diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2008-09-25 01:21:47 +0000 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2008-09-25 01:21:47 +0000 |
| commit | 308d45a4e2d04ed01f90082c4d22bc2470abc566 (patch) | |
| tree | 4c14f3347f61c00fd694e94bd17a673f3f8c4704 /dev-libs | |
| parent | Version bump and new ewarn message for bug #238489 (diff) | |
| download | gentoo-2-308d45a4e2d04ed01f90082c4d22bc2470abc566.tar.gz gentoo-2-308d45a4e2d04ed01f90082c4d22bc2470abc566.tar.bz2 gentoo-2-308d45a4e2d04ed01f90082c4d22bc2470abc566.zip | |
Version bump. Includes ABI compatible fix for CVE-2008-3281, security fix for CVE-2008-3529 - xmlParseAttValueComplex() heap-based buffer overflow, and various bug fixes and new API. Addresses bugs 234099, 235529, 237413 and 237806
(Portage version: 2.2_rc9/cvs/Linux 2.6.26-gentoo-r1 x86_64)
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libxml2/ChangeLog | 12 | ||||
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.6.32-CVE-2008-3281.patch | 248 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.7.1.ebuild (renamed from dev-libs/libxml2/libxml2-2.6.32-r1.ebuild) | 7 |
3 files changed, 13 insertions, 254 deletions
diff --git a/dev-libs/libxml2/ChangeLog b/dev-libs/libxml2/ChangeLog index 337b7672d217..dbd8df176eda 100644 --- a/dev-libs/libxml2/ChangeLog +++ b/dev-libs/libxml2/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for dev-libs/libxml2 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.218 2008/08/22 16:07:50 leio Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.219 2008/09/25 01:21:46 leio Exp $ + +*libxml2-2.7.1 (25 Sep 2008) + + 25 Sep 2008; Mart Raudsepp <leio@gentoo.org> + -files/libxml2-2.6.32-CVE-2008-3281.patch, -libxml2-2.6.32-r1.ebuild, + +libxml2-2.7.1.ebuild: + Version bump. Includes ABI compatible fix for CVE-2008-3281, security fix + for CVE-2008-3529 - xmlParseAttValueComplex() heap-based buffer overflow, + and various bug fixes and new API. Addresses bugs 234099, 235529, 237413 + and 237806 *libxml2-2.6.32-r1 (22 Aug 2008) diff --git a/dev-libs/libxml2/files/libxml2-2.6.32-CVE-2008-3281.patch b/dev-libs/libxml2/files/libxml2-2.6.32-CVE-2008-3281.patch deleted file mode 100644 index 2375359edfc3..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.6.32-CVE-2008-3281.patch +++ /dev/null @@ -1,248 +0,0 @@ -Index: libxml2-2.6.32/include/libxml/parser.h -=================================================================== ---- libxml2-2.6.32.orig/include/libxml/parser.h -+++ libxml2-2.6.32/include/libxml/parser.h -@@ -297,6 +297,7 @@ struct _xmlParserCtxt { - */ - xmlError lastError; - xmlParserMode parseMode; /* the parser mode */ -+ unsigned long nbentities; /* number of entities references */ - }; - - /** -Index: libxml2-2.6.32/include/libxml/entities.h -=================================================================== ---- libxml2-2.6.32.orig/include/libxml/entities.h -+++ libxml2-2.6.32/include/libxml/entities.h -@@ -57,6 +57,7 @@ struct _xmlEntity { - const xmlChar *URI; /* the full URI as computed */ - int owner; /* does the entity own the childrens */ - int checked; /* was the entity content checked */ -+ unsigned long nbentities; /* the number of entities references */ - }; - - /* -Index: libxml2-2.6.32/entities.c -=================================================================== ---- libxml2-2.6.32.orig/entities.c -+++ libxml2-2.6.32/entities.c -@@ -31,35 +31,35 @@ static xmlEntity xmlEntityLt = { - NULL, NULL, NULL, NULL, NULL, NULL, - BAD_CAST "<", BAD_CAST "<", 1, - XML_INTERNAL_PREDEFINED_ENTITY, -- NULL, NULL, NULL, NULL, 0, 1 -+ NULL, NULL, NULL, NULL, 0, 1, 0 - }; - static xmlEntity xmlEntityGt = { - NULL, XML_ENTITY_DECL, BAD_CAST "gt", - NULL, NULL, NULL, NULL, NULL, NULL, - BAD_CAST ">", BAD_CAST ">", 