Mon Jun 6 12:09:01 2011 UTC ()
addmore patches from upstream:
-fix more potential problems on reallocation failures (CVE-2011-1944)
-Fix memory corruption
also replace an error handling which doesn't recover from
integer overflow
bump PKGREV


(drochner)
diff -r1.108 -r1.109 pkgsrc/textproc/libxml2/Makefile
diff -r1.82 -r1.83 pkgsrc/textproc/libxml2/distinfo
diff -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/patch-ak
diff -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-al
cvs diff -r1.108 -r1.109 pkgsrc/textproc/libxml2/Makefile (expand / switch to unified diff)

--- pkgsrc/textproc/libxml2/Makefile 2011/02/28 14:53:04 1.108
+++ pkgsrc/textproc/libxml2/Makefile 2011/06/06 12:09:01 1.109
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.108 2011/02/28 14:53:04 wiz Exp $ 1# $NetBSD: Makefile,v 1.109 2011/06/06 12:09:01 drochner Exp $
2 2
3DISTNAME= libxml2-2.7.8 3DISTNAME= libxml2-2.7.8
4PKGREVISION= 2 4PKGREVISION= 3
5CATEGORIES= textproc 5CATEGORIES= textproc
6MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ 6MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
7 http://xmlsoft.org/sources/ 7 http://xmlsoft.org/sources/
8#MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/} 8#MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libxml2/2.7/}
9 9
10MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= http://xmlsoft.org/ 11HOMEPAGE= http://xmlsoft.org/
12COMMENT= XML parser library from the GNOME project 12COMMENT= XML parser library from the GNOME project
13LICENSE= modified-bsd 13LICENSE= modified-bsd
14 14
15PKG_INSTALLATION_TYPES= overwrite pkgviews 15PKG_INSTALLATION_TYPES= overwrite pkgviews
16PKG_DESTDIR_SUPPORT= user-destdir 16PKG_DESTDIR_SUPPORT= user-destdir
17 17
cvs diff -r1.82 -r1.83 pkgsrc/textproc/libxml2/distinfo (expand / switch to unified diff)

--- pkgsrc/textproc/libxml2/distinfo 2011/01/03 12:17:43 1.82
+++ pkgsrc/textproc/libxml2/distinfo 2011/06/06 12:09:01 1.83
@@ -1,13 +1,14 @@ @@ -1,13 +1,14 @@
1$NetBSD: distinfo,v 1.82 2011/01/03 12:17:43 drochner Exp $ 1$NetBSD: distinfo,v 1.83 2011/06/06 12:09:01 drochner Exp $
2 2
3SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40 3SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40
4RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47 4RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47
5Size (libxml2-2.7.8.tar.gz) = 4881808 bytes 5Size (libxml2-2.7.8.tar.gz) = 4881808 bytes
6SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3 6SHA1 (patch-aa) = bf7db00ddf8a36394521baf656cf83d99bd9cbd3
7SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a 7SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a
8SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e 8SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
9SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 9SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
10SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd 10SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd
11SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b 11SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b
12SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4 12SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4
13SHA1 (patch-ak) = 7cec0f12a89087df91c0e1d84400a6b91df56211 13SHA1 (patch-ak) = 73796d55e21d6b7dae79ac1a2abee4bc64116dbc
 14SHA1 (patch-al) = e5be144291a46c1b5e9720ac9d02c1fb00c6ea20
cvs diff -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/Attic/patch-ak (expand / switch to unified diff)

