From 4e37a24472777aa3ef6376fd5303ef977db2fc51 Mon Sep 17 00:00:00 2001 From: Steven Williamson Date: Tue, 24 Oct 2017 12:50:46 +0100 Subject: [PATCH] Backport of latest libxml2 Fix for various CVE's --- textproc/libxml2/Makefile | 3 +- textproc/libxml2/Makefile.common | 9 +- textproc/libxml2/distinfo | 19 +--- .../libxml2/patches/patch-parseInternals.c | 18 ---- .../patches/patch-result_XPath_xptr_vidbase | 24 ----- textproc/libxml2/patches/patch-runtest.c | 17 --- .../patches/patch-test_XPath_xptr_vidbase | 11 -- textproc/libxml2/patches/patch-testlimits.c | 43 -------- textproc/libxml2/patches/patch-timsort.h | 16 --- textproc/libxml2/patches/patch-xmlIO.c | 17 --- textproc/libxml2/patches/patch-xpath.c | 27 ----- textproc/libxml2/patches/patch-xpointer.c | 102 ------------------ 12 files changed, 10 insertions(+), 296 deletions(-) delete mode 100644 textproc/libxml2/patches/patch-parseInternals.c delete mode 100644 textproc/libxml2/patches/patch-result_XPath_xptr_vidbase delete mode 100644 textproc/libxml2/patches/patch-runtest.c delete mode 100644 textproc/libxml2/patches/patch-test_XPath_xptr_vidbase delete mode 100644 textproc/libxml2/patches/patch-testlimits.c delete mode 100644 textproc/libxml2/patches/patch-timsort.h delete mode 100644 textproc/libxml2/patches/patch-xmlIO.c delete mode 100644 textproc/libxml2/patches/patch-xpath.c delete mode 100644 textproc/libxml2/patches/patch-xpointer.c diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index a914af28716a7..60f5b4d3855cc 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.142 2016/05/27 23:51:10 pgoyette Exp $ +# $NetBSD: Makefile,v 1.146 2017/09/10 20:49:20 wiz Exp $ .include "../../textproc/libxml2/Makefile.common" @@ -7,7 +7,6 @@ LICENSE= modified-bsd USE_FEATURES= glob USE_LIBTOOL= yes -USE_MULTIARCH= bin lib USE_TOOLS+= gmake GNU_CONFIGURE= yes CONFIGURE_ARGS+= --with-html-subdir=libxml2 diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common index fc251616e2bc5..bbcb00e1945ce 100644 --- a/textproc/libxml2/Makefile.common +++ b/textproc/libxml2/Makefile.common @@ -1,13 +1,12 @@ -# $NetBSD: Makefile.common,v 1.4 2016/12/27 02:34:33 sevan Exp $ +# $NetBSD: Makefile.common,v 1.7 2017/09/10 20:49:20 wiz Exp $ # # used by textproc/libxml2/Makefile # used by textproc/py-libxml2/Makefile -DISTNAME= libxml2-2.9.4 -PKGREVISION= 2 +DISTNAME= libxml2-2.9.6 CATEGORIES= textproc -MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ - http://xmlsoft.org/sources/ +MASTER_SITES= ftp://xmlsoft.org/libxml2/ +MASTER_SITES+= http://xmlsoft.org/sources/ MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://xmlsoft.org/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index e3861c0636325..67a8ad1768642 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,21 +1,12 @@ -$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $ +$NetBSD: distinfo,v 1.117 2017/09/10 20:49:20 wiz Exp $ -SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db -RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 -SHA512 (libxml2-2.9.4.tar.gz) = f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 -Size (libxml2-2.9.4.tar.gz) = 5374830 bytes +SHA1 (libxml2-2.9.6.tar.gz) = 4ab4605fce0f82a004c3b2aeb368efc8f356e020 +RMD160 (libxml2-2.9.6.tar.gz) = 99616c77b5991a00e83abca708338cfa09beef29 +SHA512 (libxml2-2.9.6.tar.gz) = 5ef80f895374bd5dd3bcd5f00c715795f026bf45d998f8f762c0cdb739b8755e01de40cf853d98a3826eacef95c4adebe4777db11020e8d98d0bda921f55a0ed +Size (libxml2-2.9.6.tar.gz) = 5469624 bytes SHA1 (patch-aa) = e687eaa9805b855b0c8a944ec5c597bd34954472 SHA1 (patch-ab) = d6d6e9a91307da0c7f334b5b9ad432878babd1ac SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621 SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 -SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c -SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103 -SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 -SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3 -SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b -SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 -SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 -SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00 -SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032 diff --git a/textproc/libxml2/patches/patch-parseInternals.c b/textproc/libxml2/patches/patch-parseInternals.c deleted file mode 100644 index c14ab3d4333bd..0000000000000 --- a/textproc/libxml2/patches/patch-parseInternals.c +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-parseInternals.c,v 1.1 2016/11/30 14:46:22 sevan Exp $ - -CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726 - ---- parserInternals.c.orig 2016-11-30 14:35:55.000000000 +0000 -+++ parserInternals.c -@@ -1438,6 +1438,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr - break; - case XML_EXTERNAL_GENERAL_PARSED_ENTITY: - case XML_EXTERNAL_PARAMETER_ENTITY: -+ if (((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0)) { -+ xmlErrInternal(ctxt, "xmlNewEntityInputStream will not read content for external entity\n", -+ NULL); -+ } - return(xmlLoadExternalEntity((char *) entity->URI, - (char *) entity->ExternalID, ctxt)); - case XML_INTERNAL_GENERAL_ENTITY: diff --git a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase deleted file mode 100644 index 54fa425946472..0000000000000 --- a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000 -+++ result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ diff --git a/textproc/libxml2/patches/patch-runtest.c b/textproc/libxml2/patches/patch-runtest.c deleted file mode 100644 index 4a3c82ac1eae1..0000000000000 --- a/textproc/libxml2/patches/patch-runtest.