diff options
| author |   Victor Ostorga <vostorga@gentoo.org> | 2009-08-13 20:30:03 +0000 |
|---|---|---|
| committer | Victor Ostorga <vostorga@gentoo.org> | 2009-08-13 20:30:03 +0000 |
| commit | d161279b386a42f80e4d1b0fb4458b909ab29ec2 (patch) | |
| tree | 0da32bddb74567dfb91b2cd58df8259661676f2c /dev-libs/libxml/files | |
| parent | Keyword ~alpha (diff) | |
| download | gentoo-2-d161279b386a42f80e4d1b0fb4458b909ab29ec2.tar.gz gentoo-2-d161279b386a42f80e4d1b0fb4458b909ab29ec2.tar.bz2 gentoo-2-d161279b386a42f80e4d1b0fb4458b909ab29ec2.zip | |
Fix CAN-2004-0110 CAN-2004-0989 CVE-2009-2414 CVE-2009-2416 bug #280617
(Portage version: 2.1.6.13/cvs/Linux i686)
Diffstat (limited to 'dev-libs/libxml/files')
5 files changed, 563 insertions, 0 deletions
diff --git a/dev-libs/libxml/files/libxml-1.8.17-CAN-2004-0110.patch b/dev-libs/libxml/files/libxml-1.8.17-CAN-2004-0110.patch new file mode 100644 index 000000000000..45d4cfb95c27 --- /dev/null +++ b/dev-libs/libxml/files/libxml-1.8.17-CAN-2004-0110.patch @@ -0,0 +1,218 @@ +diff -NrU5 libxml-1.8.17.original/nanoftp.c libxml-1.8.17/nanoftp.c +--- libxml-1.8.17.original/nanoftp.c 2009-08-13 20:09:55.000000000 +0000 ++++ libxml-1.8.17/nanoftp.c 2009-08-13 20:11:39.000000000 +0000 +@@ -219,24 +219,24 @@ + xmlFree(ctxt->path); + ctxt->path = NULL; + } + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < 4090)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + ctxt->protocol = xmlMemStrdup(buf); + index = 0; + cur += 3; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) return; ++ if ((*cur == 0) || (index >= 4090)) return; + + buf[index] = 0; +- while (1) { ++ while (index < 4090) { + if (cur[0] == ':') { + buf[index] = 0; + ctxt->hostname = xmlMemStrdup(buf); + index = 0; + cur += 1; +@@ -256,16 +256,16 @@ + index = 0; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) ++ if ((*cur == 0) || (index >= 4090)) + ctxt->path = xmlMemStrdup("/"); + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < 4090)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); + } + } +@@ -299,26 +299,26 @@ + if (ctxt->protocol == NULL) + return(-1); + if (ctxt->hostname == NULL) + return(-1); + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < 4090)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + if (strcmp(ctxt->protocol, buf)) + return(-1); + index = 0; + cur += 3; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) ++ if ((*cur == 0) || (index >= 4090)) + return(-1); + + buf[index] = 0; +- while (1) { ++ while (index < 4090) { + if (cur[0] == ':') { + buf[index] = 0; + if (strcmp(ctxt->hostname, buf)) + return(-1); + index = 0; +@@ -346,16 +346,16 @@ + if (ctxt->path != NULL) { + xmlFree(ctxt->path); + ctxt->path = NULL; + } + +- if (*cur == 0) ++ if ((*cur == 0) || (index >= 4090)) + ctxt->path = xmlMemStrdup("/"); + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < 4090)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); + } + return(0); +@@ -391,23 +391,23 @@ + else + printf("Using FTP proxy %s\n", URL); + #endif + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < 4090)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + index = 0; + cur += 3; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) return; ++ if ((*cur == 0) || (index >= 4090)) return; + + buf[index] = 