Add a fix for CVE-2008-4409 (also known as CVE-2008-4422) from the GNOME bugzilla. Bump package revision.diff -r1.94 -r1.95 pkgsrc/textproc/libxml2/Makefile
(tron)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.94 2008/09/06 14:58:34 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.95 2008/10/09 15:01:27 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= libxml2-2.7.1 | 3 | DISTNAME= libxml2-2.7.1 | |
4 | PKGREVISION= 1 | |||
4 | CATEGORIES= textproc | 5 | CATEGORIES= textproc | |
5 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | 6 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | |
6 | http://xmlsoft.org/sources/ | 7 | http://xmlsoft.org/sources/ | |
7 | #MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} | 8 | #MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} | |
8 | 9 | |||
9 | MAINTAINER= recht@NetBSD.org | 10 | MAINTAINER= recht@NetBSD.org | |
10 | HOMEPAGE= http://xmlsoft.org/ | 11 | HOMEPAGE= http://xmlsoft.org/ | |
11 | COMMENT= XML parser library from the GNOME project | 12 | COMMENT= XML parser library from the GNOME project | |
12 | 13 | |||
13 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 14 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 16 | |||
16 | USE_TOOLS+= gmake | 17 | USE_TOOLS+= gmake |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.66 2008/09/06 14:58:34 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.67 2008/10/09 15:01:27 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (libxml2-2.7.1.tar.gz) = 54b2d24ce0b716054628303bff47cf0db2966d84 | 3 | SHA1 (libxml2-2.7.1.tar.gz) = 54b2d24ce0b716054628303bff47cf0db2966d84 | |
4 | RMD160 (libxml2-2.7.1.tar.gz) = 4de3732c39efa95b63abbd60dbb74357075faf63 | 4 | RMD160 (libxml2-2.7.1.tar.gz) = 4de3732c39efa95b63abbd60dbb74357075faf63 | |
5 | Size (libxml2-2.7.1.tar.gz) = 4769568 bytes | 5 | Size (libxml2-2.7.1.tar.gz) = 4769568 bytes | |
6 | SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 | 6 | SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 | |
7 | SHA1 (patch-ab) = a8dc745539528db69bf1ccb8977a69c24fa818e3 | 7 | SHA1 (patch-ab) = a8dc745539528db69bf1ccb8977a69c24fa818e3 | |
8 | SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e | 8 | SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e | |
9 | SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 | 9 | SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 | |
10 | SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8 | 10 | SHA1 (patch-ae) = b9176919edbf3582cb24aff53f7c4f291e2b78c8 | |
11 | SHA1 (patch-af) = 53757ead74ac0f3bba68adee89a65fcfa544fc59 |
$NetBSD: patch-af,v 1.1 2008/10/09 15:01:27 tron Exp $
Patch for CVE-2008-4409 taken from here:
http://bugzilla.gnome.org/show_bug.cgi?id=554660
http://bugzilla.gnome.org/attachment.cgi?id=119824
--- parser.c.orig 2008-09-01 07:22:40.000000000 +0100
+++ parser.c 2008-10-09 15:22:55.000000000 +0100
@@ -7225,8 +7225,10 @@
* Predefined entites override any extra definition
*/
ent = xmlGetPredefinedEntity(name);
- if (ent != NULL)
+ if (ent != NULL) {
+ *str = ptr;
return(ent);
+ }
/*
* Increate the number of entity references parsed