Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import of pkgsrc-2015Q3

Browse Source
This commit is contained in:
Lionel Sambuc
2015-10-03 03:37:01 -07:00
committed by Lionel Sambuc
parent f641581404
commit 9d819b6d54
7578 changed files with 228314 additions and 80018 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
textproc/libxml2/Makefile
View File

@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.137 2015/04/24 11:32:29 spz Exp $
# $NetBSD: Makefile,v 1.138 2015/07/03 18:55:46 he Exp $
DISTNAME= libxml2-2.9.2
PKGREVISION= 2
PKGREVISION= 3
CATEGORIES= textproc
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
http://xmlsoft.org/sources/

3
textproc/libxml2/distinfo
View File

@@ -1,8 +1,9 @@
$NetBSD: distinfo,v 1.106 2015/04/24 11:32:29 spz Exp $
$NetBSD: distinfo,v 1.107 2015/07/03 18:55:46 he Exp $
SHA1 (libxml2-2.9.2.tar.gz) = f46a37ea6d869f702e03f393c376760f3cbee673
RMD160 (libxml2-2.9.2.tar.gz) = 969b4ed8782f455fd4a6ca1c1b4ffa7651090070
Size (libxml2-2.9.2.tar.gz) = 5444991 bytes
SHA1 (patch-HTMLparser.c) = 46e062001d8c7688f9c938741dbd53e917169d1f
SHA1 (patch-aa) = 7d1213079cc78c9a28476c49f1283ab1c6af3b34
SHA1 (patch-ab) = bf8983fcde35edf0e450209bf07f0fa628f7bd9e
SHA1 (patch-ac) = 015a5903a86793bd770f16f251b94e5b2562b3f7

90
textproc/libxml2/patches/patch-HTMLparser.c Normal file
View File

@@ -0,0 +1,90 @@
$NetBSD: patch-HTMLparser.c,v 1.1 2015/07/03 18:55:46 he Exp $
Suggested patch for arbitrary-memory-access vulnerability, from
https://bugzilla.gnome.org/show_bug.cgi?id=746048
--- HTMLparser.c.orig 2014-10-06 10:48:11.000000000 +0000
+++ HTMLparser.c
@@ -3245,13 +3245,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt)
ctxt->instate = state;
return;
}
+ if ((ctxt->input->end - ctxt->input->cur) < 3) {
+ ctxt->instate = XML_PARSER_EOF;
+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment not terminated\n", NULL, NULL);
+ xmlFree(buf);
+ return;
+ }
q = CUR_CHAR(ql);
NEXTL(ql);
r = CUR_CHAR(rl);
NEXTL(rl);
cur = CUR_CHAR(l);
len = 0;
- while (IS_CHAR(cur) &&
+ while (((ctxt->input->end - ctxt->input->cur) > 0) && IS_CHAR(cur) &&
((cur != '>') ||
(r != '-') || (q != '-'))) {
if (len + 5 >= size) {
@@ -3281,7 +3288,7 @@ htmlParseComment(htmlParserCtxtPtr ctxt)
}
}
buf[len] = 0;
- if (!IS_CHAR(cur)) {
+ if (!(ctxt->input->end - ctxt->input->cur) || !IS_CHAR(cur)) {
htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
"Comment not terminated \n<!--%.50s\n", buf, NULL);
xmlFree(buf);
@@ -4465,6 +4472,7 @@ htmlParseContentInternal(htmlParserCtxtP
depth = ctxt->nameNr;
while (1) {
long cons = ctxt->nbChars;
+ long rem = ctxt->input->end - ctxt->input->cur;
GROW;
@@ -4540,7 +4548,7 @@ htmlParseContentInternal(htmlParserCtxtP
/*
* Sometimes DOCTYPE arrives in the middle of the document
*/
- if ((CUR == '<') && (NXT(1) == '!') &&
+ if ((rem >= 9) && (CUR == '<') && (NXT(1) == '!') &&
(UPP(2) == 'D') && (UPP(3) == 'O') &&
(UPP(4) == 'C') && (UPP(5) == 'T') &&
(UPP(6) == 'Y') && (UPP(7) == 'P') &&
@@ -4554,7 +4562,7 @@ htmlParseContentInternal(htmlParserCtxtP
/*
* First case : a comment
*/
- if ((CUR == '<') && (NXT(1) == '!') &&
+ if ((rem >= 4) && (CUR == '<') && (NXT(1) == '!') &&
(NXT(2) == '-') && (NXT(3) == '-')) {
htmlParseComment(ctxt);
}
@@ -4562,14 +4570,14 @@ htmlParseContentInternal(htmlParserCtxtP
/*
* Second case : a Processing Instruction.
*/
- else if ((CUR == '<') && (NXT(1) == '?')) {
+ else if ((rem >= 2) && (CUR == '<') && (NXT(1) == '?')) {
htmlParsePI(ctxt);
}
/*
* Third case : a sub-element.
*/
- else if (CUR == '<') {
+ else if ((rem >= 1) && (CUR == '<')) {
htmlParseElementInternal(ctxt);
if (currentNode != NULL) xmlFree(currentNode);
@@ -4581,7 +4589,7 @@ htmlParseContentInternal(htmlParserCtxtP
* Fourth case : a reference. If if has not been resolved,
* parsing returns it's Name, create the node
*/
- else if (CUR == '&') {
+ else if ((rem >= 1) && (CUR == '&')) {
htmlParseReference(ctxt);
}