0; +- while (1) { ++ while (index < 4090) { + if (cur[0] == ':') { + buf[index] = 0; + proxy = xmlMemStrdup(buf); + index = 0; + cur += 1; +@@ -825,10 +825,14 @@ + hp = gethostbyname(proxy); + else + hp = gethostbyname(ctxt->hostname); + if (hp == NULL) + return(-1); ++ if (hp->h_length > ++ sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) { ++ return(-1); ++ } + + /* + * Prepare the socket + */ + memset(&ctxt->ftpAddr, 0, sizeof(ctxt->ftpAddr)); +diff -NrU5 libxml-1.8.17.original/nanohttp.c libxml-1.8.17/nanohttp.c +--- libxml-1.8.17.original/nanohttp.c 2009-08-13 20:09:55.000000000 +0000 ++++ libxml-1.8.17/nanohttp.c 2009-08-13 20:11:39.000000000 +0000 +@@ -175,24 +175,24 @@ + xmlFree(ctxt->path); + ctxt->path = NULL; + } + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) || (index < 4090)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + ctxt->protocol = xmlMemStrdup(buf); + index = 0; + cur += 3; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) return; ++ if ((*cur == 0) || (index >= 4090)) return; + + buf[index] = 0; +- while (1) { ++ while (index < 4090) { + if (cur[0] == ':') { + buf[index] = 0; + ctxt->hostname = xmlMemStrdup(buf); + index = 0; + cur += 1; +@@ -212,16 +212,16 @@ + index = 0; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) ++ if ((*cur == 0) || (index >= 4090)) + ctxt->path = xmlMemStrdup("/"); + else { + index = 0; + buf[index] = 0; +- while (*cur != 0) ++ while ((*cur != 0) && (index < 4090)) + buf[index++] = *cur++; + buf[index] = 0; + ctxt->path = xmlMemStrdup(buf); + } + } +@@ -256,23 +256,23 @@ + else + printf("Using HTTP proxy %s\n", URL); + #endif + if (URL == NULL) return; + buf[index] = 0; +- while (*cur != 0) { ++ while ((*cur != 0) && (index < 4090)) { + if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { + buf[index] = 0; + index = 0; + cur += 3; + break; + } + buf[index++] = *cur++; + } +- if (*cur == 0) return; ++ if ((*cur == 0) || (index >= 4090)) return; + + buf[index] = 0; +- while (1) { ++ while (index < 4090) { + if (cur[0] == ':') { + buf[index] = 0; + proxy = xmlMemStrdup(buf); + index = 0; + cur += 1; diff --git a/dev-libs/libxml/files/libxml-1.8.17-CVE-2009-2414-2416.patch b/dev-libs/libxml/files/libxml-1.8.17-CVE-2009-2414-2416.patch new file mode 100644 index 000000000000..7d2f7485c676 --- /dev/null +++ b/dev-libs/libxml/files/libxml-1.8.17-CVE-2009-2414-2416.patch @@ -0,0 +1,121 @@ +diff -NrU5 libxml-1.8.17.original/parser.c libxml-1.8.17/parser.c +--- libxml-1.8.17.original/parser.c 2009-08-13 20:14:27.000000000 +0000 ++++ libxml-1.8.17/parser.c 2009-08-13 20:15:38.000000000 +0000 +@@ -5162,15 +5162,19 @@ + if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) + ctxt->sax->error(ctxt->userData, + "Name expected in NOTATION declaration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + cur = xmlCreateEnumeration(name); + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; + last = cur; + } +@@ -5181,13 +5185,12 @@ + if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) + ctxt->sax->error(ctxt->userData, + "')' required to finish NOTATION declaration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- if ((last != NULL) && (last != ret)) +- xmlFreeEnumeration(last); +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); + } + +@@ -5230,15 +5233,19 @@ + if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) + ctxt->sax->error(ctxt->userData, + "NmToken expected in ATTLIST enumeration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + cur = xmlCreateEnumeration(name); + xmlFree(name); +- if (cur == NULL) return(ret); ++ if (cur == NULL) { ++ xmlFreeEnumeration(ret); ++ return(NULL); ++ } + if (last == NULL) ret = last = cur; + else { + last->next = cur; + last = cur; + } +@@ -5249,11 +5256,12 @@ + if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) + ctxt->sax->error(ctxt->userData, + "')' required to finish ATTLIST enumeration\n"); + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; +- return(ret); ++ xmlFreeEnumeration(ret); ++ return(NULL); + } + NEXT; + return(ret); + } + +@@ -5713,17 +5721,29 @@ + (xmlParserCtxtPtr ctxt) { + xmlElementContentPtr ret = NULL, cur = NULL, last = NULL, op = NULL; + xmlChar *elem; + xmlChar type = 0; + ++ if (ctxt->depth > 128) { ++ ctxt->errNo = XML_ERR_ELEMCONTENT_NOT_FINISHED; ++ if ((ctxt->sax != NULL) && (ctxt->sax->error != NULL)) ++ ctxt->sax->error(ctxt->userData, ++ "xmlParseElementChildrenContentDecl : depth %d too deep\n", ++ ctxt->depth); ++ ctxt->wellFormed = 0; ++ ctxt->disableSAX = 1; ++ return(NULL); ++ } + SKIP_BLANKS; + GROW; + if (RAW == '(') { + /* Recurse on first child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + cur = ret = xmlParseElementChildrenContentDecl(ctxt); ++ ctxt->depth--; + SKIP_BLANKS; + GROW; + } else { + elem = xmlParseNameComplex(ctxt); + if (elem == NULL) { +@@ -5863,11 +5883,13 @@ + GROW; + if (RAW == '(') { + /* Recurse on second child */ + NEXT; + SKIP_BLANKS; ++ ctxt->depth++; + last = xmlParseElementChildrenContentDecl(ctxt); ++ ctxt->depth--; + SKIP_BLANKS; + } else { + elem = xmlParseNameComplex(ctxt); + if (elem == NULL) { + ctxt->errNo = XML_ERR_ELEMCONTENT_NOT_STARTED; diff --git a/dev-libs/libxml/files/libxml-1.8.17-configure-LANG.patch b/dev-libs/libxml/files/libxml-1.8.17-configure-LANG.patch new file mode 100644 index 000000000000..3ef76ef911c0 --- /dev/null +++ b/dev-libs/libxml/files/libxml-1.8.17-configure-LANG.patch @@ -0,0 +1,41 @@ +The LANG vars aren't reset early enough so when sed tries to use [a-zA-Z] in +option parsing, it may break. + +http://bugs.gentoo.org/103483 + +--- configure ++++ configure +@@ -54,6 +54,16 @@ + infodir='${prefix}/info' + mandir='${prefix}/man' + ++# NLS nuisances. ++# Only set these to C if already set. These must not be set unconditionally ++# because not all systems understand e.g. LANG=C (notably SCO). ++# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! ++# Non-C LC_CTYPE values break the ctype check. ++if test "${LANG+set}" = set; then LANG=C; export LANG; fi ++if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi ++if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi ++if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi ++ + # Initialize some other variables. + subdirs= + MFLAGS= MAKEFLAGS= +@@ -452,16 +463,6 @@ + esac + done + +-# NLS nuisances. +-# Only set these to C if already set. These must not be set unconditionally +-# because not all systems understand e.g. LANG=C (notably SCO). +-# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +-# Non-C LC_CTYPE values break