Fix security bugs CVE-2009-2416 and CVE-2009-2414.

PR: 137980 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> Obtained from: http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
svn path=/head/; revision=240235
2009-08-24 00:50:00 +00:00 · 2009-08-24 00:50:00 +00:00 · 526980c9d7 · 2021-03-31 03:12:20 +00:00
commit 526980c9d7
parent 4620de7090
2 changed files with 80 additions and 1 deletions
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@ -13,7 +13,7 @@

 PORTNAME=	libxml2
 PORTVERSION=	2.7.3
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES?=	textproc gnome
 MASTER_SITES=	ftp://fr.rpmfind.net/pub/libxml/ \
 		ftp://gd.tuwien.ac.at/pub/libxml/ \
--- a/textproc/libxml2/files/patch-parser.c
+++ b/textproc/libxml2/files/patch-parser.c
@ -0,0 +1,79 @@
+--- parser.c.orig
+++ parser.c
+@@ -5306,7 +5306,8 @@
+ 	if (name == NULL) {
+ 	    xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
+ 			   "Name expected in NOTATION declaration\n");
+-	    return(ret);
+		xmlFreeEnumeration(ret);
+		return(NULL);
+ 	}
+ 	tmp = ret;
+ 	while (tmp != NULL) {
+@@ -5322,7 +5323,10 @@
+ 	}
+ 	if (tmp == NULL) {
+ 	    cur = xmlCreateEnumeration(name);
+-	    if (cur == NULL) return(ret);
+	    if (cur == NULL) {
+			xmlFreeEnumeration(ret);
+			return(NULL);
+		}
+ 	    if (last == NULL) ret = last = cur;
+ 	    else {
+ 		last->next = cur;
+@@ -5334,8 +5338,8 @@
+     if (RAW != ')') {
+ 	xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
+ 	if ((last != NULL) && (last != ret))
+-	    xmlFreeEnumeration(last);
+-	return(ret);
+	   xmlFreeEnumeration(ret);
+	return(NULL);
+     }
+     NEXT;
+     return(ret);
+@@ -5390,7 +5394,10 @@
+ 	    cur = xmlCreateEnumeration(name);
+ 	    if (!xmlDictOwns(ctxt->dict, name))
+ 		xmlFree(name);
+-	    if (cur == NULL) return(ret);
+	    if (cur == NULL){
+			xmlFreeEnumeration(ret);
+			return(NULL);
+		}
+ 	    if (last == NULL) ret = last = cur;
+ 	    else {
+ 		last->next = cur;
+@@ -5794,6 +5801,11 @@
+     const xmlChar *elem;
+     xmlChar type = 0;
+ 
+	if (ctxt->depth > 128) {
+		xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED, "xmlParseElementChildrenContentDecl : depth %d too deep\n", ctxt->depth);
+		return(NULL);
+	}
+
+     SKIP_BLANKS;
+     GROW;
+     if (RAW == '(') {
+@@ -5802,7 +5814,9 @@
+         /* Recurse on first child */
+ 	NEXT;
+ 	SKIP_BLANKS;
+	ctxt->depth++;
+         cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+		ctxt->depth--;
+ 	SKIP_BLANKS;
+ 	GROW;
+     } else {
+@@ -5934,7 +5948,9 @@
+ 	    /* Recurse on second child */
+ 	    NEXT;
+ 	    SKIP_BLANKS;
+		ctxt->depth++;
+ 	    last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+		ctxt->depth--;
+ 	    SKIP_BLANKS;
+ 	} else {
+ 	    elem = xmlParseName(ctxt);