[pkgsrc/pkgsrc-2008Q3]: pkgsrc/textproc/libxml2 pullup ticket #2553 - request...

[rtr <rtr%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/70569c84e3a9
branches:  pkgsrc-2008Q3
changeset: 547834:70569c84e3a9
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Sun Oct 12 12:09:10 2008 +0000

description:
pullup ticket #2553 - requested by tron
libxml2: security fix

revisions pulled up:
pkgsrc/textproc/libxml2/Makefile                1.95
pkgsrc/textproc/libxml2/distinfo                1.67
pkgsrc/textproc/libxml2/patches/patch-af        1.1

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Thu Oct  9 15:01:27 UTC 2008

   Modified Files:
           pkgsrc/textproc/libxml2: Makefile distinfo
   Added Files:
           pkgsrc/textproc/libxml2/patches: patch-af

   Log Message:
   Add a fix for CVE-2008-4409 (also known as CVE-2008-4422) from the
   GNOME bugzilla. Bump package revision.

diffstat:

 textproc/libxml2/Makefile         |   3 ++-
 textproc/libxml2/distinfo         |   3 ++-
 textproc/libxml2/patches/patch-af |  21 +++++++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diffs (51 lines):

diff -r 47421e11cadf -r 70569c84e3a9 textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Sun Oct 12 11:47:37 2008 +0000
+++ b/textproc/libxml2/Makefile Sun Oct 12 12:09:10 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.94 2008/09/06 14:58:34 wiz Exp $
+# $NetBSD: Makefile,v 1.94.4.1 2008/10/12 12:09:10 rtr Exp $
 
 DISTNAME=      libxml2-2.7.1
+PKGREVISION=   1
 CATEGORIES=    textproc
 MASTER_SITES=  ftp://xmlsoft.org/libxml2/ \
                http://xmlsoft.org/sources/
diff -r 47421e11cadf -r 70569c84e3a9 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Sun Oct 12 11:47:37 2008 +0000
+++ b/textproc/libxml2/distinfo Sun Oct 12 12:09:10 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.66 2008/09/06 14:58:34 wiz Exp $
+$NetBSD: distinfo,v 1.66.4.1 2008/10/12 12:09:10 rtr Exp $
 
 SHA1 (libxml2-2.7.1.tar.gz) = 54b2d24ce0b716054628303bff47cf0db2966d84
 RMD160 (libxml2-2.7.1.tar.gz) = 4de3732c39efa95b63abbd60dbb74357075faf63
@@ -8,3 +8,4 @@
 SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
 SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
 SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8
+SHA1 (patch-af) = 53757ead74ac0f3bba68adee89a65fcfa544fc59
diff -r 47421e11cadf -r 70569c84e3a9 textproc/libxml2/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-af Sun Oct 12 12:09:10 2008 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-af,v 1.1.2.2 2008/10/12 12:09:10 rtr Exp $
+
+Patch for CVE-2008-4409 taken from here:
+
+http://bugzilla.gnome.org/show_bug.cgi?id=554660
+http://bugzilla.gnome.org/attachment.cgi?id=119824
+
+--- parser.c.orig      2008-09-01 07:22:40.000000000 +0100
++++ parser.c   2008-10-09 15:22:55.000000000 +0100
+@@ -7225,8 +7225,10 @@
+      * Predefined entites override any extra definition
+      */
+     ent = xmlGetPredefinedEntity(name);
+-    if (ent != NULL)
++    if (ent != NULL) {
++        *str = ptr;
+         return(ent);
++    }
+ 
+     /*
+      * Increate the number of entity references parsed