diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-08-24 00:50:00 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-08-24 00:50:00 +0000 |
| commit | 526980c9d7951e085d709c56712f2f5cbf23608f (patch) | |
| tree | ad441a1a7f29e93f8b84734295d74b3df24fc9ac /textproc/libxml2 | |
| parent | Upgrade to 2.8.7rel.1 (diff) | |
Fix security bugs CVE-2009-2416 and CVE-2009-2414.
PR: 137980
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Obtained from: http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
Notes
Notes:
svn path=/head/; revision=240235
Diffstat (limited to 'textproc/libxml2')
| -rw-r--r-- | textproc/libxml2/Makefile | 2 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-parser.c | 79 |
2 files changed, 80 insertions, 1 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index c066e6071702..ec42f26ac919 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -13,7 +13,7 @@ PORTNAME= libxml2 PORTVERSION= 2.7.3 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= textproc gnome MASTER_SITES= ftp://fr.rpmfind.net/pub/libxml/ \ ftp://gd.tuwien.ac.at/pub/libxml/ \ diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c new file mode 100644 index 000000000000..2e1e65e5a762 --- /dev/null +++ b/textproc/libxml2/files/patch-parser.c @@ -0,0 +1,79 @@ +--- parser.c.orig ++++ parser.c +@@ -5306,7 +5306,8 @@ + if (name == NULL) { + xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED, + "Name expected in NOTATION declaration\n"); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + tmp = ret; + while (tmp != NULL) { +@@ -5322,7 +5323,10 @@ + } + if (tmp == NULL) { + cur = xmlCreateEnumeration(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5334,8 +5338,8 @@ + if (RAW != ')') { + xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL); + if ((last != NULL) && (last != ret)) +- xmlFreeEnumeration(last); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); +@@ -5390,7 +5394,10 @@ + cur = xmlCreateEnumeration(name); + if (!xmlDictOwns(ctxt->dict, name)) + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL){ ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5794,6 +5801,11 @@ + const xmlChar *elem; + xmlChar type = 0; + ++ if (ctxt->depth > 128) { ++ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED, "xmlParseElementChildrenContentDecl : depth %d too deep\n", ctxt->depth); ++ return(NULL); ++ } ++ + SKIP_BLANKS; + GROW; + if (RAW == '(') { +@@ -5802,7 +5814,9 @@ + /* Recurse on first child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid); ++ ctxt->depth--; + SKIP_BLANKS; + GROW; + } else { +@@ -5934,7 +5948,9 @@ + /* Recurse on second child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + last = xmlParseElementChildrenContentDecl(ctxt, inputid); ++ ctxt->depth--; + SKIP_BLANKS; + } else { + elem = xmlParseName(ctxt); |