Pullup ticket #6458 - requested by nia

textproc/libxml2: security fix Revisions pulled up: - textproc/libxml2/Makefile 1.159 - textproc/libxml2/Makefile.common 1.14 - textproc/libxml2/distinfo 1.135 - textproc/libxml2/patches/patch-parser.c deleted - textproc/libxml2/patches/patch-python-types.c deleted - textproc/libxml2/patches/patch-python_libxml.c deleted - textproc/libxml2/patches/patch-xmlschemas.c deleted - textproc/py-libxml2/Makefile 1.68 --- Module Name: pkgsrc Committed By: nia Date: Sun May 23 19:31:47 UTC 2021 Modified Files: pkgsrc/textproc/libxml2: Makefile Makefile.common distinfo pkgsrc/textproc/py-libxml2: Makefile Removed Files: pkgsrc/textproc/libxml2/patches: patch-parser.c patch-python-types.c patch-python_libxml.c patch-xmlschemas.c Log Message: libxml2: update to 2.9.12 2.9.12: "Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball." 2.9.11: "Prompted by CVE-2021-3541, but this includes an awful lot of serious bug fixes by Nick and others."
author: bsiegert <bsiegert@pkgsrc.org> 2021-05-25 14:44:14 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2021-05-25 14:44:14 +0000
commit: ce7b6d3d4865e5878bd89e544dde83e719cd84af (patch)
tree: 5ef86b2505af44e097952e686c94acbfaa7ca480
parent: 7346da6837e6b65e4ac35e919c5d5a3003b211a9 (diff)
download: pkgsrc-ce7b6d3d4865e5878bd89e544dde83e719cd84af.tar.gz
8 files changed, 10 insertions, 193 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index d2f7661c481..873c08e085b 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.157 2020/11/05 09:07:10 ryoon Exp $
+# $NetBSD: Makefile,v 1.157.4.1 2021/05/25 14:44:14 bsiegert Exp $
 
 .include "../../textproc/libxml2/Makefile.common"
-PKGREVISION=	3
 
 COMMENT=	XML parser library from the GNOME project
 LICENSE=	modified-bsd
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common
index 60d0d89e925..a956602115e 100644
--- a/textproc/libxml2/Makefile.common
+++ b/textproc/libxml2/Makefile.common
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile.common,v 1.13 2019/11/06 13:19:43 wiz Exp $
+# $NetBSD: Makefile.common,v 1.13.12.1 2021/05/25 14:44:14 bsiegert Exp $
 #
 # used by textproc/libxml2/Makefile
 # used by textproc/py-libxml2/Makefile
 
-DISTNAME=	libxml2-2.9.10
+DISTNAME=	libxml2-2.9.12
 CATEGORIES=	textproc
-MASTER_SITES=	ftp://xmlsoft.org/libxml2/
-MASTER_SITES+=	http://xmlsoft.org/sources/
+MASTER_SITES=	http://xmlsoft.org/sources/
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://xmlsoft.org/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 45f11c22744..e305b46da09 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.134 2020/11/08 23:31:44 js Exp $
+$NetBSD: distinfo,v 1.134.4.1 2021/05/25 14:44:14 bsiegert Exp $
 
