diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-07 10:13:53 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-17 13:08:52 +0000 |
commit | 29108eff93d25510d7095cc147a7cea36b4e0c6a (patch) | |
tree | 3cc492534be014ba2a42984c9598b9aff408c925 | |
parent | 0c70871294198eb9a0e2b6fb63b5a7f4a49225f0 (diff) | |
download | aports-29108eff93d25510d7095cc147a7cea36b4e0c6a.tar.bz2 aports-29108eff93d25510d7095cc147a7cea36b4e0c6a.tar.xz |
main/libxml2: fix CVE-2012-5134
fixes #1487
(cherry picked from commit a19dcca62117d3b62e98097b12ca9ba5311ca693)
-rw-r--r-- | main/libxml2/APKBUILD | 6 | ||||
-rw-r--r-- | main/libxml2/CVE-2012-5134.patch | 21 |
2 files changed, 25 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 0da46a37d6..2dab74559b 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.9.0 -pkgrel=0 +pkgrel=1 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -12,6 +12,7 @@ depends_dev="zlib-dev python-dev" makedepends="zlib-dev python-dev" subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils" source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz + CVE-2012-5134.patch " options="!strip" @@ -59,4 +60,5 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="5b9bebf4f5d2200ae2c4efe8fa6103f7 libxml2-2.9.0.tar.gz" +md5sums="5b9bebf4f5d2200ae2c4efe8fa6103f7 libxml2-2.9.0.tar.gz +fe428448d74481d7547bc173cb40ef26 CVE-2012-5134.patch" diff --git a/main/libxml2/CVE-2012-5134.patch b/main/libxml2/CVE-2012-5134.patch new file mode 100644 index 0000000000..70905aaa75 --- /dev/null +++ b/main/libxml2/CVE-2012-5134.patch @@ -0,0 +1,21 @@ +From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Mon, 29 Oct 2012 02:39:55 +0000 +Subject: Fix potential out of bound access + +--- +diff --git a/parser.c b/parser.c +index 0d8d7f2..bd634e9 100644 +--- a/parser.c ++++ b/parser.c +@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + goto error; + + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +-- +cgit v0.9.0.2 |