diff options
author | Florian Franzmann | 2012-05-23 10:04:10 +0200 |
---|---|---|
committer | Vlad Glagolev | 2012-05-23 15:06:20 +0400 |
commit | abaa8fff657ea78f76bdae1ede01b1a0f80d2791 (patch) | |
tree | 58d644e27dd71a9b5d040416d9904ff079c8c8e0 | |
parent | ce037d023de84bf90af6e3491af054fcb619c0df (diff) |
libs/libxml2: fix CVE-2011-3102
(cherry picked from commit 27992eef42ca1a83a3a855665e94729263c9408a)
-rw-r--r-- | libs/libxml2/CVE-2011-3102.patch | 67 | ||||
-rw-r--r-- | libs/libxml2/HISTORY | 3 | ||||
-rwxr-xr-x | libs/libxml2/PRE_BUILD | 3 |
3 files changed, 44 insertions, 29 deletions
diff --git a/libs/libxml2/CVE-2011-3102.patch b/libs/libxml2/CVE-2011-3102.patch index 28c0335698..ca3715cc8f 100644 --- a/libs/libxml2/CVE-2011-3102.patch +++ b/libs/libxml2/CVE-2011-3102.patch @@ -1,29 +1,42 @@ -diff -u libxml2-2.7.8.dfsg/xpointer.c libxml2-2.7.8.dfsg/xpointer.c ---- libxml2-2.7.8.dfsg/xpointer.c -+++ libxml2-2.7.8.dfsg/xpointer.c -@@ -1007,21 +1007,14 @@ - NEXT; - break; - } -- *cur++ = CUR; - } else if (CUR == '(') { - level++; -- *cur++ = CUR; - } else if (CUR == '^') { -- NEXT; -- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) { -- *cur++ = CUR; -- } else { -- *cur++ = '^'; -- *cur++ = CUR; -- } -- } else { -- *cur++ = CUR; -+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) { -+ NEXT; -+ } - } -+ *cur++ = CUR; - NEXT; +From 39ef0e0c0a73d19d63a731525ce1f9de0c4a7d92 Mon Sep 17 00:00:00 2001 +From: Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> +Date: Wed, 23 May 2012 09:57:06 +0200 +Subject: [PATCH] fix CVE-2011-3102 + +--- + xpointer.c | 15 ++++----------- + 1 file changed, 4 insertions(+), 11 deletions(-) + +diff --git a/xpointer.c b/xpointer.c +index 37afa3a..d37f0b1 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) { + NEXT; + break; + } +- *cur++ = CUR; + } else if (CUR == '(') { + level++; +- *cur++ = CUR; + } else if (CUR == '^') { +- NEXT; +- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) { +- *cur++ = CUR; +- } else { +- *cur++ = '^'; +- *cur++ = CUR; +- } +- } else { +- *cur++ = CUR; ++ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) { ++ NEXT; ++ } + } ++ *cur++ = CUR; + NEXT; } *cur = 0; +-- +1.7.10.1 + diff --git a/libs/libxml2/HISTORY b/libs/libxml2/HISTORY index a9563c2cc4..c6f9c6f18a 100644 --- a/libs/libxml2/HISTORY +++ b/libs/libxml2/HISTORY @@ -1,12 +1,13 @@ 2012-05-23 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> * PRE_BUILD, CVE-2011-0216.patch, CVE-2011-1944.patch, - CVE-2011-2834.patch, CVE-2011-3102.patch, + CVE-2011-2834.patch, CVE-2011-3905.patch, CVE-2011-3919.patch, libxml2-2.7.8-xpath-freeing2.patch, libxml2-2.7.8-xpath-freeing.patch, libxml2-2.7.8-xpath-hardening.patch: added patches from archlinux to fix CVE-2011-1944, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905 and CVE-2011-3919 + * PRE_BUILD, CVE-2011-3102.patch: adapted patch from Ubuntu to fix CVE-2011-3102 * DETAILS: SECURITY_PATCH+=6 2012-02-23 Treeve Jelbert <treeve@sourcemage.org> diff --git a/libs/libxml2/PRE_BUILD b/libs/libxml2/PRE_BUILD index 419d637147..bc044af1bb 100755 --- a/libs/libxml2/PRE_BUILD +++ b/libs/libxml2/PRE_BUILD @@ -8,4 +8,5 @@ patch -p1 < $SPELL_DIRECTORY/libxml2-2.7.8-xpath-hardening.patch && patch -p1 < $SPELL_DIRECTORY/CVE-2011-0216.patch && patch -p1 < $SPELL_DIRECTORY/CVE-2011-2834.patch && patch -p1 < $SPELL_DIRECTORY/CVE-2011-3905.patch && -patch -p1 < $SPELL_DIRECTORY/CVE-2011-3919.patch +patch -p1 < $SPELL_DIRECTORY/CVE-2011-3919.patch && +patch -p1 < $SPELL_DIRECTORY/CVE-2011-3102.patch |