-SHA1 (libxml2-2.9.10.tar.gz) = db6592ec9ca9708c4e71bf6bfd907bbb5cd40644
-RMD160 (libxml2-2.9.10.tar.gz) = 455f81e1f121c63dac96802de7f83ce4483f1afe
-SHA512 (libxml2-2.9.10.tar.gz) = 0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed
-Size (libxml2-2.9.10.tar.gz) = 5624761 bytes
+SHA1 (libxml2-2.9.12.tar.gz) = 339fe5bb2a7d0c13f068c26d8f7cd194c13f9a2a
+RMD160 (libxml2-2.9.12.tar.gz) = 766b9460b9e62b8152f431747c30c88c868c0c7e
+SHA512 (libxml2-2.9.12.tar.gz) = df1c6486e80f0fcf3c506f3599bcfb94b620c00d0b5d26831bc983daa78d58ec58b5057b1ec7c1a26c694f40199c6234ee2a6dcabf65abfa10c447cb5705abbd
+Size (libxml2-2.9.12.tar.gz) = 5681632 bytes
 SHA1 (patch-Makefile.in) = e687eaa9805b855b0c8a944ec5c597bd34954472
 SHA1 (patch-catalog.c) = 34afe787f6012b460a85be993048e133907a1621
 SHA1 (patch-configure) = f6e9f08377a537657df08deee17a5cc66c60b808
diff --git a/textproc/libxml2/patches/patch-parser.c b/textproc/libxml2/patches/patch-parser.c
deleted file mode 100644
index 22d0a9000b0..00000000000
--- a/textproc/libxml2/patches/patch-parser.c
+++ /dev/null
@@ -1,38 +0,0 @@
-$NetBSD: patch-parser.c,v 1.7 2020/01/24 10:40:36 kim Exp $
-
-Fix CVE-2020-7595
-
-https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076.patch
-
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- parser.c
-+++ parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
-     else
-         c = 0;
-     while ((c != 0) && (c != end) && /* non input consuming loop */
--	   (c != end2) && (c != end3)) {
-+           (c != end2) && (c != end3) &&
-+           (ctxt->instate != XML_PARSER_EOF)) {
- 
- 	if (c == 0) break;
-         if ((c == '&') && (str[1] == '#')) {
--- 
-2.24.1
-
diff --git a/textproc/libxml2/patches/patch-python-types.c b/textproc/libxml2/patches/patch-python-types.c
deleted file mode 100644
index 5fa612221d5..00000000000
--- a/textproc/libxml2/patches/patch-python-types.c
+++ /dev/null
@@ -1,52 +0,0 @@
-$NetBSD: patch-python-types.c,v 1.1 2020/11/08 23:31:44 js Exp $
-
-Fix compilation with Python 3.9.
-
---- python/types.c.orig	2019-10-22 18:46:01.000000000 +0000
-+++ python/types.c
-@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject
-     if (obj == NULL) {
-         return (NULL);
-     }
--    if PyFloat_Check (obj) {
-+    if (PyFloat_Check (obj)) {
-         ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj));
--    } else if PyLong_Check(obj) {
-+    } else if (PyLong_Check(obj)) {
- #ifdef PyLong_AS_LONG
-         ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj));
- #else
-         ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj));
- #endif
- #ifdef PyBool_Check
--    } else if PyBool_Check (obj) {
-+    } else if (PyBool_Check (obj)) {
- 
-         if (obj == Py_True) {
-           ret = xmlXPathNewBoolean(1);
-@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject
-           ret = xmlXPathNewBoolean(0);
-         }
- #endif
--    } else if PyBytes_Check (obj) {
-+    } else if (PyBytes_Check (obj)) {
-         xmlChar *str;
- 
-         str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj),
-                          PyBytes_GET_SIZE(obj));
-         ret = xmlXPathWrapString(str);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (obj) {
-+    } else if (PyUnicode_Check (obj)) {
- #if PY_VERSION_HEX >= 0x03030000
-         xmlChar *str;
- 	const char *tmp;
-@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject
- 	ret = xmlXPathWrapString(str);
- #endif
- #endif
--    } else if PyList_Check (obj) {
-+    } else if (PyList_Check (obj)) {
-         int i;
-         PyObject *node;
-         xmlNodePtr cur;
diff --git a/textproc/libxml2/patches/patch-python_libxml.c b/textproc/libxml2/patches/patch-python_libxml.c
deleted file mode 100644
index 4e376d4482c..00000000000
--- a/textproc/libxml2/patches/patch-python_libxml.c
+++ /dev/null
@@ -1,51 +0,0 @@
-$NetBSD: patch-python_libxml.c,v 1.2 2020/11/08 23:31:44 js Exp $
-
-Avoid returning invalid UTF-8 strings to python.
-Based on https://bugzilla.opensuse.org/attachment.cgi?id=746044&action=edit
-Fixes https://github.com/itstool/itstool/issues/22
-Fix compilation with Python 3.9.
-
---- python/libxml.c.orig	2019-10-22 18:46:01.000000000 +0000
-+++ python/libxml.c
-@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, ch
- 	lenread = PyBytes_Size(ret);
- 	data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (ret) {
-+    } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
-         Py_ssize_t size;
- 	const char *tmp;
-@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char 
- 	lenread = PyBytes_Size(ret);
- 	data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (ret) {
-+    } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
-         Py_ssize_t size;
- 	const char *tmp;
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
-     PyObject *message;
-     PyObject *result;
-     char str[1000];
-+    unsigned char *ptr = (unsigned char *)str;
- 
- #ifdef DEBUG_ERROR
-     printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,10 +1637,14 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- 	    str[999] = 0;
-         va_end(ap);
- 
-+        /* Ensure the error string doesn't start at UTF8 continuation. */
-+        while (*ptr && (*ptr & 0xc0) == 0x80)
-+	    ptr++;
-+
-         list = PyTuple_New(2);
-         PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
-         Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
--        message = libxml_charPtrConstWrap(str);
-+        message = libxml_charPtrConstWrap(ptr);
-         PyTuple_SetItem(list, 1, message);
-         result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
-         Py_XDECREF(list);
diff --git a/textproc/libxml2/patches/patch-xmlschemas.c b/textproc/libxml2/patches/patch-xmlschemas.c
deleted file mode 100644
index 9260127ffdc..00000000000
--- a/textproc/libxml2/patches/patch-xmlschemas.c
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-xmlschemas.c,v 1.1 2020/01/24 10:40:36 kim Exp $
-
-Fix CVE-2019-20388
-
-https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68.patch
-
-From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- xmlschemas.c
-+++ xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
-     vctxt->nberrors = 0;
-     vctxt->depth = -1;
-     vctxt->skipDepth = -1;
--    vctxt->xsiAssemble = 0;
-     vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
-     vctxt->createIDCNodeTables = 1;
--- 
-2.24.1
-
diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile
index a1193e320de..5b846b50f48 100644
--- a/textproc/py-libxml2/Makefile
+++ b/textproc/py-libxml2/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.66 2020/11/05 09:09:14 ryoon Exp $
+# $NetBSD: Makefile,v 1.66.4.1 2021/05/25 14:44:14 bsiegert Exp $
 
-PKGREVISION= 2
 .include "../../textproc/libxml2/Makefile.common"
 
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
author	bsiegert <bsiegert@pkgsrc.org>	2021-05-25 14:44:14 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2021-05-25 14:44:14 +0000
commit	ce7b6d3d4865e5878bd89e544dde83e719cd84af (patch)
tree	5ef86b2505af44e097952e686c94acbfaa7ca480
parent	7346da6837e6b65e4ac35e919c5d5a3003b211a9 (diff)
download	pkgsrc-ce7b6d3d4865e5878bd89e544dde83e719cd84af.tar.gz