'CVS commit: pkgsrc/textproc/libxml2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pkgsrc-changes
Subject:    CVS commit: pkgsrc/textproc/libxml2
From:       "Sevan Janiyan" <sevan () netbsd ! org>
Date:       2016-11-30 14:46:22
Message-ID: 20161130144622.EBF8EFBA6 () cvs ! NetBSD ! org
[Download RAW message or body]

This is a multi-part message in MIME format.

--_----------=_14805171825250
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	sevan
Date:		Wed Nov 30 14:46:22 UTC 2016

Modified Files:
	pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
	pkgsrc/textproc/libxml2/patches: patch-parseInternals.c

Log Message:
Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.112 -r1.113 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-parseInternals.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_14805171825250
Content-Disposition: inline
Content-Length: 2828
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/textproc/libxml2/Makefile.common
diff -u pkgsrc/textproc/libxml2/Makefile.common:1.2 pkgsrc/textproc/libxml2/Makefile.common:1.3
--- pkgsrc/textproc/libxml2/Makefile.common:1.2	Sat May 28 06:47:51 2016
+++ pkgsrc/textproc/libxml2/Makefile.common	Wed Nov 30 14:46:22 2016
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2 2016/05/28 06:47:51 wiz Exp $
+# $NetBSD: Makefile.common,v 1.3 2016/11/30 14:46:22 sevan Exp $
 #
 # used by textproc/libxml2/Makefile
 # used by textproc/py-libxml2/Makefile
 
 DISTNAME=	libxml2-2.9.4
+PKGREVISION=	1
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/

Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.112 pkgsrc/textproc/libxml2/distinfo:1.113
--- pkgsrc/textproc/libxml2/distinfo:1.112	Wed May 25 07:16:36 2016
+++ pkgsrc/textproc/libxml2/distinfo	Wed Nov 30 14:46:22 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.112 2016/05/25 07:16:36 he Exp $
+$NetBSD: distinfo,v 1.113 2016/11/30 14:46:22 sevan Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -10,6 +10,7 @@ SHA1 (patch-ac) = 34afe787f6012b460a85be
 SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
+SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
 SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959

Added files:

Index: pkgsrc/textproc/libxml2/patches/patch-parseInternals.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-parseInternals.c:1.1
--- /dev/null	Wed Nov 30 14:46:22 2016
+++ pkgsrc/textproc/libxml2/patches/patch-parseInternals.c	Wed Nov 30 14:46:22 2016
@@ -0,0 +1,18 @@
+$NetBSD: patch-parseInternals.c,v 1.1 2016/11/30 14:46:22 sevan Exp $
+
+CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
+
+--- parserInternals.c.orig	2016-11-30 14:35:55.000000000 +0000
++++ parserInternals.c
+@@ -1438,6 +1438,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr
+                 break;
+             case XML_EXTERNAL_GENERAL_PARSED_ENTITY:
+             case XML_EXTERNAL_PARAMETER_ENTITY:
++		if (((ctxt->options & XML_PARSE_NOENT) == 0) &&
++		    ((ctxt->options & XML_PARSE_DTDVALID) == 0)) {
++		    xmlErrInternal(ctxt, "xmlNewEntityInputStream will not read content for external entity\n",
++				    NULL);
++		}
+ 		return(xmlLoadExternalEntity((char *) entity->URI,
+ 		       (char *) entity->ExternalID, ctxt));
+             case XML_INTERNAL_GENERAL_ENTITY:


--_----------=_14805171825250--

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic