Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1529518965115920"
MIME-Version: 1.0
Date: Wed, 20 Jun 2018 18:22:45 +0000
From: "Tim Zingelman" <tez@netbsd.org>
Subject: CVS commit: pkgsrc/textproc/libxml2
To: pkgsrc-changes@NetBSD.org
Reply-To: tez@netbsd.org
Message-Id: <20180620182245.7D3A8FBEC@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1529518965115920
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	tez
Date:		Wed Jun 20 18:22:45 UTC 2018

Modified Files:
	pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
	pkgsrc/textproc/libxml2/patches: patch-xzlib.c

Log Message:
libxml2: Fix for CVE-2018-9251

from https://bugzilla.gnome.org/show_bug.cgi?id=794914


To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.124 -r1.125 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/textproc/libxml2/patches/patch-xzlib.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1529518965115920
Content-Disposition: inline
Content-Length: 2361
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/textproc/libxml2/Makefile
diff -u pkgsrc/textproc/libxml2/Makefile:1.147 pkgsrc/textproc/libxml2/Makefile:1.148
--- pkgsrc/textproc/libxml2/Makefile:1.147	Wed Mar 14 10:49:00 2018
+++ pkgsrc/textproc/libxml2/Makefile	Wed Jun 20 18:22:45 2018
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.147 2018/03/14 10:49:00 maya Exp $
+# $NetBSD: Makefile,v 1.148 2018/06/20 18:22:45 tez Exp $
 
 .include "../../textproc/libxml2/Makefile.common"
 
+PKGREVISION=	1
+
 COMMENT=	XML parser library from the GNOME project
 LICENSE=	modified-bsd
 

Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.124 pkgsrc/textproc/libxml2/distinfo:1.125
--- pkgsrc/textproc/libxml2/distinfo:1.124	Sun Mar 11 17:49:53 2018
+++ pkgsrc/textproc/libxml2/distinfo	Wed Jun 20 18:22:45 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.124 2018/03/11 17:49:53 wiz Exp $
+$NetBSD: distinfo,v 1.125 2018/06/20 18:22:45 tez Exp $
 
 SHA1 (libxml2-2.9.8.tar.gz) = 66bcefd98a6b7573427cf66f9d3841b59eb5b8c3
 RMD160 (libxml2-2.9.8.tar.gz) = a3bf30ed652cfa2e06c64ae62c95a5ebd889c7a7
@@ -13,3 +13,4 @@ SHA1 (patch-encoding.c) = 6cf0a7d421828b
 SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
 SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
 SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-xzlib.c) = eb20e3ef1504dacf1363f86c662918365306e84c

Added files:

Index: pkgsrc/textproc/libxml2/patches/patch-xzlib.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-xzlib.c:1.3
--- /dev/null	Wed Jun 20 18:22:45 2018
+++ pkgsrc/textproc/libxml2/patches/patch-xzlib.c	Wed Jun 20 18:22:45 2018
@@ -0,0 +1,17 @@
+$NetBSD: patch-xzlib.c,v 1.3 2018/06/20 18:22:45 tez Exp $
+
+Fix for CVE-2018-9251 from https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+--- xzlib.c.orig	2018-06-20 16:11:09.322482100 +0000
++++ xzlib.c
+@@ -575,6 +575,10 @@ xz_decomp(xz_statep state)
+         } else                  /* state->how == LZMA */
+ #endif
+             ret = lzma_code(strm, action);
++        if (ret == LZMA_MEMLIMIT_ERROR) {
++            xz_error(state, LZMA_MEMLIMIT_ERROR, "memory limit error");
++            return -1;
++        }
+         if (ret == LZMA_MEM_ERROR) {
+             xz_error(state, LZMA_MEM_ERROR, "out of memory");
+             return -1;


--_----------=_1529518965115920--