Mon Jan 3 12:17:43 2011 UTC ()

add 3 patches from gnome git:
-fix realloc error handling bug
-fix potential double free (CVE-2010-4494 / SA42721)
bump PKGREVISION


(drochner)

diff -r1.106 -r1.107 pkgsrc/textproc/libxml2/Makefile
diff -r1.81 -r1.82 pkgsrc/textproc/libxml2/distinfo
diff -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-ak

--- pkgsrc/textproc/libxml2/Makefile 2010/11/26 13:43:24 1.106
+++ pkgsrc/textproc/libxml2/Makefile 2011/01/03 12:17:43 1.107

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.106 2010/11/26 13:43:24 drochner Exp $
+# $NetBSD: Makefile,v 1.107 2011/01/03 12:17:43 drochner Exp $
 DISTNAME=	libxml2-2.7.8
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
 #MASTER_SITES=	${MASTER_SITE_GNOME:=sources/libxml2/2.7/}
 MAINTAINER=	recht@NetBSD.org
 HOMEPAGE=	http://xmlsoft.org/
 COMMENT=	XML parser library from the GNOME project
 LICENSE=	modified-bsd
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir

--- pkgsrc/textproc/libxml2/distinfo 2010/11/26 13:43:24 1.81
+++ pkgsrc/textproc/libxml2/distinfo 2011/01/03 12:17:43 1.82

 @@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.81 2010/11/26 13:43:24 drochner Exp $
+$NetBSD: distinfo,v 1.82 2011/01/03 12:17:43 drochner Exp $
 SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40
 RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47
 Size (libxml2-2.7.8.tar.gz) = 4881808 bytes
 SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3
 SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a
 SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
 SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
 SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd
 SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b
 SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4
 SHA1 (patch-ak) = 7cec0f12a89087df91c0e1d84400a6b91df56211

$NetBSD: patch-ak,v 1.1 2011/01/03 12:17:43 drochner Exp $

from gnome git:
-fix realloc bug
-fix CVE-2010-4494 / SA42721

--- xpath.c.orig	2010-11-03 19:18:27.000000000 +0000
+++ xpath.c
@@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
     } else if (cur->nodeNr == cur->nodeMax) {
         xmlNodePtr *temp;
 
-        cur->nodeMax *= 2;
-	temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
+	temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
 				      sizeof(xmlNodePtr));
 	if (temp == NULL) {
 	    xmlXPathErrMemory(NULL, "growing nodeset\n");
 	    return;
 	}
+        cur->nodeMax *= 2;
 	cur->nodeTab = temp;
     }
     if (val->type == XML_NAMESPACE_DECL) {
@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm
 
 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
 	        xmlXPathObjectPtr tmp;
-		/* pop the result */
+		/* pop the result if any */
 		tmp = valuePop(ctxt);
-		xmlXPathReleaseObject(xpctxt, tmp);
-		/* then pop off contextObj, which will be freed later */
-		valuePop(ctxt);
+                if (tmp != contextObj) {
+                    /*
+                     * Free up the result
+                     * then pop off contextObj, which will be freed later
+                     */
+                    xmlXPathReleaseObject(xpctxt, tmp);
+                    valuePop(ctxt);
+                }
 		goto evaluation_error;
 	    }