the ctype check. +-if test "${LANG+set}" = set; then LANG=C; export LANG; fi +-if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +-if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +-if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi +- + # confdefs.h avoids OS command line length limits that DEFS can exceed. + rm -rf conftest* confdefs.h + # AIX cpp loses on an empty file, so make sure it contains at least a newline. diff --git a/dev-libs/libxml/files/libxml-1.8.17-declarations.patch b/dev-libs/libxml/files/libxml-1.8.17-declarations.patch new file mode 100644 index 000000000000..a6f029c77556 --- /dev/null +++ b/dev-libs/libxml/files/libxml-1.8.17-declarations.patch @@ -0,0 +1,172 @@ +diff -NrU5 libxml-1.8.17.original/debugXML.c libxml-1.8.17/debugXML.c +--- libxml-1.8.17.original/debugXML.c 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/debugXML.c 2009-08-13 20:04:58.000000000 +0000 +@@ -14,13 +14,11 @@ + #endif + #include <stdio.h> + #ifdef HAVE_STDLIB_H + #include <stdlib.h> + #endif +-#ifdef HAVE_STRING_H + #include <string.h> +-#endif + #include "xmlmemory.h" + #include "tree.h" + #include "parser.h" + #include "debugXML.h" + #include "HTMLtree.h" +diff -NrU5 libxml-1.8.17.original/entities.c libxml-1.8.17/entities.c +--- libxml-1.8.17.original/entities.c 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/entities.c 2009-08-13 20:04:58.000000000 +0000 +@@ -659,11 +659,11 @@ + #endif + buf[sizeof(buf) - 1] = 0; + ptr = buf; + while (*ptr != 0) *out++ = *ptr++; + } else if ((doc != NULL) && (doc->encoding != NULL) && +- (xmlStrEqual(doc->encoding, "UTF-8"))) { ++ (xmlStrEqual(doc->encoding, (const xmlChar *) "UTF-8"))) { + /* + * We assume we have UTF-8 input. + */ + char buf[10], *ptr; + int val = 0, l = 1; +diff -NrU5 libxml-1.8.17.original/nanoftp.c libxml-1.8.17/nanoftp.c +--- libxml-1.8.17.original/nanoftp.c 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/nanoftp.c 2009-08-13 20:04:58.000000000 +0000 +@@ -1220,11 +1220,11 @@ + int len, i; + int res; + unsigned char ad[6], *adp, *portp; + unsigned int temp[6]; + struct sockaddr_in dataAddr; +- size_t dataAddrLen; ++ socklen_t dataAddrLen; + + ctxt->dataFd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (ctxt->dataFd < 0) { + fprintf(stderr, "xmlNanoFTPGetConnection: failed to create socket\n"); + } +diff -NrU5 libxml-1.8.17.original/parser.c libxml-1.8.17/parser.c +--- libxml-1.8.17.original/parser.c 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/parser.c 2009-08-13 20:04:58.000000000 +0000 +@@ -6521,11 +6521,10 @@ + if (RAW != '&') return; + + if (NXT(1) == '#') { + int i = 0; + xmlChar out[10]; +- int hex = NXT(2); + int val = xmlParseCharRef(ctxt); + + /* + * Just encode the value in UTF-8 + */ +@@ -10625,10 +10624,12 @@ + * they are not added to @node + */ + + xmlNodePtr + xmlParseBalancedChunkFile(xmlDocPtr doc, xmlNodePtr node) { ++ /* not implemented */ ++ return (xmlNodePtr) NULL; + } + + /** + * xmlRecoverDoc : + * @cur: a pointer to an array of xmlChar +@@ -10711,11 +10712,11 @@ + xmlSAXParseFile(xmlSAXHandlerPtr sax, const char *filename, + int recovery) { + xmlDocPtr ret; + xmlParserCtxtPtr ctxt; + char *directory = NULL; +- xmlSAXHandlerPtr oldsax; ++ xmlSAXHandlerPtr oldsax = NULL; + + ctxt = xmlCreateFileParserCtxt(filename); + if (ctxt == NULL) return(NULL); + if (sax != NULL) { + oldsax = ctxt->sax; +@@ -10939,11 +10940,11 @@ + int + xmlSAXUserParseFile(xmlSAXHandlerPtr sax, void *user_data, + const char *filename) { + int ret = 0; + xmlParserCtxtPtr ctxt; +- xmlSAXHandlerPtr oldsax; ++ xmlSAXHandlerPtr oldsax = NULL; + + ctxt = xmlCreateFileParserCtxt(filename); + if (ctxt == NULL) return -1; + if (sax != NULL) { + oldsax = ctxt->sax; +diff -NrU5 libxml-1.8.17.original/parser.h libxml-1.8.17/parser.h +--- libxml-1.8.17.original/parser.h 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/parser.h 2009-08-13 20:04:58.000000000 +0000 +@@ -343,20 +343,24 @@ + int xmlStrcmp (const xmlChar *str1, + const xmlChar *str2); + int xmlStrncmp (const xmlChar *str1, + const xmlChar *str2, + int len); ++int xmlStrEqual (const xmlChar *str1, ++ const xmlChar *str2); + int xmlStrlen (const xmlChar *str); + xmlChar * xmlStrcat (xmlChar *cur, + const xmlChar *add); + xmlChar * xmlStrncat (xmlChar *cur, + const xmlChar *add, + int len); + + /** + * Basic parsing Interfaces + */ ++void xmlInitParser (void); ++void xmlInitializePredefinedEntities(void); + xmlDocPtr xmlParseDoc (xmlChar *cur); + xmlDocPtr xmlParseMemory (char *buffer, + int size); + xmlDocPtr xmlParseFile (const char *filename); + int xmlSubstituteEntitiesDefault(int val); +@@ -371,11 +375,24 @@ + xmlDocPtr xmlRecoverFile (const char *filename); + + /** + * Less common routines and SAX interfaces + */ ++int xmlParseBalancedChunkMemory(xmlDocPtr doc, ++ xmlSAXHandlerPtr sax, ++ void *user_data, ++ int depth, ++ const xmlChar *string, ++ xmlNodePtr *list); + int xmlParseDocument (xmlParserCtxtPtr ctxt); ++int xmlParseExternalEntity (xmlDocPtr doc, ++ xmlSAXHandlerPtr sax, ++ void *user_data, ++ int depth, ++ const xmlChar *URL, ++ const xmlChar *ID, ++ xmlNodePtr *list); + xmlDocPtr xmlSAXParseDoc (xmlSAXHandlerPtr sax, + xmlChar *cur, + int recovery); + int xmlSAXUserParseFile (xmlSAXHandlerPtr sax, + void *user_data, +diff -NrU5 libxml-1.8.17.original/tree.c libxml-1.8.17/tree.c +--- libxml-1.8.17.original/tree.c 2009-08-13 19:58:37.000000000 +0000 ++++ libxml-1.8.17/tree.c 2009-08-13 20:04:58.000000000 +0000 +@@ -4420,11 +4420,11 @@ + if (cur->version != NULL) + xmlBufferWriteQuotedString(buf, cur->version); + else + xmlBufferWriteChar(buf, "\"1.0\""); + if ((cur->encoding != NULL) && +- (!xmlStrEqual(cur->encoding, "UTF-8"))) { ++ (!xmlStrEqual(cur->encoding, (const xmlChar *) "UTF-8"))) { + xmlBufferWriteChar(buf, " encoding="); + xmlBufferWriteQuotedString(buf, cur->encoding); + } + switch (cur->standalone) { + /************************************************* 2.3.5 ********** diff --git a/dev-libs/libxml/files/libxml-1.8.17-open_call_fix.patch b/dev-libs/libxml/files/libxml-1.8.17-open_call_fix.patch new file mode 100644 index 000000000000..bcc7c3b71443 --- /dev/null +++ b/dev-libs/libxml/files/libxml-1.8.17-open_call_fix.patch @@ -0,0 +1,11 @@ +--- old/nanohttp.c 2000-06-28 20:33:46.000000000 +0200 ++++ new/nanohttp.c 2009-02-02 13:45:31.199209868 +0100 +@@ -1182,7 +1182,7 @@ + if (!strcmp(filename, "-")) + fd = 0; + else { +- fd = open(filename, O_CREAT | O_WRONLY); ++ fd = open(filename, O_CREAT | O_WRONLY, 0644); + if (fd < 0) { + xmlNanoHTTPClose(ctxt); + return(-1); |