pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/textproc/libxslt pullup ticket #2475 - request...
details: https://anonhg.NetBSD.org/pkgsrc/rev/84245d7ffbe9
branches: pkgsrc-2008Q2
changeset: 544229:84245d7ffbe9
user: rtr <rtr%pkgsrc.org@localhost>
date: Sun Aug 10 13:07:14 2008 +0000
description:
pullup ticket #2475 - requested by tron
libxslt: security patch fixes buffer overflow
revisons pulled up:
pkgsrc/textproc/libxslt/Makefile 1.82
pkgsrc/textproc/libxslt/distinfo 1.50
pkgsrc/textproc/libxslt/patches/patch-af 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 7 10:47:44 UTC 2008
Modified Files:
pkgsrc/textproc/libxslt: Makefile distinfo
Added Files:
pkgsrc/textproc/libxslt/patches: patch-af
Log Message:
add patch from upstream CVS to fix buffer overflow in RC4 crypto
code (CVE-2008-2935), bump PKGREVISION
diffstat:
textproc/libxslt/Makefile | 3 +-
textproc/libxslt/distinfo | 3 +-
textproc/libxslt/patches/patch-af | 173 ++++++++++++++++++++++++++++++++++++++
3 files changed, 177 insertions(+), 2 deletions(-)
diffs (202 lines):
diff -r e34e71bdd087 -r 84245d7ffbe9 textproc/libxslt/Makefile
--- a/textproc/libxslt/Makefile Sun Aug 10 11:57:39 2008 +0000
+++ b/textproc/libxslt/Makefile Sun Aug 10 13:07:14 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2008/05/22 16:03:10 recht Exp $
+# $NetBSD: Makefile,v 1.81.4.1 2008/08/10 13:07:14 rtr Exp $
DISTNAME= libxslt-1.1.24
+PKGREVISION= 1
CATEGORIES= textproc
MASTER_SITES+= ftp://xmlsoft.org/libxslt/
#MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxslt/1.1/}
diff -r e34e71bdd087 -r 84245d7ffbe9 textproc/libxslt/distinfo
--- a/textproc/libxslt/distinfo Sun Aug 10 11:57:39 2008 +0000
+++ b/textproc/libxslt/distinfo Sun Aug 10 13:07:14 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.49 2008/05/22 16:03:10 recht Exp $
+$NetBSD: distinfo,v 1.49.4.1 2008/08/10 13:07:14 rtr Exp $
SHA1 (libxslt-1.1.24.tar.gz) = b5402e24abff5545ed76f6a55049cbebc664bd58
RMD160 (libxslt-1.1.24.tar.gz) = 41e7721eeed722c45310877d045422b47ab32973
Size (libxslt-1.1.24.tar.gz) = 3363961 bytes
SHA1 (patch-aa) = 7351945ab86addef9b5a69be887252fc0b3c1aa5
SHA1 (patch-ae) = ea154e23704cbd73e3199271e2d0d4a80b2832e8
+SHA1 (patch-af) = 9d4ac9266323a0127bc466d4c3e5e1d814142f96
diff -r e34e71bdd087 -r 84245d7ffbe9 textproc/libxslt/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxslt/patches/patch-af Sun Aug 10 13:07:14 2008 +0000
@@ -0,0 +1,173 @@
+$NetBSD: patch-af,v 1.2.8.1 2008/08/10 13:07:14 rtr Exp $
+
+--- libexslt/crypto.c.orig 2007-01-17 14:17:25.000000000 +0100
++++ libexslt/crypto.c
+@@ -317,13 +317,13 @@ exsltCryptoCryptoApiRc4Decrypt (xmlXPath
+ #define PLATFORM_MD5 GCRY_MD_MD5
+ #define PLATFORM_SHA1 GCRY_MD_SHA1
+
+-#ifdef HAVE_SYS_TYPES_H
+-# include <sys/types.h>
+-#endif
+-#ifdef HAVE_STDINT_H
+-# include <stdint.h>
+-#endif
+-
++#ifdef HAVE_SYS_TYPES_H
++# include <sys/types.h>
++#endif
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++
+ #ifdef HAVE_SYS_SELECT_H
+ #include <sys/select.h> /* needed by gcrypt.h 4 Jul 04 */
+ #endif
+@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ int str_len = 0, bin_len = 0, hex_len = 0;
+ xmlChar *key = NULL, *str = NULL, *padkey = NULL;
+ xmlChar *bin = NULL, *hex = NULL;
++ xsltTransformContextPtr tctxt = NULL;
+
+- if ((nargs < 1) || (nargs > 3)) {
++ if (nargs != 2) {
+ xmlXPathSetArityError (ctxt);
+ return;
+ }
++ tctxt = xsltXPathGetTransformContext(ctxt);
+
+ str = xmlXPathPopString (ctxt);
+ str_len = xmlUTF8Strlen (str);
+@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ }
+
+ key = xmlXPathPopString (ctxt);
+- key_len = xmlUTF8Strlen (str);
++ key_len = xmlUTF8Strlen (key);
+
+ if (key_len == 0) {
+ xmlXPathReturnEmptyString (ctxt);
+@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ return;
+ }
+
+- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++ if (padkey == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
++ memset(padkey, 0, RC4_KEY_LENGTH + 1);
++
+ key_size = xmlUTF8Strsize (key, key_len);
++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ memcpy (padkey, key, key_size);
+- memset (padkey + key_size, '\0', sizeof (padkey));
+
+ /* encrypt it */
+ bin_len = str_len;
+ bin = xmlStrdup (str);
+ if (bin == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ hex_len = str_len * 2 + 1;
+ hex = xmlMallocAtomic (hex_len);
+ if (hex == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ int str_len = 0, bin_len = 0, ret_len = 0;
+ xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
+ NULL, *ret = NULL;
++ xsltTransformContextPtr tctxt = NULL;
+
+- if ((nargs < 1) || (nargs > 3)) {
++ if (nargs != 2) {
+ xmlXPathSetArityError (ctxt);
+ return;
+ }
++ tctxt = xsltXPathGetTransformContext(ctxt);
+
+ str = xmlXPathPopString (ctxt);
+ str_len = xmlUTF8Strlen (str);
+@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ }
+
+ key = xmlXPathPopString (ctxt);
+- key_len = xmlUTF8Strlen (str);
++ key_len = xmlUTF8Strlen (key);
+
+ if (key_len == 0) {
+ xmlXPathReturnEmptyString (ctxt);
+@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ return;
+ }
+
+- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++ if (padkey == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
++ memset(padkey, 0, RC4_KEY_LENGTH + 1);
+ key_size = xmlUTF8Strsize (key, key_len);
++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ memcpy (padkey, key, key_size);
+- memset (padkey + key_size, '\0', sizeof (padkey));
+
+ /* decode hex to binary */
+ bin_len = str_len;
+ bin = xmlMallocAtomic (bin_len);
++ if (bin == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
+
+ /* decrypt the binary blob */
+ ret = xmlMallocAtomic (ret_len);
++ if (ret == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
+
+ xmlXPathReturnString (ctxt, ret);
+
++done:
+ if (key != NULL)
+ xmlFree (key);
+ if (str != NULL)
Home |
Main Index |
Thread Index |
Old Index