pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/libxslt Add patch for CVE-2017-5029
details: https://anonhg.NetBSD.org/pkgsrc/rev/7018491e4c65
branches: trunk
changeset: 362730:7018491e4c65
user: tez <tez%pkgsrc.org@localhost>
date: Tue May 23 23:37:01 2017 +0000
description:
Add patch for CVE-2017-5029
diffstat:
textproc/libxslt/Makefile | 4 +-
textproc/libxslt/distinfo | 3 +-
textproc/libxslt/patches/patch-CVE-2017-5029 | 58 ++++++++++++++++++++++++++++
3 files changed, 62 insertions(+), 3 deletions(-)
diffs (88 lines):
diff -r a986875e033e -r 7018491e4c65 textproc/libxslt/Makefile
--- a/textproc/libxslt/Makefile Tue May 23 15:35:21 2017 +0000
+++ b/textproc/libxslt/Makefile Tue May 23 23:37:01 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.104 2016/07/09 06:39:06 wiz Exp $
+# $NetBSD: Makefile,v 1.105 2017/05/23 23:37:01 tez Exp $
-PKGREVISION= 1
+PKGREVISION= 2
.include "Makefile.common"
BUILD_DEPENDS+= docbook-xml-[0-9]*:../../textproc/docbook-xml
diff -r a986875e033e -r 7018491e4c65 textproc/libxslt/distinfo
--- a/textproc/libxslt/distinfo Tue May 23 15:35:21 2017 +0000
+++ b/textproc/libxslt/distinfo Tue May 23 23:37:01 2017 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.59 2017/05/16 13:51:50 dholland Exp $
+$NetBSD: distinfo,v 1.60 2017/05/23 23:37:01 tez Exp $
SHA1 (libxslt-1.1.29.tar.gz) = edcaeabb3555ae44853bdc406ee9521fb65c620d
RMD160 (libxslt-1.1.29.tar.gz) = 40a5202b3967db6b01cd6c0e722a9e459cac7960
SHA512 (libxslt-1.1.29.tar.gz) = a1ce555a74a9dabe65e8f64bb66e27e77760fd76940d88f2d59f58dd63ca73c8ae59f3fcbd8e76c8f92ff992fb0c09328528c20ea38ccac83e63252106bf5f31
Size (libxslt-1.1.29.tar.gz) = 3428524 bytes
+SHA1 (patch-CVE-2017-5029) = 98658fa048e440ef72460d4e082c0fd282154aa1
SHA1 (patch-ae) = 40ce3940a93b6a2dc804f62676909d3313e0ea52
SHA1 (patch-ah) = f92809ab34e53962ec8b62e50ded7a27c89f10f8
diff -r a986875e033e -r 7018491e4c65 textproc/libxslt/patches/patch-CVE-2017-5029
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxslt/patches/patch-CVE-2017-5029 Tue May 23 23:37:01 2017 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-CVE-2017-5029,v 1.1 2017/05/23 23:37:01 tez Exp $
+
+Patch for CVE-2017-5029 from:
+ https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
+
+
+--- libxslt/xsltInternals.h.orig 2017-05-23 23:14:05.625798800 +0000
++++ libxslt/xsltInternals.h
+@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
+ * Speed optimization when coalescing text nodes
+ */
+ const xmlChar *lasttext; /* last text node content */
+- unsigned int lasttsize; /* last text node size */
+- unsigned int lasttuse; /* last text node use */
++ int lasttsize; /* last text node size */
++ int lasttuse; /* last text node use */
+ /*
+ * Per Context Debugging
+ */
+
+--- libxslt/transform.c.orig 2017-05-23 23:14:23.480987400 +0000
++++ libxslt/transform.c
+@@ -816,13 +816,32 @@ xsltAddTextString(xsltTransformContextPt
+ return(target);
+
+ if (ctxt->lasttext == target->content) {
++ int minSize;
+
+- if (ctxt->lasttuse + len >= ctxt->lasttsize) {
++ /* Check for integer overflow accounting for NUL terminator. */
++ if (len >= INT_MAX - ctxt->lasttuse) {
++ xsltTransformError(ctxt, NULL, target,
++ "xsltCopyText: text allocation failed\n");
++ return(NULL);
++ }
++ minSize = ctxt->lasttuse + len + 1;
++
++ if (ctxt->lasttsize < minSize) {
+ xmlChar *newbuf;
+ int size;
++ int extra;
++
++ /* Double buffer size but increase by at least 100 bytes. */
++ extra = minSize < 100 ? 100 : minSize;
++
++ /* Check for integer overflow. */
++ if (extra > INT_MAX - ctxt->lasttsize) {
++ size = INT_MAX;
++ }
++ else {
++ size = ctxt->lasttsize + extra;
++ }
+
+- size = ctxt->lasttsize + len + 100;
+- size *= 2;
+ newbuf = (xmlChar *) xmlRealloc(target->content,size);
+ if (newbuf == NULL) {
+ xsltTransformError(ctxt, NULL, target,
Home |
Main Index |
Thread Index |
Old Index