add 3 patches from gnome git: -fix realloc error handling bug -fix potential double free (CVE-2010-4494 / SA42721) bump PKGREVISIONdiff -r1.106 -r1.107 pkgsrc/textproc/libxml2/Makefile
(drochner)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.106 2010/11/26 13:43:24 drochner Exp $ | 1 | # $NetBSD: Makefile,v 1.107 2011/01/03 12:17:43 drochner Exp $ | |
2 | 2 | |||
3 | DISTNAME= libxml2-2.7.8 | 3 | DISTNAME= libxml2-2.7.8 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= textproc | 5 | CATEGORIES= textproc | |
6 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | 6 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | |
7 | http://xmlsoft.org/sources/ | 7 | http://xmlsoft.org/sources/ | |
8 | #MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} | 8 | #MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} | |
9 | 9 | |||
10 | MAINTAINER= recht@NetBSD.org | 10 | MAINTAINER= recht@NetBSD.org | |
11 | HOMEPAGE= http://xmlsoft.org/ | 11 | HOMEPAGE= http://xmlsoft.org/ | |
12 | COMMENT= XML parser library from the GNOME project | 12 | COMMENT= XML parser library from the GNOME project | |
13 | LICENSE= modified-bsd | 13 | LICENSE= modified-bsd | |
14 | 14 | |||
15 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 15 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
16 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
17 | 17 |
@@ -1,12 +1,13 @@ | @@ -1,12 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.81 2010/11/26 13:43:24 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.82 2011/01/03 12:17:43 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40 | 3 | SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40 | |
4 | RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47 | 4 | RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47 | |
5 | Size (libxml2-2.7.8.tar.gz) = 4881808 bytes | 5 | Size (libxml2-2.7.8.tar.gz) = 4881808 bytes | |
6 | SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 | 6 | SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 | |
7 | SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a | 7 | SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a | |
8 | SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e | 8 | SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e | |
9 | SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 | 9 | SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 | |
10 | SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd | 10 | SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd | |
11 | SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b | 11 | SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b | |
12 | SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4 | 12 | SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4 | |
13 | SHA1 (patch-ak) = 7cec0f12a89087df91c0e1d84400a6b91df56211 |
$NetBSD: patch-ak,v 1.1 2011/01/03 12:17:43 drochner Exp $
from gnome git:
-fix realloc bug
-fix CVE-2010-4494 / SA42721
--- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000
+++ xpath.c
@@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
- cur->nodeMax *= 2;
- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "growing nodeset\n");
return;
}
+ cur->nodeMax *= 2;
cur->nodeTab = temp;
}
if (val->type == XML_NAMESPACE_DECL) {
@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
xmlXPathObjectPtr tmp;
- /* pop the result */
+ /* pop the result if any */
tmp = valuePop(ctxt);
- xmlXPathReleaseObject(xpctxt, tmp);
- /* then pop off contextObj, which will be freed later */
- valuePop(ctxt);
+ if (tmp != contextObj) {
+ /*
+ * Free up the result
+ * then pop off contextObj, which will be freed later
+ */
+ xmlXPathReleaseObject(xpctxt, tmp);
+ valuePop(ctxt);
+ }
goto evaluation_error;
}