main/libxml2: add missing patch files

author: Leonardo Arena <rnalrd@alpinelinux.org> 2016-06-02 07:30:36 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2016-06-02 07:30:36 +0000
commit: b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a (patch)
tree: e365a4c5de6a2937aa30689741c73111d9bcff34
parent: 1a6904e01ed53e8b2fb97320a216979c4f1cc21c (diff)
download: aports-b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a.tar.bz2
aports-b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a.tar.xz
4 files changed, 109 insertions, 1 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 28e63261f7..5ffcd2afbe 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=libxml2
 pkgver=2.9.1
-pkgrel=4
+pkgrel=5
 pkgdesc="XML parsing library, version 2"
 url="http://www.xmlsoft.org/"
 arch="all"
diff --git a/main/libxml2/CVE-2015-8241.patch b/main/libxml2/CVE-2015-8241.patch
new file mode 100644
index 0000000000..2108f569b3
--- /dev/null
+++ b/main/libxml2/CVE-2015-8241.patch
@@ -0,0 +1,35 @@
+From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
+From: Hugh Davenport <hugh@allthethings.co.nz>
+Date: Tue, 3 Nov 2015 20:40:49 +0800
+Subject: Avoid extra processing of MarkupDecl when EOF
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756263
+
+One place where ctxt->instate == XML_PARSER_EOF whic was set up
+by entity detection issues doesn't get noticed, and even overrided
+---
+ parser.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d67b300..134afe7 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) {
+ 	    xmlParsePI(ctxt);
+ 	}
+     }
++
++    /*
++     * detect requirement to exit there and act accordingly
++     * and avoid having instate overriden later on
++     */
++    if (ctxt->instate == XML_PARSER_EOF)
++        return;
++
+     /*
+      * This is only for internal subset. On external entities,
+      * the replacement is done before parsing stage
+-- 
+cgit v0.12
+
diff --git a/main/libxml2/CVE-2015-8317-1.patch b/main/libxml2/CVE-2015-8317-1.patch
new file mode 100644
index 0000000000..3075d527e9
--- /dev/null
+++ b/main/libxml2/CVE-2015-8317-1.patch
@@ -0,0 +1,38 @@
+From 9aa37588ee78a06ca1379a9d9356eab16686099c Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Jun 2015 09:08:25 +0800
+Subject: Do not process encoding values if the declaration if broken
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751603
+
+If the string is not properly terminated do not try to convert
+to the given encoding.
+---
+ parser.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index fe603ac..a3a9568 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10404,6 +10404,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ 	    encoding = xmlParseEncName(ctxt);
+ 	    if (RAW != '"') {
+ 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++		xmlFree((xmlChar *) encoding);
++		return(NULL);
+ 	    } else
+ 	        NEXT;
+ 	} else if (RAW == '\''){
+@@ -10411,6 +10413,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ 	    encoding = xmlParseEncName(ctxt);
+ 	    if (RAW != '\'') {
+ 		xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL);
++		xmlFree((xmlChar *) encoding);
++		return(NULL);
+ 	    } else
+ 	        NEXT;
+ 	} else {
+-- 
+cgit v0.12
+
diff --git a/main/libxml2/CVE-2015-8317-2.patch b/main/libxml2/CVE-2015-8317-2.patch
new file mode 100644
index 0000000000..3f4241d542
--- /dev/null
+++ b/main/libxml2/CVE-2015-8317-2.patch
@@ -0,0 +1,35 @@
+From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Jun 2015 16:10:26 +0800
+Subject: Fail parsing early on if encoding conversion failed
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=751631
+
+If we fail conversing the current input stream while
+processing the encoding declaration of the XMLDecl
+then it's safer to just abort there and not try to
+report further errors.
+---
+ parser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index a3a9568..0edd53b 100644
+--- a/parser.c
++++ b/parser.c
+@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
+ 
+             handler = xmlFindCharEncodingHandler((const char *) encoding);
+ 	    if (handler != NULL) {
+-		xmlSwitchToEncoding(ctxt, handler);
++		if (xmlSwitchToEncoding(ctxt, handler) < 0) {
++		    /* failed to convert */
++		    ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
++		    return(NULL);
++		}
+ 	    } else {
+ 		xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
+ 			"Unsupported encoding %s\n", encoding);
+-- 
+cgit v0.12
+
author	Leonardo Arena <rnalrd@alpinelinux.org>	2016-06-02 07:30:36 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2016-06-02 07:30:36 +0000
commit	b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a (patch)
tree	e365a4c5de6a2937aa30689741c73111d9bcff34
parent	1a6904e01ed53e8b2fb97320a216979c4f1cc21c (diff)
download	aports-b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a.tar.bz2 aports-b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a.tar.xz