summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2016-12-28 17:14:20 +0000
committerbsiegert <bsiegert@pkgsrc.org>2016-12-28 17:14:20 +0000
commitcf13894f196ecc0d510f201da10e960b92e3fbf1 (patch)
tree09563c5e2482f00010ac6ce8f87d72fb9d8ba941
parent9606a53ef5334d52a848b4b1e8feeb5cf0550b1c (diff)
downloadpkgsrc-cf13894f196ecc0d510f201da10e960b92e3fbf1.tar.gz
Pullup ticket #5175 - requested by sevan
textproc/libxml2: security fix Revisions pulled up: - textproc/libxml2/Makefile.common 1.4 - textproc/libxml2/distinfo 1.114 - textproc/libxml2/patches/patch-result_XPath_xptr_vidbase 1.1 - textproc/libxml2/patches/patch-test_XPath_xptr_vidbase 1.1 - textproc/libxml2/patches/patch-xpath.c 1.1 - textproc/libxml2/patches/patch-xpointer.c 1.4 --- Module Name: pkgsrc Committed By: sevan Date: Tue Dec 27 02:34:34 UTC 2016 Modified Files: pkgsrc/textproc/libxml2: Makefile.common distinfo Added Files: pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c Log Message: Patch for CVE-2016-4658 & CVE-2016-5131 Bump rev
-rw-r--r--textproc/libxml2/Makefile.common4
-rw-r--r--textproc/libxml2/distinfo6
-rw-r--r--textproc/libxml2/patches/patch-result_XPath_xptr_vidbase24
-rw-r--r--textproc/libxml2/patches/patch-test_XPath_xptr_vidbase11
-rw-r--r--textproc/libxml2/patches/patch-xpath.c27
-rw-r--r--textproc/libxml2/patches/patch-xpointer.c102
6 files changed, 171 insertions, 3 deletions
diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common
index 535f3d529d7..eb96c5dbe00 100644
--- a/textproc/libxml2/Makefile.common
+++ b/textproc/libxml2/Makefile.common
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $
+# $NetBSD: Makefile.common,v 1.2.4.2 2016/12/28 17:14:20 bsiegert Exp $
#
# used by textproc/libxml2/Makefile
# used by textproc/py-libxml2/Makefile
DISTNAME= libxml2-2.9.4
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= textproc
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index f6f1e6660e5..6ef7a6ab997 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $
+$NetBSD: distinfo,v 1.112.4.2 2016/12/28 17:14:20 bsiegert Exp $
SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -11,7 +11,11 @@ SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
+SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103
SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
+SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
+SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
+SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff --git a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
new file mode 100644
index 00000000000..507b9d67f9d
--- /dev/null
+++ b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
@@ -0,0 +1,24 @@
+$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000
++++ result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+ To node
+ ELEMENT p
+
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 : Object is a range :
++ From node
++ /
++ To node
++ ELEMENT chapter
++ ATTRIBUTE id
++ TEXT
++ content=chapter2
++
diff --git a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
new file mode 100644
index 00000000000..e8ba5e73cdd
--- /dev/null
+++ b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
@@ -0,0 +1,11 @@
+$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000
++++ test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
diff --git a/textproc/libxml2/patches/patch-xpath.c b/textproc/libxml2/patches/patch-xpath.c
new file mode 100644
index 00000000000..e1ce2a83d91
--- /dev/null
+++ b/textproc/libxml2/patches/patch-xpath.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-xpath.c,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000
++++ xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+ lc = 1;
+ break;
+ } else if ((NXT(len) == '(')) {
+- /* Note Type or Function */
++ /* Node Type or Function */
+ if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+ "PathExpr: Type search\n");
+ #endif
+ lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++ } else if (ctxt->xptr &&
++ xmlStrEqual(name, BAD_CAST "range-to")) {
++ lc = 1;
++#endif
+ } else {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c
new file mode 100644
index 00000000000..da3d7be8f7c
--- /dev/null
+++ b/textproc/libxml2/patches/patch-xpointer.c
@@ -0,0 +1,102 @@
+$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-4658
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000
++++ xpointer.c
+@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+ ret->here = here;
+ ret->origin = origin;
+
+- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+- xmlXPtrRangeToFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ xmlXPtrRangeFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+ * @nargs: the number of args
+ *
+ * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+ */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+- xmlXPathObjectPtr range;
+- const xmlChar *cur;
+- xmlXPathObjectPtr res, obj;
+- xmlXPathObjectPtr tmp;
+- xmlLocationSetPtr newset = NULL;
+- xmlNodeSetPtr oldset;
+- int i;
+-
+- if (ctxt == NULL) return;
+- CHECK_ARITY(1);
+- /*
+- * Save the expression pointer since we will have to evaluate
+- * it multiple times. Initialize the new set.
+- */
+- CHECK_TYPE(XPATH_NODESET);
+- obj = valuePop(ctxt);
+- oldset = obj->nodesetval;
+- ctxt->context->node = NULL;
+-
+- cur = ctxt->cur;
+- newset = xmlXPtrLocationSetCreate(NULL);
+-
+- for (i = 0; i < oldset->nodeNr; i++) {
+- ctxt->cur = cur;
+-
+- /*
+- * Run the evaluation with a node list made of a single item
+- * in the nodeset.
+- */
+- ctxt->context->node = oldset->nodeTab[i];
+- tmp = xmlXPathNewNodeSet(ctxt->context->node);
+- valuePush(ctxt, tmp);
+-
+- xmlXPathEvalExpr(ctxt);
+- CHECK_ERROR;
+-
+- /*
+- * The result of the evaluation need to be tested to
+- * decided whether the filter succeeded or not
+- */
+- res = valuePop(ctxt);
+- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+- if (range != NULL) {
+- xmlXPtrLocationSetAdd(newset, range);
+- }
+-
+- /*
+- * Cleanup
+- */
+- if (res != NULL)
+- xmlXPathFreeObject(res);
+- if (ctxt->value == tmp) {
+- res = valuePop(ctxt);
+- xmlXPathFreeObject(res);
+- }
+-
+- ctxt->context->node = NULL;
+- }
+-
+- /*
+- * The result is used as the new evaluation set.
+- */
+- xmlXPathFreeObject(obj);
+- ctxt->context->node = NULL;
+- ctxt->context->contextSize = -1;
+- ctxt->context->proximityPosition = -1;
+- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++ int nargs ATTRIBUTE_UNUSED) {
++ XP_ERROR(XPATH_EXPR_ERROR);
+ }
+
+ /**