pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/libxml2
Module Name: pkgsrc
Committed By: leot
Date: Fri Nov 9 15:31:46 UTC 2018
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-parser.c
patch-result_errors_759573.xml.err
Log Message:
libxml2: Add a patch from upstream to fix CVE-2017-8872
Patch provided by Attila Fülöp via PR pkg/53704, thanks!
To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.151 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.127 -r1.128 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.5 pkgsrc/textproc/libxml2/patches/patch-parser.c
cvs rdiff -u -r0 -r1.1 \
pkgsrc/textproc/libxml2/patches/patch-result_errors_759573.xml.err
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/libxml2/Makefile
diff -u pkgsrc/textproc/libxml2/Makefile:1.150 pkgsrc/textproc/libxml2/Makefile:1.151
--- pkgsrc/textproc/libxml2/Makefile:1.150 Sat Oct 13 09:05:42 2018
+++ pkgsrc/textproc/libxml2/Makefile Fri Nov 9 15:31:46 2018
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.150 2018/10/13 09:05:42 leot Exp $
+# $NetBSD: Makefile,v 1.151 2018/11/09 15:31:46 leot Exp $
.include "../../textproc/libxml2/Makefile.common"
-PKGREVISION= 3
+PKGREVISION= 4
COMMENT= XML parser library from the GNOME project
LICENSE= modified-bsd
Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.127 pkgsrc/textproc/libxml2/distinfo:1.128
--- pkgsrc/textproc/libxml2/distinfo:1.127 Sat Oct 13 09:05:42 2018
+++ pkgsrc/textproc/libxml2/distinfo Fri Nov 9 15:31:46 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.127 2018/10/13 09:05:42 leot Exp $
+$NetBSD: distinfo,v 1.128 2018/11/09 15:31:46 leot Exp $
SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -10,8 +10,10 @@ SHA1 (patch-ac) = 34afe787f6012b460a85be
SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
+SHA1 (patch-parser.c) = ea27ffe37b8a47d08a2e2a0220ec5592c9980190
SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-result_errors_759573.xml.err) = b6fc7ac6fa72e6a3b927f5938917c74a1258600c
SHA1 (patch-xpath.c) = 9b9832e36e947598d8f5dade80181e82bff54a5c
SHA1 (patch-xzlib.c) = a9b4de24d844b9fee30988ae4dbdee950797fd0d
Added files:
Index: pkgsrc/textproc/libxml2/patches/patch-parser.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-parser.c:1.5
--- /dev/null Fri Nov 9 15:31:46 2018
+++ pkgsrc/textproc/libxml2/patches/patch-parser.c Fri Nov 9 15:31:46 2018
@@ -0,0 +1,23 @@
+$NetBSD: patch-parser.c,v 1.5 2018/11/09 15:31:46 leot Exp $
+
+Fixes CVE-2017-8872.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+https://gitlab.gnome.org/GNOME/libxml2/issues/26
+https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
+
+--- parser.c.orig 2018-01-25 06:44:40.000000000 +0000
++++ parser.c
+@@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ ctxt->input->free((xmlChar *) ctxt->input->base);
+ ctxt->input->free = NULL;
+ }
++ if (ctxt->input->buf != NULL) {
++ xmlFreeParserInputBuffer(ctxt->input->buf);
++ ctxt->input->buf = NULL;
++ }
+ ctxt->input->cur = BAD_CAST"";
++ ctxt->input->length = 0;
+ ctxt->input->base = ctxt->input->cur;
+ ctxt->input->end = ctxt->input->cur;
+ }
Index: pkgsrc/textproc/libxml2/patches/patch-result_errors_759573.xml.err
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-result_errors_759573.xml.err:1.1
--- /dev/null Fri Nov 9 15:31:46 2018
+++ pkgsrc/textproc/libxml2/patches/patch-result_errors_759573.xml.err Fri Nov 9 15:31:46 2018
@@ -0,0 +1,32 @@
+$NetBSD: patch-result_errors_759573.xml.err,v 1.1 2018/11/09 15:31:46 leot Exp $
+
+Test output adjustment for CVE-2017-8872 fix.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+https://gitlab.gnome.org/GNOME/libxml2/issues/26
+https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
+
+--- result/errors/759573.xml.err.orig 2017-07-23 05:10:06.000000000 +0000
++++ result/errors/759573.xml.err
+@@ -21,14 +21,11 @@ Entity: line 1:
+ ^
+ ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
+
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
+- ^
++
++^
+ ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
+- ^
+-./test/errors/759573.xml:1: parser error : StartTag: invalid element name
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
+- ^
+-./test/errors/759573.xml:1: parser error : Extra content at the end of the document
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '%<![INCLUDE[000%ஸ00
+- ^
++
++^
++./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
++
++^
Home |
Main Index |
Thread Index |
Old Index