1, - XML_INTERNAL_PREDEFINED_ENTITY, -- NULL, NULL, NULL, NULL, 0, 1 -+ NULL, NULL, NULL, NULL, 0, 1, 0 - }; - static xmlEntity xmlEntityAmp = { - NULL, XML_ENTITY_DECL, BAD_CAST "amp", - NULL, NULL, NULL, NULL, NULL, NULL, - BAD_CAST "&", BAD_CAST "&", 1, - XML_INTERNAL_PREDEFINED_ENTITY, -- NULL, NULL, NULL, NULL, 0, 1 -+ NULL, NULL, NULL, NULL, 0, 1, 0 - }; - static xmlEntity xmlEntityQuot = { - NULL, XML_ENTITY_DECL, BAD_CAST "quot", - NULL, NULL, NULL, NULL, NULL, NULL, - BAD_CAST "\"", BAD_CAST "\"", 1, - XML_INTERNAL_PREDEFINED_ENTITY, -- NULL, NULL, NULL, NULL, 0, 1 -+ NULL, NULL, NULL, NULL, 0, 1, 0 - }; - static xmlEntity xmlEntityApos = { - NULL, XML_ENTITY_DECL, BAD_CAST "apos", - NULL, NULL, NULL, NULL, NULL, NULL, - BAD_CAST "'", BAD_CAST "'", 1, - XML_INTERNAL_PREDEFINED_ENTITY, -- NULL, NULL, NULL, NULL, 0, 1 -+ NULL, NULL, NULL, NULL, 0, 1, 0 - }; - - /** -Index: libxml2-2.6.32/parserInternals.c -=================================================================== ---- libxml2-2.6.32.orig/parserInternals.c -+++ libxml2-2.6.32/parserInternals.c -@@ -1669,6 +1669,7 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt) - ctxt->depth = 0; - ctxt->charset = XML_CHAR_ENCODING_UTF8; - ctxt->catalogs = NULL; -+ ctxt->nbentities = 0; - xmlInitNodeInfoSeq(&ctxt->node_seq); - return(0); - } -Index: libxml2-2.6.32/parser.c -=================================================================== ---- libxml2-2.6.32.orig/parser.c -+++ libxml2-2.6.32/parser.c -@@ -2344,7 +2344,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt - return(NULL); - last = str + len; - -- if (ctxt->depth > 40) { -+ if ((ctxt->depth > 40) || (ctxt->nbentities >= 500000)) { - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); - return(NULL); - } -@@ -2382,6 +2382,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt - "String decoding Entity Reference: %.30s\n", - str); - ent = xmlParseStringEntityRef(ctxt, &str); -+ if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) -+ goto int_error; -+ ctxt->nbentities++; -+ if (ent != NULL) -+ ctxt->nbentities += ent->nbentities; - if ((ent != NULL) && - (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { - if (ent->content != NULL) { -@@ -2427,6 +2432,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt - xmlGenericError(xmlGenericErrorContext, - "String decoding PE Reference: %.30s\n", str); - ent = xmlParseStringPEReference(ctxt, &str); -+ if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) -+ goto int_error; -+ ctxt->nbentities++; -+ if (ent != NULL) -+ ctxt->nbentities += ent->nbentities; - if (ent != NULL) { - if (ent->content == NULL) { - if (xmlLoadEntityContent(ctxt, ent) < 0) { -@@ -2466,6 +2476,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt - - mem_error: - xmlErrMemory(ctxt, NULL); -+int_error: - if (rep != NULL) - xmlFree(rep); - if (buffer != NULL) -@@ -3280,6 +3291,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr - } - } else { - ent = xmlParseEntityRef(ctxt); -+ ctxt->nbentities++; -+ if (ent != NULL) -+ ctxt->nbentities += ent->nbentities; - if ((ent != NULL) && - (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { - if (len > buf_size - 10) { -@@ -4566,6 +4580,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt - int isParameter = 0; - xmlChar *orig = NULL; - int skipped; -+ unsigned long oldnbent = ctxt->nbentities; - - /* GROW; done in the caller */ - if (CMP8(CUR_PTR, '<', '!', 'E', 'N', 'T', 'I', 'T', 'Y')) { -@@ -4783,6 +4798,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt - } - } - if (cur != NULL) { -+ cur->nbentities = ctxt->nbentities - oldnbent; - if (cur->orig != NULL) - xmlFree(orig); - else -@@ -6189,6 +6205,11 @@ xmlParseReference(xmlParserCtxtPtr ctxt) - if (ent == NULL) return; - if (!ctxt->wellFormed) - return; -+ ctxt->nbentities++; -+ if (ctxt->nbentities >= 500000) { -+ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); -+ return; -+ } - was_checked = ent->checked; - if ((ent->name != NULL) && - (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY)) { -@@ -6249,6 +6270,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) - xmlFreeNodeList(list); - } - } else { -+ unsigned long oldnbent = ctxt->nbentities; - /* - * 4.3.2: An internal general parsed entity is well-formed - * if its replacement text matches the production labeled -@@ -6271,6 +6293,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) - ret = xmlParseBalancedChunkMemoryInternal(ctxt, - value, user_data, &list); - ctxt->depth--; -+ - } else if (ent->etype == - XML_EXTERNAL_GENERAL_PARSED_ENTITY) { - ctxt->depth++; -@@ -6283,6 +6306,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) - xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR, - "invalid entity type found\n", NULL); - } -+ ent->nbentities = ctxt->nbentities - oldnbent; - if (ret == XML_ERR_ENTITY_LOOP) { - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); - return; -@@ -6341,6 +6365,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) - } - ent->checked = 1; - } -+ ctxt->nbentities += ent->nbentities; - - if (ent->children == NULL) { - /* -@@ -11480,7 +11505,7 @@ xmlParseCtxtExternalEntity(xmlParserCtxt - - if (ctx == NULL) return(-1); - -- if (ctx->depth > 40) { -+ if ((ctx->depth > 40) || (ctx->nbentities >= 500000)) { - return(XML_ERR_ENTITY_LOOP); - } - -@@ -11681,7 +11706,8 @@ xmlParseExternalEntityPrivate(xmlDocPtr - xmlChar start[4]; - xmlCharEncoding enc; - -- if (depth > 40) { -+ if ((depth > 40) || -+ ((oldctxt != NULL) && (oldctxt->nbentities >= 500000))) { - return(XML_ERR_ENTITY_LOOP); - } - -@@ -11824,6 +11850,7 @@ xmlParseExternalEntityPrivate(xmlDocPtr - oldctxt->node_seq.maximum = ctxt->node_seq.maximum; - oldctxt->node_seq.length = ctxt->node_seq.length; - oldctxt->node_seq.buffer = ctxt->node_seq.buffer; -+ oldctxt->nbentities += ctxt->nbentities; - ctxt->node_seq.maximum = 0; - ctxt->node_seq.length = 0; - ctxt->node_seq.buffer = NULL; -@@ -11924,7 +11951,7 @@ xmlParseBalancedChunkMemoryInternal(xmlP - int size; - xmlParserErrors ret = XML_ERR_OK; - -- if (oldctxt->depth > 40) { -+ if ((oldctxt->depth > 40) || (oldctxt->nbentities >= 500000)) { - return(XML_ERR_ENTITY_LOOP); - } - -@@ -12048,6 +12075,7 @@ xmlParseBalancedChunkMemoryInternal(xmlP - ctxt->myDoc->last = last; - } - -+ oldctxt->nbentities += ctxt->nbentities; - ctxt->sax = oldsax; - ctxt->dict = NULL; - ctxt->attsDefault = NULL; -@@ -13363,6 +13391,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt) - ctxt->depth = 0; - ctxt->charset = XML_CHAR_ENCODING_UTF8; - ctxt->catalogs = NULL; -+ ctxt->nbentities = 0; - xmlInitNodeInfoSeq(&ctxt->node_seq); - - if (ctxt->attsDefault != NULL) { diff --git a/dev-libs/libxml2/libxml2-2.6.32-r1.ebuild b/dev-libs/libxml2/libxml2-2.7.1.ebuild index c98d465dbd0c..41d9f4bc856e 100644 --- a/dev-libs/libxml2/libxml2-2.6.32-r1.ebuild +++ b/dev-libs/libxml2/libxml2-2.7.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.6.32-r1.ebuild,v 1.1 2008/08/22 16:07:50 leio Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.1.ebuild,v 1.1 2008/09/25 01:21:46 leio Exp $ inherit libtool flag-o-matic eutils @@ -9,7 +9,7 @@ HOMEPAGE="http://www.xmlsoft.org/" LICENSE="MIT" SLOT="2" -KEYWORDS="alpha amd64 ~arm hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" IUSE="bootstrap build debug doc examples ipv6 python readline test" XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" @@ -41,9 +41,6 @@ src_unpack() { || die "Failed to install test tarballs" fi - # Fix infinite recursion, bug #234099 - epatch "${FILESDIR}/${P}-CVE-2008-3281.patch" - epunt_cxx } |