Date: Sat, 1 Nov 2014 20:17:46 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r372037 - in branches/2014Q4/textproc/libxml2: . files Message-ID: <201411012017.sA1KHktb022543@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Sat Nov 1 20:17:45 2014 New Revision: 372037 URL: https://svnweb.freebsd.org/changeset/ports/372037 QAT: https://qat.redports.org/buildarchive/r372037/ Log: MFH: r371693 Fix regression introduced in CVE-201403660 fix. Submitted by: gjb@ Obtained from: libxml2 upstream Approved by: portmgr (bapt@) Reminded to mfh by: gavin@ Modified: branches/2014Q4/textproc/libxml2/Makefile branches/2014Q4/textproc/libxml2/files/patch-parser.c Directory Properties: branches/2014Q4/ (props changed) Modified: branches/2014Q4/textproc/libxml2/Makefile ============================================================================== --- branches/2014Q4/textproc/libxml2/Makefile Sat Nov 1 20:17:39 2014 (r372036) +++ branches/2014Q4/textproc/libxml2/Makefile Sat Nov 1 20:17:45 2014 (r372037) @@ -4,7 +4,7 @@ PORTNAME= libxml2 PORTVERSION= 2.9.2 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES?= textproc gnome MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ \ Modified: branches/2014Q4/textproc/libxml2/files/patch-parser.c ============================================================================== --- branches/2014Q4/textproc/libxml2/files/patch-parser.c Sat Nov 1 20:17:39 2014 (r372036) +++ branches/2014Q4/textproc/libxml2/files/patch-parser.c Sat Nov 1 20:17:45 2014 (r372037) @@ -1,3 +1,16 @@ +From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 23 Oct 2014 11:35:36 +0800 +Subject: Fix missing entities after CVE-2014-3660 fix + +For https://bugzilla.gnome.org/show_bug.cgi?id=738805 + +The fix for CVE-2014-3660 introduced a regression in some case +where entity substitution is required and the entity is used +first in anotther entity referenced from an attribute value + +--- + From 0e6659ec960734b0b01aad196d4bdb4a3800b493 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel <lkundrak@v3.sk> Date: Thu, 16 Oct 2014 19:10:59 +0200 @@ -8,15 +21,19 @@ https://bugzilla.redhat.com/show_bug.cgi This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. ---- - parser.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/parser.c b/parser.c -index 1d93967..67c9dfd 100644 ---- parser.c -+++ parser.c -@@ -14830,9 +14830,6 @@ xmlInitParser(void) { +--- parser.c.orig 2014-10-29 14:28:43.755327730 +0100 ++++ parser.c 2014-10-29 14:28:55.287325756 +0100 +@@ -7235,7 +7235,8 @@ + * far more secure as the parser will only process data coming from + * the document entity by default. + */ +- if ((ent->checked == 0) && ++ if (((ent->checked == 0) || ++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { + unsigned long oldnbent = ctxt->nbentities; +@@ -14830,9 +14831,6 @@ #ifdef LIBXML_XPATH_ENABLED xmlXPathInit(); #endif @@ -26,6 +43,3 @@ index 1d93967..67c9dfd 100644 xmlParserInitialized = 1; #ifdef LIBXML_THREAD_ENABLED } --- -1.9.3 -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411012017.sA1KHktb022543>