--- pkgsrc/textproc/libxml2/patches/Attic/patch-ak 2011/01/03 12:17:43 1.1
+++ pkgsrc/textproc/libxml2/patches/Attic/patch-ak 2011/06/06 12:09:01 1.2
@@ -1,38 +1,152 @@ @@ -1,38 +1,152 @@
1$NetBSD: patch-ak,v 1.1 2011/01/03 12:17:43 drochner Exp $ 1$NetBSD: patch-ak,v 1.2 2011/06/06 12:09:01 drochner Exp $
2 2
3from gnome git: 3from gnome git:
4-fix realloc bug 4-fix realloc bugs (CVE-2011-1944)
5-fix CVE-2010-4494 / SA42721 5-fix CVE-2010-4494 / SA42721
6 6
7--- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000 7--- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000
8+++ xpath.c 8+++ xpath.c
9@@ -3575,13 +3575,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm 9@@ -722,14 +722,13 @@ xmlXPathCompExprAdd(xmlXPathCompExprPtr
 10 if (comp->nbStep >= comp->maxStep) {
 11 xmlXPathStepOp *real;
 12
 13- comp->maxStep *= 2;
 14 real = (xmlXPathStepOp *) xmlRealloc(comp->steps,
 15- comp->maxStep * sizeof(xmlXPathStepOp));
 16+ comp->maxStep * 2 * sizeof(xmlXPathStepOp));
 17 if (real == NULL) {
 18- comp->maxStep /= 2;
 19 xmlXPathErrMemory(NULL, "adding step\n");
 20 return(-1);
 21 }
 22+ comp->maxStep *= 2;
 23 comp->steps = real;
 24 }
 25 comp->last = comp->nbStep;
 26@@ -3522,13 +3521,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
 27 } else if (cur->nodeNr == cur->nodeMax) {
 28 xmlNodePtr *temp;
 29
 30- cur->nodeMax *= 2;
 31- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
 32+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
 33 sizeof(xmlNodePtr));
 34 if (temp == NULL) {
 35 xmlXPathErrMemory(NULL, "growing nodeset\n");
 36 return;
 37 }
 38+ cur->nodeMax *= 2;
 39 cur->nodeTab = temp;
 40 }
 41 cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns);
 42@@ -3575,13 +3574,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
10 } else if (cur->nodeNr == cur->nodeMax) { 43 } else if (cur->nodeNr == cur->nodeMax) {
11 xmlNodePtr *temp; 44 xmlNodePtr *temp;
12  45
13- cur->nodeMax *= 2; 46- cur->nodeMax *= 2;
14- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 47- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
15+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * 48+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
16 sizeof(xmlNodePtr)); 49 sizeof(xmlNodePtr));
17 if (temp == NULL) { 50 if (temp == NULL) {
18 xmlXPathErrMemory(NULL, "growing nodeset\n"); 51 xmlXPathErrMemory(NULL, "growing nodeset\n");
19 return; 52 return;
20 } 53 }
21+ cur->nodeMax *= 2; 54+ cur->nodeMax *= 2;
22 cur->nodeTab = temp; 55 cur->nodeTab = temp;
23 } 56 }
24 if (val->type == XML_NAMESPACE_DECL) { 57 if (val->type == XML_NAMESPACE_DECL) {
25@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm 58@@ -3627,14 +3626,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
 59 } else if (cur->nodeNr == cur->nodeMax) {
 60 xmlNodePtr *temp;
 61
 62- cur->nodeMax *= 2;
 63- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
 64+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
 65 sizeof(xmlNodePtr));
 66 if (temp == NULL) {
 67 xmlXPathErrMemory(NULL, "growing nodeset\n");
 68 return;
 69 }
 70 cur->nodeTab = temp;
 71+ cur->nodeMax *= 2;
 72 }
 73 if (val->type == XML_NAMESPACE_DECL) {
 74 xmlNsPtr ns = (xmlNsPtr) val;
 75@@ -3738,13 +3737,13 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
 76 } else if (val1->nodeNr == val1->nodeMax) {
 77 xmlNodePtr *temp;
 78
 79- val1->nodeMax *= 2;
 80- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax *
 81+ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 *
 82 sizeof(xmlNodePtr));
 83 if (temp == NULL) {
 84 xmlXPathErrMemory(NULL, "merging nodeset\n");
 85 return(NULL);
 86 }
 87+ val1->nodeMax *= 2;
 88 val1->nodeTab = temp;
 89 }
 90 if (n2->type == XML_NAMESPACE_DECL) {
 91@@ -3800,13 +3799,13 @@ xmlXPathNodeSetMergeUnique(xmlNodeSetPtr
 92 } else if (val1->nodeNr == val1->nodeMax) {
 93 xmlNodePtr *temp;
 94
 95- val1->nodeMax *= 2;
 96- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax *
 97+ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 *
 98 sizeof(xmlNodePtr));
 99 if (temp == NULL) {
 100 xmlXPathErrMemory(NULL, "merging nodeset\n");
 101 return(NULL);
 102 }
 103+ val1->nodeMax *= 2;
 104 val1->nodeTab = temp;
 105 }
 106 if (val2->nodeTab[i]->type == XML_NAMESPACE_DECL) {
 107@@ -3907,13 +3906,13 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
 108 } else if (set1->nodeNr >= set1->nodeMax) {
 109 xmlNodePtr *temp;
 110
 111- set1->nodeMax *= 2;
 112 temp = (xmlNodePtr *) xmlRealloc(
 113- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr));
 114+ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
 115 if (temp == NULL) {
 116 xmlXPathErrMemory(NULL, "merging nodeset\n");
 117 return(NULL);
 118 }
 119+ set1->nodeMax *= 2;
 120 set1->nodeTab = temp;
 121 }
 122 if (n2->type == XML_NAMESPACE_DECL) {
 123@@ -3991,13 +3990,13 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
 124 } else if (set1->nodeNr >= set1->nodeMax) {
 125 xmlNodePtr *temp;
 126
 127- set1->nodeMax *= 2;
 128 temp = (xmlNodePtr *) xmlRealloc(
 129- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr));
 130+ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
 131 if (temp == NULL) {
 132 xmlXPathErrMemory(NULL, "merging nodeset\n");
 133 return(NULL);
 134 }
 135+ set1->nodeMax *= 2;
 136 set1->nodeTab = temp;
 137 }
 138 set1->nodeTab[set1->nodeNr++] = n2;
 139@@ -11763,11 +11762,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm
26  140
27 if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { 141 if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
28 xmlXPathObjectPtr tmp; 142 xmlXPathObjectPtr tmp;
29- /* pop the result */ 143- /* pop the result */
30+ /* pop the result if any */ 144+ /* pop the result if any */
31 tmp = valuePop(ctxt); 145 tmp = valuePop(ctxt);
32- xmlXPathReleaseObject(xpctxt, tmp); 146- xmlXPathReleaseObject(xpctxt, tmp);
33- /* then pop off contextObj, which will be freed later */ 147- /* then pop off contextObj, which will be freed later */
34- valuePop(ctxt); 148- valuePop(ctxt);
35+ if (tmp != contextObj) { 149+ if (tmp != contextObj) {
36+ /* 150+ /*
37+ * Free up the result 151+ * Free up the result
38+ * then pop off contextObj, which will be freed later 152+ * then pop off contextObj, which will be freed later
File Added: pkgsrc/textproc/libxml2/patches/Attic/patch-al
$NetBSD: patch-al,v 1.1 2011/06/06 12:09:01 drochner Exp $

from gnome git: Fix memory corruption

--- parser.c.orig	2010-11-04 15:55:45.000000000 +0000
+++ parser.c
@@ -6992,6 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
 		    ent->owner = 1;
 		    while (list != NULL) {
 			list->parent = (xmlNodePtr) ent;
+			xmlSetTreeDoc(list, ent->doc);
 			if (list->next == NULL)
 			    ent->last = list;
 			list = list->next;