Thu Oct 9 15:01:27 2008 UTC ()
Add a fix for CVE-2008-4409 (also known as CVE-2008-4422) from the
GNOME bugzilla. Bump package revision.


(tron)
diff -r1.94 -r1.95 pkgsrc/textproc/libxml2/Makefile
diff -r1.66 -r1.67 pkgsrc/textproc/libxml2/distinfo
diff -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-af
cvs diff -r1.94 -r1.95 pkgsrc/textproc/libxml2/Makefile (expand / switch to unified diff)

--- pkgsrc/textproc/libxml2/Makefile 2008/09/06 14:58:34 1.94
+++ pkgsrc/textproc/libxml2/Makefile 2008/10/09 15:01:27 1.95
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1# $NetBSD: Makefile,v 1.94 2008/09/06 14:58:34 wiz Exp $ 1# $NetBSD: Makefile,v 1.95 2008/10/09 15:01:27 tron Exp $
2 2
3DISTNAME= libxml2-2.7.1 3DISTNAME= libxml2-2.7.1
 4PKGREVISION= 1
4CATEGORIES= textproc 5CATEGORIES= textproc
5MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ 6MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
6 http://xmlsoft.org/sources/ 7 http://xmlsoft.org/sources/
7#MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} 8#MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/}
8 9
9MAINTAINER= recht@NetBSD.org 10MAINTAINER= recht@NetBSD.org
10HOMEPAGE= http://xmlsoft.org/ 11HOMEPAGE= http://xmlsoft.org/
11COMMENT= XML parser library from the GNOME project 12COMMENT= XML parser library from the GNOME project
12 13
13PKG_INSTALLATION_TYPES= overwrite pkgviews 14PKG_INSTALLATION_TYPES= overwrite pkgviews
14PKG_DESTDIR_SUPPORT= user-destdir 15PKG_DESTDIR_SUPPORT= user-destdir
15 16
16USE_TOOLS+= gmake 17USE_TOOLS+= gmake
cvs diff -r1.66 -r1.67 pkgsrc/textproc/libxml2/distinfo (expand / switch to unified diff)

--- pkgsrc/textproc/libxml2/distinfo 2008/09/06 14:58:34 1.66
+++ pkgsrc/textproc/libxml2/distinfo 2008/10/09 15:01:27 1.67
@@ -1,10 +1,11 @@ @@ -1,10 +1,11 @@
1$NetBSD: distinfo,v 1.66 2008/09/06 14:58:34 wiz Exp $ 1$NetBSD: distinfo,v 1.67 2008/10/09 15:01:27 tron Exp $
2 2
3SHA1 (libxml2-2.7.1.tar.gz) = 54b2d24ce0b716054628303bff47cf0db2966d84 3SHA1 (libxml2-2.7.1.tar.gz) = 54b2d24ce0b716054628303bff47cf0db2966d84
4RMD160 (libxml2-2.7.1.tar.gz) = 4de3732c39efa95b63abbd60dbb74357075faf63 4RMD160 (libxml2-2.7.1.tar.gz) = 4de3732c39efa95b63abbd60dbb74357075faf63
5Size (libxml2-2.7.1.tar.gz) = 4769568 bytes 5Size (libxml2-2.7.1.tar.gz) = 4769568 bytes
6SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 6SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3
7SHA1 (patch-ab) = a8dc745539528db69bf1ccb8977a69c24fa818e3 7SHA1 (patch-ab) = a8dc745539528db69bf1ccb8977a69c24fa818e3
8SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e 8SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
9SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 9SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
10SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8 10SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8
 11SHA1 (patch-af) = 53757ead74ac0f3bba68adee89a65fcfa544fc59
File Added: pkgsrc/textproc/libxml2/patches/Attic/patch-af
$NetBSD: patch-af,v 1.1 2008/10/09 15:01:27 tron Exp $

Patch for CVE-2008-4409 taken from here:

http://bugzilla.gnome.org/show_bug.cgi?id=554660
http://bugzilla.gnome.org/attachment.cgi?id=119824

--- parser.c.orig	2008-09-01 07:22:40.000000000 +0100
+++ parser.c	2008-10-09 15:22:55.000000000 +0100
@@ -7225,8 +7225,10 @@
      * Predefined entites override any extra definition
      */
     ent = xmlGetPredefinedEntity(name);
-    if (ent != NULL)
+    if (ent != NULL) {
+        *str = ptr;
         return(ent);
+    }
 
     /*
      * Increate the number of entity references parsed