aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-12-10 16:08:15 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-12-10 16:08:15 +0000
commit8906957df02daf5a1dac5ce83aa3580d3bf037a2 (patch)
tree851b90f16c94fdc697e4c8609751f4f00e4a6580 /main
parent6216eb1494e2a7aff29dfb6c54c89e700ca43c84 (diff)
downloadaports-8906957df02daf5a1dac5ce83aa3580d3bf037a2.tar.bz2
aports-8906957df02daf5a1dac5ce83aa3580d3bf037a2.tar.xz
main/libxml2: fix CVE-2012-5134
fixes #1491
Diffstat (limited to 'main')
-rw-r--r--main/libxml2/APKBUILD6
-rw-r--r--main/libxml2/CVE-2012-5134.patch21
2 files changed, 25 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index f9f52acdfb..01959c3196 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter at gmail>
pkgname=libxml2
pkgver=2.7.8
-pkgrel=4
+pkgrel=5
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -25,6 +25,7 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
libxml2-2.7.8-entities-local-buffers-size.patch
libxml2-2.7.8-entities-local-buffers-size2.patch
libxml2-2.7.8-parser-local-buffers-size.patch
+ CVE-2012-5134.patch
"
options="!strip"
@@ -78,4 +79,5 @@ d1eff47d3bc99b38a09744345eaf3434 libxml2-2.7.8-xpath-freeing2.patch
de02f584b928d3e25babc5c90aa800be libxml2-2.7.8-allocation-error-copying-entities.patch
c8c789a4fbdae599a47ecbfa32b889d7 libxml2-2.7.8-entities-local-buffers-size.patch
cba1201e77dc0f3e337d9ff146a2666e libxml2-2.7.8-entities-local-buffers-size2.patch
-6c5c7a125dddb616feb1b2f4254bf467 libxml2-2.7.8-parser-local-buffers-size.patch"
+6c5c7a125dddb616feb1b2f4254bf467 libxml2-2.7.8-parser-local-buffers-size.patch
+fe428448d74481d7547bc173cb40ef26 CVE-2012-5134.patch"
diff --git a/main/libxml2/CVE-2012-5134.patch b/main/libxml2/CVE-2012-5134.patch
new file mode 100644
index 0000000000..70905aaa75
--- /dev/null
+++ b/main/libxml2/CVE-2012-5134.patch
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ goto error;
+
+ if ((in_space) && (normalize)) {
+- while (buf[len - 1] == 0x20) len--;
++ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+ }
+ buf[len] = 0;
+ if (RAW == '<') {
+--
+cgit v0.9.0.2