Jun 21 18:17:36 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $
+$NetBSD: distinfo,v 1.114.4.1 2017/06/21 18:17:36 bsiegert Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -16,6 +16,7 @@
 SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
+SHA1 (patch-valid.c) = e6ff3a9aed6b985fcc69d214efa953a90a055d6b
 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
 SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
 SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff -r ebac19d18da9 -r af3fb1ba548a textproc/libxml2/patches/patch-valid.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-valid.c    Wed Jun 21 18:17:36 2017 +0000
@@ -0,0 +1,55 @@
+$NetBSD: patch-valid.c,v 1.2.2.2 2017/06/21 18:17:36 bsiegert Exp $
+
+Upstream commit by Daniel Veillard
+
+Fix NULL pointer deref in xmlDumpElementContent
+Can only be triggered in recovery mode.
+Fixes bug 758422 (CVE-2017-5969).
+
+
+--- valid.c.orig       2016-05-23 07:25:25.000000000 +0000
++++ valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, 
+           xmlBufferWriteCHAR(buf, content->name);
+           break;
+       case XML_ELEMENT_CONTENT_SEQ:
+-          if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-              (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++          if ((content->c1 != NULL) &&
++              ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++               (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+               xmlDumpElementContent(buf, content->c1, 1);
+           else
+               xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " , ");
+-          if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+-              ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+-               (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++          if ((content->c2 != NULL) &&
++              ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++               ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++                (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+               xmlDumpElementContent(buf, content->c2, 1);
+           else
+               xmlDumpElementContent(buf, content->c2, 0);
+           break;
+       case XML_ELEMENT_CONTENT_OR:
+-          if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-              (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++          if ((content->c1 != NULL) &&
++              ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++               (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+               xmlDumpElementContent(buf, content->c1, 1);
+           else
+               xmlDumpElementContent(buf, content->c1, 0);
+             xmlBufferWriteChar(buf, " | ");
+-          if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+-              ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+-               (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++          if ((content->c2 != NULL) &&
++              ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++               ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++                (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+               xmlDumpElementContent(buf, content->c2, 1);
+           else
+               xmlDumpElementContent(buf, content->c2, 0);
Home | Main Index | Thread Index | Old Index