summaryrefslogtreecommitdiff
path: root/textproc/libxml2
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2011-11-01 19:21:06 +0000
committerspz <spz@pkgsrc.org>2011-11-01 19:21:06 +0000
commit5567f437f8de0f3be1af06bb2f2a7b13a417cb9f (patch)
treefff012d1869ab8b388412186d8f4d7cbb7a6daf7 /textproc/libxml2
parent77cf88cfef6990a8fae76239f33554422e1b79c5 (diff)
downloadpkgsrc-5567f437f8de0f3be1af06bb2f2a7b13a417cb9f.tar.gz
sundry security patches taken from libxml2 git
among these patches for http://secunia.com/advisories/46632/
Diffstat (limited to 'textproc/libxml2')
-rw-r--r--textproc/libxml2/Makefile4
-rw-r--r--textproc/libxml2/distinfo8
-rw-r--r--textproc/libxml2/patches/patch-ag24
-rw-r--r--textproc/libxml2/patches/patch-ak229
-rw-r--r--textproc/libxml2/patches/patch-include_libxml_xpath.h23
-rw-r--r--textproc/libxml2/patches/patch-xpointer.c12
6 files changed, 273 insertions, 27 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 2dbc8e76050..d802e801707 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.109 2011/06/06 12:09:01 drochner Exp $
+# $NetBSD: Makefile,v 1.110 2011/11/01 19:21:06 spz Exp $
DISTNAME= libxml2-2.7.8
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= textproc
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index e3bdaa0e27a..accc6155da4 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.83 2011/06/06 12:09:01 drochner Exp $
+$NetBSD: distinfo,v 1.84 2011/11/01 19:21:06 spz Exp $
SHA1 (libxml2-2.7.8.tar.gz) = 859dd535edbb851cc15b64740ee06551a7a17d40
RMD160 (libxml2-2.7.8.tar.gz) = 30709622cfe3e2175e73d6701b7e19a25ab5ac47
@@ -8,7 +8,9 @@ SHA1 (patch-ab) = e1cb25ae1b2219af91d11f0ccdbb12912d50488a
SHA1 (patch-ac) = 264c75cf9fff5319105b971c122cdf5fc103c04e
SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
SHA1 (patch-ae) = b8d8e0275cab3caafd98275ac22b63951fc4b5fd
-SHA1 (patch-ag) = 30ec5c8daece4aba75a02bbc13db5373542dea7b
+SHA1 (patch-ag) = ab4aeeb8ca696b88285274760ab3ef08800773a0
SHA1 (patch-aj) = 24eb4a08ea4c40be6d75a72cd0bb5280514f73d4
-SHA1 (patch-ak) = 73796d55e21d6b7dae79ac1a2abee4bc64116dbc
+SHA1 (patch-ak) = 5e0e9807d7ae0bc93a5583a61bb88a49ec1751e8
SHA1 (patch-al) = e5be144291a46c1b5e9720ac9d02c1fb00c6ea20
+SHA1 (patch-include_libxml_xpath.h) = 3fc74551a7843668cf9ffee19b1f20ccb674e153
+SHA1 (patch-xpointer.c) = fa720fd515bab3f99bb11bf56320b3ad8e5fb211
diff --git a/textproc/libxml2/patches/patch-ag b/textproc/libxml2/patches/patch-ag
index 0583f26871e..173890eb3a5 100644
--- a/textproc/libxml2/patches/patch-ag
+++ b/textproc/libxml2/patches/patch-ag
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.8 2009/11/15 12:48:25 drochner Exp $
+$NetBSD: patch-ag,v 1.9 2011/11/01 19:21:06 spz Exp $
---- encoding.c.orig 2009-09-24 17:31:59.000000000 +0200
+--- encoding.c.orig 2010-11-04 16:40:06.000000000 +0000
+++ encoding.c
-@@ -1376,6 +1376,9 @@ xmlInitCharEncodingHandlers(void) {
+@@ -1429,6 +1429,9 @@ xmlInitCharEncodingHandlers(void) {
xmlRegisterCharEncodingHandlersISO8859x ();
#endif
#endif
@@ -12,3 +12,21 @@ $NetBSD: patch-ag,v 1.8 2009/11/15 12:48:25 drochner Exp $
}
