sustaining/oi_151a/sfw-gate: changeset 178:1c3c793391b0

--- a/usr/src/lib/libxml2/Makefile.sfw	Wed Oct 03 22:16:32 2012 +0100
+++ b/usr/src/lib/libxml2/Makefile.sfw	Mon Dec 10 21:03:59 2012 +0000
@@ -130,6 +130,7 @@
 	(cd $(VER); gpatch -p 1 < ../Patches/CVE-2011-3919.patch)
 	(cd $(VER); gpatch -p 1 < ../Patches/CVE-2012-0841.patch)
 	(cd $(VER); gpatch -p 1 < ../Patches/CVE-2011-3102.patch)
+	(cd $(VER); gpatch -p 1 < ../Patches/CVE-2012-5134.patch)
 	touch $(VER)/configure
 
 $(VER64)/configure: $(VER).tar.gz
@@ -151,6 +152,7 @@
 	(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2011-3919.patch)
 	(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2012-0841.patch)
 	(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2011-3102.patch)
+	(cd $(VER64); gpatch -p 1 < ../Patches/CVE-2012-5134.patch)
 	touch $(VER64)/configure
 
 clean:

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/lib/libxml2/Patches/CVE-2012-5134.patch	Mon Dec 10 21:03:59 2012 +0000
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <[email protected]>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+         goto error;
+ 
+     if ((in_space) && (normalize)) {
+-        while (buf[len - 1] == 0x20) len--;
++        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+     }
+     buf[len] = 0;
+     if (RAW == '<') {
+--
+cgit v0.9.0.2

author	Jon Tibble <meths@btinternet.com>
	Mon, 10 Dec 2012 21:03:59 +0000
branch	oi_151a
changeset 178	1c3c793391b0
parent 177	b689fa6fe750
child 179	dc5cd0abc245

usr/src/lib/libxml2/Makefile.sfw		file \| annotate \| diff \| comparison \| revisions
usr/src/lib/libxml2/Patches/CVE-2012-5134.patch		file \| annotate \| diff \| comparison \| revisions