diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2011-10-12 07:16:23 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2011-10-12 07:16:23 +0000 |
| commit | 6cdf640e23e89342a88cbeb99d6fb123ef21c77e (patch) | |
| tree | dca66f9a8f7fe2f7ac7fbbbe24a6556070560d55 /main/libxml2 | |
| parent | 21b58d82cd057365c7a9dc6643b6f4c602091b6b (diff) | |
| download | aports-6cdf640e23e89342a88cbeb99d6fb123ef21c77e.tar.bz2 aports-6cdf640e23e89342a88cbeb99d6fb123ef21c77e.tar.xz | |
main/libxml2: security update CVE-2011-1944, BID 48056
Diffstat (limited to 'main/libxml2')
| -rw-r--r-- | main/libxml2/APKBUILD | 8 | ||||
| -rw-r--r-- | main/libxml2/libxml2-2.7.8-CVE-2011-1944.patch | 101 |
2 files changed, 106 insertions, 3 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index f7e412885..2c58133cf 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.7.8 -pkgrel=5 +pkgrel=6 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -12,7 +12,8 @@ depends_dev="zlib-dev python-dev" makedepends="zlib-dev python-dev" subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils" source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz - largefile64.patch" + largefile64.patch + libxml2-2.7.8-CVE-2011-1944.patch" options="!strip" @@ -55,4 +56,5 @@ utils() { } md5sums="8127a65e8c3b08856093099b52599c86 libxml2-2.7.8.tar.gz -5ad4915665608ebfa5b89f7908467a72 largefile64.patch" +5ad4915665608ebfa5b89f7908467a72 largefile64.patch +49cba5245dfa6f2ec710324df947fff9 libxml2-2.7.8-CVE-2011-1944.patch" diff --git a/main/libxml2/libxml2-2.7.8-CVE-2011-1944.patch b/main/libxml2/libxml2-2.7.8-CVE-2011-1944.patch new file mode 100644 index 000000000..8fa7c8b9c --- /dev/null +++ b/main/libxml2/libxml2-2.7.8-CVE-2011-1944.patch @@ -0,0 +1,101 @@ +From d7958b21e7f8c447a26bb2436f08402b2c308be4 Mon Sep 17 00:00:00 2001 +From: Chris Evans <scarybeasts@gmail.com> +Date: Wed, 23 Mar 2011 00:13:06 +0000 +Subject: Fix some potential problems on reallocation failures + +The count was incremented before the allocation +and not fixed in case of failure +* xpath.c: corrects a few instances where the available count of some + structure is updated before we know the allocation actually + succeeds +--- +diff --git a/xpath.c b/xpath.c +index 8b56189..608fe00 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -3522,13 +3522,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, xmlNodePtr node, xmlNsPtr ns) { + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } ++ cur->nodeMax *= 2; + cur->nodeTab = temp; + } + cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns); +@@ -3627,14 +3627,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr cur, xmlNodePtr val) { + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } + cur->nodeTab = temp; ++ cur->nodeMax *= 2; + } + if (val->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) val; +@@ -3738,14 +3738,14 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, xmlNodeSetPtr val2) { + } else if (val1->nodeNr == val1->nodeMax) { + xmlNodePtr *temp; + +- val1->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + val1->nodeTab = temp; ++ val1->nodeMax *= 2; + } + if (n2->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) n2; +@@ -3907,14 +3907,14 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetPtr set1, xmlNodeSetPtr set2, + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + set1->nodeTab = temp; ++ set1->nodeMax *= 2; + } + if (n2->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) n2; +@@ -3991,14 +3991,14 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlNodeSetPtr set1, xmlNodeSetPtr set2, + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + set1->nodeTab = temp; ++ set1->nodeMax *= 2; + } + set1->nodeTab[set1->nodeNr++] = n2; + } +-- +cgit v0.9.0.2 |