+@@ -1928,7 +1931,7 @@ xmlCharEncFirstLineInt(xmlCharEncodingHa
+ if (in == NULL) return(-1);
+
+ /* calculate space available */
+- written = out->size - out->use;
++ written = out->size - out->use - 1; /* count '\0' */
+ toconv = in->use;
+ /*
+ * echo '<?xml version="1.0" encoding="UCS4"?>' | wc -c => 38
+@@ -2059,7 +2062,7 @@ xmlCharEncInFunc(xmlCharEncodingHandler
+ toconv = in->use;
+ if (toconv == 0)
+ return (0);
+- written = out->size - out->use;
++ written = out->size - out->use - 1; /* count '\0' */
+ if (toconv * 2 >= written) {
+ xmlBufferGrow(out, out->size + toconv * 2);
+ written = out->size - out->use - 1;
diff --git a/textproc/libxml2/patches/patch-ak b/textproc/libxml2/patches/patch-ak
index eb702b611b6..b2def79c628 100644
--- a/textproc/libxml2/patches/patch-ak
+++ b/textproc/libxml2/patches/patch-ak
@@ -1,12 +1,16 @@
-$NetBSD: patch-ak,v 1.2 2011/06/06 12:09:01 drochner Exp $
-
-from gnome git:
--fix realloc bugs (CVE-2011-1944)
--fix CVE-2010-4494 / SA42721
+$NetBSD: patch-ak,v 1.3 2011/11/01 19:21:06 spz Exp $
--- xpath.c.orig 2010-11-03 19:18:27.000000000 +0000
+++ xpath.c
-@@ -722,14 +722,13 @@ xmlXPathCompExprAdd(xmlXPathCompExprPtr
+@@ -252,6 +252,7 @@ static const char *xmlXPathErrorMessages
+ "Encoding error\n",
+ "Char out of XML range\n",
+ "Invalid or incomplete context\n",
++ "Stack usage errror\n",
+ "?? Unknown error ??\n" /* Must be last in the list! */
+ };
+ #define MAXERRNO ((int)(sizeof(xmlXPathErrorMessages) / \
+@@ -722,14 +723,13 @@ xmlXPathCompExprAdd(xmlXPathCompExprPtr
if (comp->nbStep >= comp->maxStep) {
xmlXPathStepOp *real;
@@ -23,7 +27,71 @@ from gnome git:
comp->steps = real;
}
comp->last = comp->nbStep;
-@@ -3522,13 +3521,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
+@@ -2398,6 +2398,42 @@ xmlXPathCacheConvertNumber(xmlXPathConte
+ ************************************************************************/
+
+ /**
++ * xmlXPathSetFrame:
++ * @ctxt: an XPath parser context
++ *
++ * Set the callee evaluation frame
++ *
++ * Returns the previous frame value to be restored once done
++ */
++static int
++xmlXPathSetFrame(xmlXPathParserContextPtr ctxt) {
++ int ret;
++
++ if (ctxt == NULL)
++ return(0);
++ ret = ctxt->valueFrame;
++ ctxt->valueFrame = ctxt->valueNr;
++ return(ret);
++}
++
++/**
++ * xmlXPathPopFrame:
++ * @ctxt: an XPath parser context
++ * @frame: the previous frame value
++ *
++ * Remove the callee evaluation frame
++ */
++static void
++xmlXPathPopFrame(xmlXPathParserContextPtr ctxt, int frame) {
++ if (ctxt == NULL)
++ return;
++ if (ctxt->valueNr < ctxt->valueFrame) {
++ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR);
++ }
++ ctxt->valueFrame = frame;
++}
++
++/**
+ * valuePop:
+ * @ctxt: an XPath evaluation context
+ *
+@@ -2412,6 +2448,12 @@ valuePop(xmlXPathParserContextPtr ctxt)
+
+ if ((ctxt == NULL) || (ctxt->valueNr <= 0))
+ return (NULL);
++
++ if (ctxt->valueNr <= ctxt->valueFrame) {
++ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR);
++ return (NULL);
++ }
++
+ ctxt->valueNr--;
+ if (ctxt->valueNr > 0)
+ ctxt->value = ctxt->valueTab[ctxt->valueNr - 1];
