Pullup ticket #5175 - requested by sevan

textproc/libxml2: security fix Revisions pulled up: - textproc/libxml2/Makefile.common 1.4 - textproc/libxml2/distinfo 1.114 - textproc/libxml2/patches/patch-result_XPath_xptr_vidbase 1.1 - textproc/libxml2/patches/patch-test_XPath_xptr_vidbase 1.1 - textproc/libxml2/patches/patch-xpath.c 1.1 - textproc/libxml2/patches/patch-xpointer.c 1.4 --- Module Name: pkgsrc Committed By: sevan Date: Tue Dec 27 02:34:34 UTC 2016 Modified Files: pkgsrc/textproc/libxml2: Makefile.common distinfo Added Files: pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c Log Message: Patch for CVE-2016-4658 & CVE-2016-5131 Bump rev
author: bsiegert <bsiegert@pkgsrc.org> 2016-12-28 17:14:20 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2016-12-28 17:14:20 +0000
commit: cf13894f196ecc0d510f201da10e960b92e3fbf1 (patch)
tree: 09563c5e2482f00010ac6ce8f87d72fb9d8ba941
parent: 9606a53ef5334d52a848b4b1e8feeb5cf0550b1c (diff)
download: pkgsrc-cf13894f196ecc0d510f201da10e960b92e3fbf1.tar.gz
6 files changed, 171 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common
index 535f3d529d7..eb96c5dbe00 100644
--- a/textproc/libxml2/Makefile.common
+++ b/textproc/libxml2/Makefile.common
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $
+# $NetBSD: Makefile.common,v 1.2.4.2 2016/12/28 17:14:20 bsiegert Exp $
 #
 # used by textproc/libxml2/Makefile
 # used by textproc/py-libxml2/Makefile
 
 DISTNAME=	libxml2-2.9.4
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index f6f1e6660e5..6ef7a6ab997 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $
+$NetBSD: distinfo,v 1.112.4.2 2016/12/28 17:14:20 bsiegert Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -11,7 +11,11 @@ SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
 SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
+SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103
 SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
+SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
+SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
+SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff --git a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
new file mode 100644
index 00000000000..507b9d67f9d
--- /dev/null
+++ b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
@@ -0,0 +1,24 @@
+$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- result/XPath/xptr/vidbase.orig	2016-12-27 02:22:25.000000000 +0000
++++ result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+   To node
+     ELEMENT p
+ 
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 :   Object is a range :
++  From node
++     /
++  To node
++    ELEMENT chapter
++      ATTRIBUTE id
++        TEXT
++          content=chapter2
++
diff --git a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
new file mode 100644
index 00000000000..e8ba5e73cdd
--- /dev/null
+++ b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
@@ -0,0 +1,11 @@
+$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- test/XPath/xptr/vidbase.orig	2016-12-27 02:22:06.000000000 +0000
++++ test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
diff --git a/textproc/libxml2/patches/patch-xpath.c b/textproc/libxml2/patches/patch-xpath.c
new file mode 100644
index 00000000000..e1ce2a83d91
--- /dev/null
+++ b/textproc/libxml2/patches/patch-xpath.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-xpath.c,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpath.c.orig	2016-12-27 02:21:53.000000000 +0000
++++ xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+ 		    lc = 1;
+ 		    break;
+ 		} else if ((NXT(len) == '(')) {
+-		    /* Note Type or Function */
++		    /* Node Type or Function */
+ 		    if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+ 				"PathExpr: Type search\n");
+ #endif
+ 			lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++                    } else if (ctxt->xptr &&
++                               xmlStrEqual(name, BAD_CAST "range-to")) {
++                        lc = 1;
++#endif
+ 		    } else {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c
new file mode 100644
index 00000000000..da3d7be8f7c
--- /dev/null
+++ b/textproc/libxml2/patches/patch-xpointer.c
@@ -0,0 +1,102 @@
+$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-4658
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpointer.c.orig	2016-12-27 02:19:03.000000000 +0000
++++ xpointer.c
+@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+     ret->here = here;
+     ret->origin = origin;
+ 
+-    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+-	                 xmlXPtrRangeToFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ 	                 xmlXPtrRangeFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+  * @nargs:  the number of args
+  *
+  * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+  */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+-    xmlXPathObjectPtr range;
+-    const xmlChar *cur;
+-    xmlXPathObjectPtr res, obj;
+-    xmlXPathObjectPtr tmp;
+-    xmlLocationSetPtr newset = NULL;
+-    xmlNodeSetPtr oldset;
+-    int i;
+-
+-    if (ctxt == NULL) return;
+-    CHECK_ARITY(1);
+-    /*
+-     * Save the expression pointer since we will have to evaluate
+-     * it multiple times. Initialize the new set.
+-     */
+-    CHECK_TYPE(XPATH_NODESET);
+-    obj = valuePop(ctxt);
+-    oldset = obj->nodesetval;
+-    ctxt->context->node = NULL;
+-
+-    cur = ctxt->cur;
+-    newset = xmlXPtrLocationSetCreate(NULL);
+-
+-    for (i = 0; i < oldset->nodeNr; i++) {
+-	ctxt->cur = cur;
+-
+-	/*
+-	 * Run the evaluation with a node list made of a single item
+-	 * in the nodeset.
+-	 */
+-	ctxt->context->node = oldset->nodeTab[i];
+-	tmp = xmlXPathNewNodeSet(ctxt->context->node);
+-	valuePush(ctxt, tmp);
+-
+-	xmlXPathEvalExpr(ctxt);
+-	CHECK_ERROR;
+-
+-	/*
+-	 * The result of the evaluation need to be tested to
+-	 * decided whether the filter succeeded or not
+-	 */
+-	res = valuePop(ctxt);
+-	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+-	if (range != NULL) {
+-	    xmlXPtrLocationSetAdd(newset, range);
+-	}
+-
+-	/*
+-	 * Cleanup
+-	 */
+-	if (res != NULL)
+-	    xmlXPathFreeObject(res);
+-	if (ctxt->value == tmp) {
+-	    res = valuePop(ctxt);
+-	    xmlXPathFreeObject(res);
+-	}
+-
+-	ctxt->context->node = NULL;
+-    }
+-
+-    /*
+-     * The result is used as the new evaluation set.
+-     */
+-    xmlXPathFreeObject(obj);
+-    ctxt->context->node = NULL;
+-    ctxt->context->contextSize = -1;
+-    ctxt->context->proximityPosition = -1;
+-    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++                       int nargs ATTRIBUTE_UNUSED) {
++    XP_ERROR(XPATH_EXPR_ERROR);
+ }
+ 
+ /**
author	bsiegert <bsiegert@pkgsrc.org>	2016-12-28 17:14:20 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2016-12-28 17:14:20 +0000
commit	cf13894f196ecc0d510f201da10e960b92e3fbf1 (patch)
tree	09563c5e2482f00010ac6ce8f87d72fb9d8ba941
parent	9606a53ef5334d52a848b4b1e8feeb5cf0550b1c (diff)
download	pkgsrc-cf13894f196ecc0d510f201da10e960b92e3fbf1.tar.gz