diff options
| author | Koop Mast <kwm@FreeBSD.org> | 2012-05-18 11:51:18 +0000 |
|---|---|---|
| committer | Koop Mast <kwm@FreeBSD.org> | 2012-05-18 11:51:18 +0000 |
| commit | b7e1fac56a7003a79034be336d51e12fb264b7b5 (patch) | |
| tree | f912ba333a0456172366a9196ead6f964beb7ee9 /textproc/libxml2 | |
| parent | 3e58589ebd77391f965f9ed7b81e4f141c36e4f1 (diff) | |
| download | ports-b7e1fac56a7003a79034be336d51e12fb264b7b5.tar.gz ports-b7e1fac56a7003a79034be336d51e12fb264b7b5.zip | |
Notes
Diffstat (limited to 'textproc/libxml2')
| -rw-r--r-- | textproc/libxml2/Makefile | 5 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-xpointer.c | 41 |
2 files changed, 43 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 9d4a58567d84..309ec2a130f9 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -13,10 +13,9 @@ PORTNAME= libxml2 PORTVERSION= 2.7.8 -PORTREVISION?= 2 +PORTREVISION?= 3 CATEGORIES?= textproc gnome -MASTER_SITES= ftp://fr.rpmfind.net/pub/libxml/ \ - ftp://gd.tuwien.ac.at/pub/libxml/ \ +MASTER_SITES= ftp://gd.tuwien.ac.at/pub/libxml/ \ ftp://xmlsoft.org/libxml2/ DIST_SUBDIR= gnome2 diff --git a/textproc/libxml2/files/patch-xpointer.c b/textproc/libxml2/files/patch-xpointer.c new file mode 100644 index 000000000000..877ea2a7d920 --- /dev/null +++ b/textproc/libxml2/files/patch-xpointer.c @@ -0,0 +1,41 @@ +From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001 +From: Jüri Aedla <asd@ut.ee> +Date: Mon, 07 May 2012 07:06:56 +0000 +Subject: Fix an off by one pointer access + +getting out of the range of memory allocated for xpointer decoding +CVE-2011-3102 + +--- +diff --git a/xpointer.c b/xpointer.c +index 37afa3a..0b463dd 100644 +--- xpointer.c ++++ xpointer.c +@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) { + NEXT; + break; + } +- *cur++ = CUR; + } else if (CUR == '(') { + level++; +- *cur++ = CUR; + } else if (CUR == '^') { +- NEXT; +- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) { +- *cur++ = CUR; +- } else { +- *cur++ = '^'; +- *cur++ = CUR; +- } +- } else { +- *cur++ = CUR; ++ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) { ++ NEXT; ++ } + } ++ *cur++ = CUR; + NEXT; + } + *cur = 0; +-- +cgit v0.9.0.2 |