+@@ -2442,6 +2484,7 @@ valuePush(xmlXPathParserContextPtr ctxt,
+ sizeof(ctxt->valueTab[0]));
+ if (tmp == NULL) {
+ xmlGenericError(xmlGenericErrorContext, "realloc failed !\n");
++ ctxt->error = XPATH_MEMORY_ERROR;
+ return (0);
+ }
+ ctxt->valueMax *= 2;
+@@ -3522,13 +3565,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -39,7 +107,7 @@ from gnome git:
cur->nodeTab = temp;
}
cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns);
-@@ -3575,13 +3574,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
+@@ -3575,13 +3618,13 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -55,7 +123,7 @@ from gnome git:
cur->nodeTab = temp;
}
if (val->type == XML_NAMESPACE_DECL) {
-@@ -3627,14 +3626,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
+@@ -3627,14 +3670,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -72,7 +140,7 @@ from gnome git:
}
if (val->type == XML_NAMESPACE_DECL) {
xmlNsPtr ns = (xmlNsPtr) val;
-@@ -3738,13 +3737,13 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
+@@ -3738,13 +3781,13 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
} else if (val1->nodeNr == val1->nodeMax) {
xmlNodePtr *temp;
@@ -88,7 +156,7 @@ from gnome git:
val1->nodeTab = temp;
}
if (n2->type == XML_NAMESPACE_DECL) {
-@@ -3800,13 +3799,13 @@ xmlXPathNodeSetMergeUnique(xmlNodeSetPtr
+@@ -3800,13 +3843,13 @@ xmlXPathNodeSetMergeUnique(xmlNodeSetPtr
} else if (val1->nodeNr == val1->nodeMax) {
xmlNodePtr *temp;
@@ -104,7 +172,7 @@ from gnome git:
val1->nodeTab = temp;
}
if (val2->nodeTab[i]->type == XML_NAMESPACE_DECL) {
-@@ -3907,13 +3906,13 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
+@@ -3907,13 +3950,13 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
@@ -120,7 +188,7 @@ from gnome git:
set1->nodeTab = temp;
}
if (n2->type == XML_NAMESPACE_DECL) {
-@@ -3991,13 +3990,13 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
+@@ -3991,13 +4034,13 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
@@ -136,24 +204,147 @@ from gnome git:
set1->nodeTab = temp;
}
set1->nodeTab[set1->nodeNr++] = n2;
-@@ -11763,11 +11762,16 @@ xmlXPathCompOpEvalPositionalPredicate(xm
+@@ -6154,6 +6197,7 @@ xmlXPathCompParserContext(xmlXPathCompEx
+ ret->valueNr = 0;
+ ret->valueMax = 10;
+ ret->value = NULL;
++ ret->valueFrame = 0;
+
+ ret->context = ctxt;
+ ret->comp = comp;
+@@ -9296,6 +9340,7 @@ xmlXPathTranslateFunction(xmlXPathParser
+ if ( (ch & 0xc0) != 0xc0 ) {
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathTranslateFunction: Invalid UTF8 string\n");
++ /* not asserting an XPath error is probably better */
+ break;
+ }
+ /* then skip over remaining bytes for this char */
+@@ -9303,6 +9348,7 @@ xmlXPathTranslateFunction(xmlXPathParser
+ if ( (*cptr++ & 0xc0) != 0x80 ) {
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathTranslateFunction: Invalid UTF8 string\n");
++ /* not asserting an XPath error is probably better */
+ break;
+ }
+ if (ch & 0x80) /* must have had error encountered */
+@@ -11712,6 +11758,7 @@ xmlXPathCompOpEvalPositionalPredicate(xm
+ xmlXPathObjectPtr contextObj = NULL, exprRes = NULL;
