aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-12-07 10:13:53 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-12-17 13:08:52 +0000
commit29108eff93d25510d7095cc147a7cea36b4e0c6a (patch)
tree3cc492534be014ba2a42984c9598b9aff408c925
parent0c70871294198eb9a0e2b6fb63b5a7f4a49225f0 (diff)
downloadaports-29108eff93d25510d7095cc147a7cea36b4e0c6a.tar.bz2
aports-29108eff93d25510d7095cc147a7cea36b4e0c6a.tar.xz
main/libxml2: fix CVE-2012-5134
fixes #1487 (cherry picked from commit a19dcca62117d3b62e98097b12ca9ba5311ca693)
-rw-r--r--main/libxml2/APKBUILD6
-rw-r--r--main/libxml2/CVE-2012-5134.patch21
2 files changed, 25 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 0da46a37d6..2dab74559b 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.0
-pkgrel=0
+pkgrel=1
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -12,6 +12,7 @@ depends_dev="zlib-dev python-dev"
makedepends="zlib-dev python-dev"
subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils"
source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ CVE-2012-5134.patch
"
options="!strip"
@@ -59,4 +60,5 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="5b9bebf4f5d2200ae2c4efe8fa6103f7 libxml2-2.9.0.tar.gz"
+md5sums="5b9bebf4f5d2200ae2c4efe8fa6103f7 libxml2-2.9.0.tar.gz
+fe428448d74481d7547bc173cb40ef26 CVE-2012-5134.patch"
diff --git a/main/libxml2/CVE-2012-5134.patch b/main/libxml2/CVE-2012-5134.patch
new file mode 100644
index 0000000000..70905aaa75
--- /dev/null
+++ b/main/libxml2/CVE-2012-5134.patch
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ goto error;
+
+ if ((in_space) && (normalize)) {
+- while (buf[len - 1] == 0x20) len--;
++ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+ }
+ buf[len] = 0;
+ if (RAW == '<') {
+--
+cgit v0.9.0.2