pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/libxml2 libxml2: Backport upstream patch for ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/06de9427b072
branches: trunk
changeset: 313888:06de9427b072
user: leot <leot%pkgsrc.org@localhost>
date: Sat Oct 13 09:05:42 2018 +0000
description:
libxml2: Backport upstream patch for CVE-2018-9251 and CVE-2018-14567
diffstat:
textproc/libxml2/Makefile | 4 +-
textproc/libxml2/distinfo | 4 +-
textproc/libxml2/patches/patch-xzlib.c | 39 +++++++++++++++++++++++----------
3 files changed, 31 insertions(+), 16 deletions(-)
diffs (77 lines):
diff -r e99d1534d3c2 -r 06de9427b072 textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Sat Oct 13 06:19:39 2018 +0000
+++ b/textproc/libxml2/Makefile Sat Oct 13 09:05:42 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.149 2018/08/09 18:44:13 snj Exp $
+# $NetBSD: Makefile,v 1.150 2018/10/13 09:05:42 leot Exp $
.include "../../textproc/libxml2/Makefile.common"
-PKGREVISION= 2
+PKGREVISION= 3
COMMENT= XML parser library from the GNOME project
LICENSE= modified-bsd
diff -r e99d1534d3c2 -r 06de9427b072 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Sat Oct 13 06:19:39 2018 +0000
+++ b/textproc/libxml2/distinfo Sat Oct 13 09:05:42 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.126 2018/08/09 18:44:13 snj Exp $
+$NetBSD: distinfo,v 1.127 2018/10/13 09:05:42 leot Exp $
SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -14,4 +14,4 @@
SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
SHA1 (patch-xpath.c) = 9b9832e36e947598d8f5dade80181e82bff54a5c
-SHA1 (patch-xzlib.c) = eb20e3ef1504dacf1363f86c662918365306e84c
+SHA1 (patch-xzlib.c) = a9b4de24d844b9fee30988ae4dbdee950797fd0d
diff -r e99d1534d3c2 -r 06de9427b072 textproc/libxml2/patches/patch-xzlib.c
--- a/textproc/libxml2/patches/patch-xzlib.c Sat Oct 13 06:19:39 2018 +0000
+++ b/textproc/libxml2/patches/patch-xzlib.c Sat Oct 13 09:05:42 2018 +0000
@@ -1,17 +1,32 @@
-$NetBSD: patch-xzlib.c,v 1.3 2018/06/20 18:22:45 tez Exp $
+$NetBSD: patch-xzlib.c,v 1.4 2018/10/13 09:05:42 leot Exp $
-Fix for CVE-2018-9251 from https://bugzilla.gnome.org/show_bug.cgi?id=794914
+Fix for CVE-2018-9251 and CVE-2018-14567, upstream commit id
+2240fbf5912054af025fb6e01e26375100275e74:
---- xzlib.c.orig 2018-06-20 16:11:09.322482100 +0000
+ <https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74>
+
+--- xzlib.c.orig 2017-12-02 08:58:10.000000000 +0000
+++ xzlib.c
-@@ -575,6 +575,10 @@ xz_decomp(xz_statep state)
- } else /* state->how == LZMA */
- #endif
- ret = lzma_code(strm, action);
-+ if (ret == LZMA_MEMLIMIT_ERROR) {
-+ xz_error(state, LZMA_MEMLIMIT_ERROR, "memory limit error");
+@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
+ "internal error: inflate stream corrupt");
+ return -1;
+ }
++ /*
++ * FIXME: Remapping a couple of error codes and falling through
++ * to the LZMA error handling looks fragile.
++ */
+ if (ret == Z_MEM_ERROR)
+ ret = LZMA_MEM_ERROR;
+ if (ret == Z_DATA_ERROR)
+@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
+ xz_error(state, LZMA_PROG_ERROR, "compression error");
+ return -1;
+ }
++ if ((state->how != GZIP) &&
++ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
++ xz_error(state, ret, "lzma error");
+ return -1;
+ }
- if (ret == LZMA_MEM_ERROR) {
- xz_error(state, LZMA_MEM_ERROR, "out of memory");
- return -1;
+ } while (strm->avail_out && ret != LZMA_STREAM_END);
+
+ /* update available output and crc check value */
Home |
Main Index |
Thread Index |
Old Index