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- runtest.c.orig 2016-05-23 07:25:25.000000000 +0000 -+++ runtest.c -@@ -688,7 +688,7 @@ static int compareFileMem(const char *fi - } - if (info.st_size != size) { - fprintf(stderr, "file %s is %ld bytes, result is %d bytes\n", -- filename, info.st_size, size); -+ filename, (long)info.st_size, size); - return(-1); - } - fd = open(filename, RD_FLAGS); diff --git a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase deleted file mode 100644 index 19f060fb82865..0000000000000 --- a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase +++ /dev/null @@ -1,11 +0,0 @@ -$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000 -+++ test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) diff --git a/textproc/libxml2/patches/patch-testlimits.c b/textproc/libxml2/patches/patch-testlimits.c deleted file mode 100644 index 60332ae069530..0000000000000 --- a/textproc/libxml2/patches/patch-testlimits.c +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to unsigned long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- testlimits.c.orig 2016-02-09 10:17:34.000000000 +0000 -+++ testlimits.c -@@ -1284,13 +1284,14 @@ saxTest(const char *filename, size_t lim - if (fail) - res = 0; - else { -- fprintf(stderr, "Failed to parse '%s' %lu\n", filename, limit); -+ fprintf(stderr, "Failed to parse '%s' %lu\n", filename, -+ (unsigned long)limit); - res = 1; - } - } else { - if (fail) { - fprintf(stderr, "Failed to get failure for '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } else - res = 0; -@@ -1339,7 +1340,7 @@ readerTest(const char *filename, size_t - filename, crazy_indx); - else - fprintf(stderr, "Failed to parse '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } - } else { -@@ -1349,7 +1350,7 @@ readerTest(const char *filename, size_t - filename, crazy_indx); - else - fprintf(stderr, "Failed to get failure for '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } else - res = 0; diff --git a/textproc/libxml2/patches/patch-timsort.h b/textproc/libxml2/patches/patch-timsort.h deleted file mode 100644 index 15e5d6bb871fa..0000000000000 --- a/textproc/libxml2/patches/patch-timsort.h +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD$ - -Cast argument (gcc says "unsigned int") to match %lu format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- timsort.h.orig 2016-02-09 10:17:34.000000000 +0000 -+++ timsort.h -@@ -323,7 +323,7 @@ static void TIM_SORT_RESIZE(TEMP_STORAGE - SORT_TYPE *tempstore = (SORT_TYPE *)realloc(store->storage, new_size * sizeof(SORT_TYPE)); - if (tempstore == NULL) - { -- fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", sizeof(SORT_TYPE) * new_size); -+ fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", (unsigned long)(sizeof(SORT_TYPE) * new_size)); - exit(1); - } - store->storage = tempstore; diff --git a/textproc/libxml2/patches/patch-xmlIO.c b/textproc/libxml2/patches/patch-xmlIO.c deleted file mode 100644 index 1ee175b79c190..0000000000000 --- a/textproc/libxml2/patches/patch-xmlIO.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to unsigned long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- xmlIO.c.orig 2016-05-23 07:25:25.000000000 +0000 -+++ xmlIO.c -@@ -1674,7 +1674,7 @@ xmlZMemBuffExtend( xmlZMemBuffPtr buff, - xmlStrPrintf(msg, 500, - "xmlZMemBuffExtend: %s %lu bytes.\n", - "Allocation failure extending output buffer to", -- new_size ); -+ (unsigned long)new_size ); - xmlIOErr(XML_IO_WRITE, (const char *) msg); - } - diff --git a/textproc/libxml2/patches/patch-xpath.c b/textproc/libxml2/patches/patch-xpath.c deleted file mode 100644 index 2089e4abf725a..0000000000000 --- a/textproc/libxml2/patches/patch-xpath.c +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-xpath.c,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000 -+++ xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c deleted file mode 100644 index 4da030f286e45..0000000000000 --- a/textproc/libxml2/patches/patch-xpointer.c +++ /dev/null @@ -1,102 +0,0 @@ -$NetBSD: patch-xpointer.c,v 1.4 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-4658 -https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000 -+++ xpointer.c -@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /**