pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/libxml2 textproc/libxml2: Fix CVE-2018-14404.
details: https://anonhg.NetBSD.org/pkgsrc/rev/34754859597f
branches: trunk
changeset: 383773:34754859597f
user: snj <snj%pkgsrc.org@localhost>
date: Thu Aug 09 18:44:13 2018 +0000
description:
textproc/libxml2: Fix CVE-2018-14404.
Bump PKGREVISION.
diffstat:
textproc/libxml2/Makefile | 4 ++--
textproc/libxml2/distinfo | 3 ++-
textproc/libxml2/patches/patch-xpath.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 36 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r 2eae20d4a096 -r 34754859597f textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Thu Aug 09 17:04:13 2018 +0000
+++ b/textproc/libxml2/Makefile Thu Aug 09 18:44:13 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.148 2018/06/20 18:22:45 tez Exp $
+# $NetBSD: Makefile,v 1.149 2018/08/09 18:44:13 snj Exp $
.include "../../textproc/libxml2/Makefile.common"
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= XML parser library from the GNOME project
LICENSE= modified-bsd
diff -r 2eae20d4a096 -r 34754859597f textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Thu Aug 09 17:04:13 2018 +0000
+++ b/textproc/libxml2/distinfo Thu Aug 09 18:44:13 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.125 2018/06/20 18:22:45 tez Exp $
+$NetBSD: distinfo,v 1.126 2018/08/09 18:44:13 snj Exp $
SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -13,4 +13,5 @@
SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-xpath.c) = 9b9832e36e947598d8f5dade80181e82bff54a5c
SHA1 (patch-xzlib.c) = eb20e3ef1504dacf1363f86c662918365306e84c
diff -r 2eae20d4a096 -r 34754859597f textproc/libxml2/patches/patch-xpath.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-xpath.c Thu Aug 09 18:44:13 2018 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-xpath.c,v 1.3 2018/08/09 18:44:13 snj Exp $
+
+Fix CVE-2018-14404.
+
+https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
+
+--- xpath.c.orig 2017-12-02 00:58:10.000000000 -0800
++++ xpath.c 2018-08-09 11:37:59.278508181 -0700
+@@ -13297,9 +13297,8 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ return(0);
+ }
+ xmlXPathBooleanFunction(ctxt, 1);
+- arg1 = valuePop(ctxt);
+- arg1->boolval &= arg2->boolval;
+- valuePush(ctxt, arg1);
++ if (ctxt->value != NULL)
++ ctxt->value->boolval &= arg2->boolval;
+ xmlXPathReleaseObject(ctxt->context, arg2);
+ return (total);
+ case XPATH_OP_OR:
+@@ -13323,9 +13322,8 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ return(0);
+ }
+ xmlXPathBooleanFunction(ctxt, 1);
+- arg1 = valuePop(ctxt);
+- arg1->boolval |= arg2->boolval;
+- valuePush(ctxt, arg1);
++ if (ctxt->value != NULL)
++ ctxt->value->boolval |= arg2->boolval;
+ xmlXPathReleaseObject(ctxt->context, arg2);
+ return (total);
+ case XPATH_OP_EQUAL:
Home |
Main Index |
Thread Index |
Old Index