diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2016-12-28 17:14:20 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2016-12-28 17:14:20 +0000 |
commit | cf13894f196ecc0d510f201da10e960b92e3fbf1 (patch) | |
tree | 09563c5e2482f00010ac6ce8f87d72fb9d8ba941 | |
parent | 9606a53ef5334d52a848b4b1e8feeb5cf0550b1c (diff) | |
download | pkgsrc-cf13894f196ecc0d510f201da10e960b92e3fbf1.tar.gz |
Pullup ticket #5175 - requested by sevan
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile.common 1.4
- textproc/libxml2/distinfo 1.114
- textproc/libxml2/patches/patch-result_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-test_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-xpath.c 1.1
- textproc/libxml2/patches/patch-xpointer.c 1.4
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Dec 27 02:34:34 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase
patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c
Log Message:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
-rw-r--r-- | textproc/libxml2/Makefile.common | 4 | ||||
-rw-r--r-- | textproc/libxml2/distinfo | 6 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-result_XPath_xptr_vidbase | 24 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-test_XPath_xptr_vidbase | 11 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-xpath.c | 27 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-xpointer.c | 102 |
6 files changed, 171 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common index 535f3d529d7..eb96c5dbe00 100644 --- a/textproc/libxml2/Makefile.common +++ b/textproc/libxml2/Makefile.common @@ -1,10 +1,10 @@ -# $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $ +# $NetBSD: Makefile.common,v 1.2.4.2 2016/12/28 17:14:20 bsiegert Exp $ # # used by textproc/libxml2/Makefile # used by textproc/py-libxml2/Makefile DISTNAME= libxml2-2.9.4 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index f6f1e6660e5..6ef7a6ab997 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $ +$NetBSD: distinfo,v 1.112.4.2 2016/12/28 17:14:20 bsiegert Exp $ SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 @@ -11,7 +11,11 @@ SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c +SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103 SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 +SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 +SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00 +SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032 diff --git a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase new file mode 100644 index 00000000000..507b9d67f9d --- /dev/null +++ b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase @@ -0,0 +1,24 @@ +$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $ + +CVE-2016-5131 +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + +--- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000 ++++ result/XPath/xptr/vidbase +@@ -17,3 +17,16 @@ Object is a Location Set: + To node + ELEMENT p + ++ ++======================== ++Expression: xpointer(range-to(id('chapter2'))) ++Object is a Location Set: ++1 : Object is a range : ++ From node ++ / ++ To node ++ ELEMENT chapter ++ ATTRIBUTE id ++ TEXT ++ content=chapter2 ++ diff --git a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase new file mode 100644 index 00000000000..e8ba5e73cdd --- /dev/null +++ b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase @@ -0,0 +1,11 @@ +$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $ + +CVE-2016-5131 +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + +--- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000 ++++ test/XPath/xptr/vidbase +@@ -1,2 +1,3 @@ + xpointer(id('chapter1')/p) + xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) ++xpointer(range-to(id('chapter2'))) diff --git a/textproc/libxml2/patches/patch-xpath.c b/textproc/libxml2/patches/patch-xpath.c new file mode 100644 index 00000000000..e1ce2a83d91 --- /dev/null +++ b/textproc/libxml2/patches/patch-xpath.c @@ -0,0 +1,27 @@ +$NetBSD: patch-xpath.c,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $ + +CVE-2016-5131 +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + +--- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000 ++++ xpath.c +@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte + lc = 1; + break; + } else if ((NXT(len) == '(')) { +- /* Note Type or Function */ ++ /* Node Type or Function */ + if (xmlXPathIsNodeType(name)) { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, + "PathExpr: Type search\n"); + #endif + lc = 1; ++#ifdef LIBXML_XPTR_ENABLED ++ } else if (ctxt->xptr && ++ xmlStrEqual(name, BAD_CAST "range-to")) { ++ lc = 1; ++#endif + } else { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c new file mode 100644 index 00000000000..da3d7be8f7c --- /dev/null +++ b/textproc/libxml2/patches/patch-xpointer.c @@ -0,0 +1,102 @@ +$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $ + +CVE-2016-4658 +https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b + +CVE-2016-5131 +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + +--- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000 ++++ xpointer.c +@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode + ret->here = here; + ret->origin = origin; + +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", +- xmlXPtrRangeToFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range", + xmlXPtrRangeFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", +@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse + * @nargs: the number of args + * + * Implement the range-to() XPointer function ++ * ++ * Obsolete. range-to is not a real function but a special type of location ++ * step which is handled in xpath.c. + */ + void +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { +- xmlXPathObjectPtr range; +- const xmlChar *cur; +- xmlXPathObjectPtr res, obj; +- xmlXPathObjectPtr tmp; +- xmlLocationSetPtr newset = NULL; +- xmlNodeSetPtr oldset; +- int i; +- +- if (ctxt == NULL) return; +- CHECK_ARITY(1); +- /* +- * Save the expression pointer since we will have to evaluate +- * it multiple times. Initialize the new set. +- */ +- CHECK_TYPE(XPATH_NODESET); +- obj = valuePop(ctxt); +- oldset = obj->nodesetval; +- ctxt->context->node = NULL; +- +- cur = ctxt->cur; +- newset = xmlXPtrLocationSetCreate(NULL); +- +- for (i = 0; i < oldset->nodeNr; i++) { +- ctxt->cur = cur; +- +- /* +- * Run the evaluation with a node list made of a single item +- * in the nodeset. +- */ +- ctxt->context->node = oldset->nodeTab[i]; +- tmp = xmlXPathNewNodeSet(ctxt->context->node); +- valuePush(ctxt, tmp); +- +- xmlXPathEvalExpr(ctxt); +- CHECK_ERROR; +- +- /* +- * The result of the evaluation need to be tested to +- * decided whether the filter succeeded or not +- */ +- res = valuePop(ctxt); +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); +- if (range != NULL) { +- xmlXPtrLocationSetAdd(newset, range); +- } +- +- /* +- * Cleanup +- */ +- if (res != NULL) +- xmlXPathFreeObject(res); +- if (ctxt->value == tmp) { +- res = valuePop(ctxt); +- xmlXPathFreeObject(res); +- } +- +- ctxt->context->node = NULL; +- } +- +- /* +- * The result is used as the new evaluation set. +- */ +- xmlXPathFreeObject(obj); +- ctxt->context->node = NULL; +- ctxt->context->contextSize = -1; +- ctxt->context->proximityPosition = -1; +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, ++ int nargs ATTRIBUTE_UNUSED) { ++ XP_ERROR(XPATH_EXPR_ERROR); + } + + /** |