pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/libxml2
Module Name: pkgsrc
Committed By: snj
Date: Thu Aug 9 18:44:13 UTC 2018
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-xpath.c
Log Message:
textproc/libxml2: Fix CVE-2018-14404.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/textproc/libxml2/patches/patch-xpath.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/libxml2/Makefile
diff -u pkgsrc/textproc/libxml2/Makefile:1.148 pkgsrc/textproc/libxml2/Makefile:1.149
--- pkgsrc/textproc/libxml2/Makefile:1.148 Wed Jun 20 18:22:45 2018
+++ pkgsrc/textproc/libxml2/Makefile Thu Aug 9 18:44:13 2018
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.148 2018/06/20 18:22:45 tez Exp $
+# $NetBSD: Makefile,v 1.149 2018/08/09 18:44:13 snj Exp $
.include "../../textproc/libxml2/Makefile.common"
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= XML parser library from the GNOME project
LICENSE= modified-bsd
Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.125 pkgsrc/textproc/libxml2/distinfo:1.126
--- pkgsrc/textproc/libxml2/distinfo:1.125 Wed Jun 20 18:22:45 2018
+++ pkgsrc/textproc/libxml2/distinfo Thu Aug 9 18:44:13 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.125 2018/06/20 18:22:45 tez Exp $
+$NetBSD: distinfo,v 1.126 2018/08/09 18:44:13 snj Exp $
SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -13,4 +13,5 @@ SHA1 (patch-encoding.c) = 6cf0a7d421828b
SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-xpath.c) = 9b9832e36e947598d8f5dade80181e82bff54a5c
SHA1 (patch-xzlib.c) = eb20e3ef1504dacf1363f86c662918365306e84c
Added files:
Index: pkgsrc/textproc/libxml2/patches/patch-xpath.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-xpath.c:1.3
--- /dev/null Thu Aug 9 18:44:13 2018
+++ pkgsrc/textproc/libxml2/patches/patch-xpath.c Thu Aug 9 18:44:13 2018
@@ -0,0 +1,32 @@
+$NetBSD: patch-xpath.c,v 1.3 2018/08/09 18:44:13 snj Exp $
+
+Fix CVE-2018-14404.
+
+https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
+
+--- xpath.c.orig 2017-12-02 00:58:10.000000000 -0800
++++ xpath.c 2018-08-09 11:37:59.278508181 -0700
+@@ -13297,9 +13297,8 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ return(0);
+ }
+ xmlXPathBooleanFunction(ctxt, 1);
+- arg1 = valuePop(ctxt);
+- arg1->boolval &= arg2->boolval;
+- valuePush(ctxt, arg1);
++ if (ctxt->value != NULL)
++ ctxt->value->boolval &= arg2->boolval;
+ xmlXPathReleaseObject(ctxt->context, arg2);
+ return (total);
+ case XPATH_OP_OR:
+@@ -13323,9 +13322,8 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ return(0);
+ }
+ xmlXPathBooleanFunction(ctxt, 1);
+- arg1 = valuePop(ctxt);
+- arg1->boolval |= arg2->boolval;
+- valuePush(ctxt, arg1);
++ if (ctxt->value != NULL)
++ ctxt->value->boolval |= arg2->boolval;
+ xmlXPathReleaseObject(ctxt->context, arg2);
+ return (total);
+ case XPATH_OP_EQUAL:
Home |
Main Index |
Thread Index |
Old Index