Document and fix a off-by-one vulnability in libxml2.

Obtained from:	libxml upstream
Security:	b8ae4659-a0da-11e1-a294-bcaec565249c

2 files changed, 43 insertions, 3 deletions

diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 9d4a58567d84..309ec2a130f9 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -13,10 +13,9 @@
 
 PORTNAME=	libxml2
 PORTVERSION=	2.7.8
-PORTREVISION?=	2
+PORTREVISION?=	3
 CATEGORIES?=	textproc gnome
-MASTER_SITES=	ftp://fr.rpmfind.net/pub/libxml/ \
-		ftp://gd.tuwien.ac.at/pub/libxml/ \
+MASTER_SITES=	ftp://gd.tuwien.ac.at/pub/libxml/ \
 		ftp://xmlsoft.org/libxml2/
 DIST_SUBDIR=	gnome2
 
diff --git a/textproc/libxml2/files/patch-xpointer.c b/textproc/libxml2/files/patch-xpointer.c
new file mode 100644
index 000000000000..877ea2a7d920
--- /dev/null
+++ b/textproc/libxml2/files/patch-xpointer.c
@@ -0,0 +1,41 @@
+From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
+From: Jüri Aedla <asd@ut.ee>
+Date: Mon, 07 May 2012 07:06:56 +0000
+Subject: Fix an off by one pointer access
+
+getting out of the range of memory allocated for xpointer decoding
+CVE-2011-3102
+
+---
+diff --git a/xpointer.c b/xpointer.c
+index 37afa3a..0b463dd 100644
+--- xpointer.c
++++ xpointer.c
+@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) {
+ 		NEXT;
+ 		break;
+ 	    }
+-	    *cur++ = CUR;
+ 	} else if (CUR == '(') {
+ 	    level++;
+-	    *cur++ = CUR;
+ 	} else if (CUR == '^') {
+-	    NEXT;
+-	    if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
+-		*cur++ = CUR;
+-	    } else {
+-		*cur++ = '^';
+-		*cur++ = CUR;
+-	    }
+-	} else {
+-	    *cur++ = CUR;
++            if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
++                NEXT;
++            }
+ 	}
++        *cur++ = CUR;
+ 	NEXT;
+     }
+     *cur = 0;
+--
+cgit v0.9.0.2