diff options
| author | miwi <miwi@FreeBSD.org> | 2011-11-13 00:05:28 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2011-11-13 00:05:28 +0800 |
| commit | 44010ff2858dd177334d3e7024a1832c5c3d8ab1 (patch) | |
| tree | 97f64027c80e4ec0b729497de0705da1d046066e /textproc/libxml | |
| parent | 4f3cc47a3de2ec659f33d936622dd8395931399b (diff) | |
| download | freebsd-ports-gnome-44010ff2858dd177334d3e7024a1832c5c3d8ab1.tar.gz freebsd-ports-gnome-44010ff2858dd177334d3e7024a1832c5c3d8ab1.tar.zst freebsd-ports-gnome-44010ff2858dd177334d3e7024a1832c5c3d8ab1.zip | |
- Add patches to fix
CVS-2009-2414
CVS-2009-2416
CVS-2011-1944
Discussion with:bapt
Approved by: secteam (myself)
Obtained from: fedora/gentoo
Security: http://www.vuxml.org/freebsd/ce4b3af8-0b7c-11e1-846b-00235409fd3e.html
http://www.vuxml.org/freebsd/ce4b3af8-0b7c-11e1-846b-00235409fd3e.html
http://www.vuxml.org/freebsd/5a7d4110-0b7a-11e1-846b-00235409fd3e.html
Feature safe: yes
Diffstat (limited to 'textproc/libxml')
| -rw-r--r-- | textproc/libxml/Makefile | 2 | ||||
| -rw-r--r-- | textproc/libxml/files/patch-CVS-2009-2414-2416.patch | 96 | ||||
| -rw-r--r-- | textproc/libxml/files/patch-CVS-2011-1944.patch | 36 |
3 files changed, 133 insertions, 1 deletions
diff --git a/textproc/libxml/Makefile b/textproc/libxml/Makefile index e4f5df37736d..1ecf7215f419 100644 --- a/textproc/libxml/Makefile +++ b/textproc/libxml/Makefile @@ -7,7 +7,7 @@ PORTNAME= libxml PORTVERSION= 1.8.17 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= textproc gnome MASTER_SITES= GNOME diff --git a/textproc/libxml/files/patch-CVS-2009-2414-2416.patch b/textproc/libxml/files/patch-CVS-2009-2414-2416.patch new file mode 100644 index 000000000000..2106a10b08b8 --- /dev/null +++ b/textproc/libxml/files/patch-CVS-2009-2414-2416.patch @@ -0,0 +1,96 @@ +--- parser.c.orig 2001-09-14 14:09:41.000000000 +0000 ++++ parser.c 2011-11-12 23:55:17.740815216 +0000 +@@ -5164,11 +5164,15 @@ + "Name expected in NOTATION declaration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + cur = xmlCreateEnumeration(name); + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5183,9 +5187,8 @@ + "')' required to finish NOTATION declaration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- if ((last != NULL) && (last != ret)) +- xmlFreeEnumeration(last); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); +@@ -5232,11 +5235,15 @@ + "NmToken expected in ATTLIST enumeration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + cur = xmlCreateEnumeration(name); + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; +@@ -5251,7 +5258,8 @@ + "')' required to finish ATTLIST enumeration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); +@@ -5715,13 +5723,25 @@ + xmlChar *elem; + xmlChar type = 0; + ++ if (ctxt->depth > 128) { ++ ctxt->errNo = XML_ERR_ELEMCONTENT_NOT_FINISHED; ++ if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) ++ ctxt->sax->error(ctxt->userData, ++ "xmlParseElementChildrenContentDecl : depth %d too deep\n", ++ ctxt->depth); ++ ctxt->wellFormed = 0; ++ ctxt->disableSAX = 1; ++ return(NULL); ++ } + SKIP_BLANKS; + GROW; + if (RAW == '(') { + /* Recurse on first child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + cur = ret = xmlParseElementChildrenContentDecl(ctxt); ++ ctxt->depth--; + SKIP_BLANKS; + GROW; + } else { +@@ -5865,7 +5885,9 @@ + /* Recurse on second child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + last = xmlParseElementChildrenContentDecl(ctxt); ++ ctxt->depth--; + SKIP_BLANKS; + } else { + elem = xmlParseNameComplex(ctxt); diff --git a/textproc/libxml/files/patch-CVS-2011-1944.patch b/textproc/libxml/files/patch-CVS-2011-1944.patch new file mode 100644 index 000000000000..443796a54990 --- /dev/null +++ b/textproc/libxml/files/patch-CVS-2011-1944.patch @@ -0,0 +1,36 @@ +--- xpath.c.orig 2000-06-28 19:33:51.000000000 +0100 ++++ xpath.c 2011-06-02 16:20:16.095097371 +0100 +@@ -179,13 +179,13 @@ + #define PUSH_AND_POP(type, name) \ + extern int name##Push(xmlXPathParserContextPtr ctxt, type value) { \ + if (ctxt->name##Nr >= ctxt->name##Max) { \ +- ctxt->name##Max *= 2; \ + ctxt->name##Tab = (void *) xmlRealloc(ctxt->name##Tab, \ +- ctxt->name##Max * sizeof(ctxt->name##Tab[0])); \ ++ ctxt->name##Max * 2 * sizeof(ctxt->name##Tab[0])); \ + if (ctxt->name##Tab == NULL) { \ + fprintf(xmlXPathDebug, "realloc failed !\n"); \ + return(0); \ + } \ ++ ctxt->name##Max *= 2; \ + } \ + ctxt->name##Tab[ctxt->name##Nr] = value; \ + ctxt->name = value; \ +@@ -418,14 +418,14 @@ + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + fprintf(xmlXPathDebug, "xmlXPathNodeSetAdd: out of memory\n"); + return; + } + cur->nodeTab = temp; ++ cur->nodeMax *= 2; + } + cur->nodeTab[cur->nodeNr++] = val; + } + |