+ xmlNodePtr oldContextNode, contextNode = NULL;
+ xmlXPathContextPtr xpctxt = ctxt->context;
++ int frame;
+
+ #ifdef LIBXML_XPTR_ENABLED
+ /*
+@@ -11731,6 +11778,8 @@ xmlXPathCompOpEvalPositionalPredicate(xm
+ */
+ exprOp = &ctxt->comp->steps[op->ch2];
+ for (i = 0; i < set->nodeNr; i++) {
++ xmlXPathObjectPtr tmp;
++
+ if (set->nodeTab[i] == NULL)
+ continue;
+
+@@ -11758,18 +11807,25 @@ xmlXPathCompOpEvalPositionalPredicate(xm
+ xmlXPathNodeSetAddUnique(contextObj->nodesetval,
+ contextNode);
+
++ frame = xmlXPathSetFrame(ctxt);
+ valuePush(ctxt, contextObj);
+ res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
++ tmp = valuePop(ctxt);
++ xmlXPathPopFrame(ctxt, frame);
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
- xmlXPathObjectPtr tmp;
+- xmlXPathObjectPtr tmp;
- /* pop the result */
-+ /* pop the result if any */
- tmp = valuePop(ctxt);
+- tmp = valuePop(ctxt);
- xmlXPathReleaseObject(xpctxt, tmp);
- /* then pop off contextObj, which will be freed later */
- valuePop(ctxt);
-+ if (tmp != contextObj) {
++ while (tmp != contextObj) {
+ /*
+ * Free up the result
+ * then pop off contextObj, which will be freed later
+ */
+ xmlXPathReleaseObject(xpctxt, tmp);
-+ valuePop(ctxt);
++ tmp = valuePop(ctxt);
+ }
goto evaluation_error;
}
++ /* push the result back onto the stack */
++ valuePush(ctxt, tmp);
+
+ if (res)
+ pos++;
+@@ -13357,6 +13413,7 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathCompOpEval: variable %s bound to undefined prefix %s\n",
+ (char *) op->value4, (char *)op->value5);
++ ctxt->error = XPATH_UNDEF_PREFIX_ERROR;
+ return (total);
+ }
+ val = xmlXPathVariableLookupNS(ctxt->context,
+@@ -13373,7 +13430,9 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ xmlXPathFunction func;
+ const xmlChar *oldFunc, *oldFuncURI;
+ int i;
++ int frame;
+
++ frame = xmlXPathSetFrame(ctxt);
+ if (op->ch1 != -1)
+ total +=
+ xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
+@@ -13381,15 +13440,18 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathCompOpEval: parameter error\n");
+ ctxt->error = XPATH_INVALID_OPERAND;
++ xmlXPathPopFrame(ctxt, frame);
+ return (total);
+ }
+- for (i = 0; i < op->value; i++)
++ for (i = 0; i < op->value; i++) {
+ if (ctxt->valueTab[(ctxt->valueNr - 1) - i] == NULL) {
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathCompOpEval: parameter error\n");
+ ctxt->error = XPATH_INVALID_OPERAND;
++ xmlXPathPopFrame(ctxt, frame);
+ return (total);
+ }
++ }
+ if (op->cache != NULL)
+ XML_CAST_FPTR(func) = op->cache;
+ else {
+@@ -13405,6 +13467,8 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlXPathCompOpEval: function %s bound to undefined prefix %s\n",
+ (char *)op->value4, (char *)op->value5);
++ xmlXPathPopFrame(ctxt, frame);
++ ctxt->error = XPATH_UNDEF_PREFIX_ERROR;
+ return (total);
+ }
+ func = xmlXPathFunctionLookupNS(ctxt->context,
+@@ -13426,6 +13490,7 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ func(ctxt, op->value);
+ ctxt->context->function = oldFunc;
+ ctxt->context->functionURI = oldFuncURI;
++ xmlXPathPopFrame(ctxt, frame);
+ return (total);
+ }
+ case XPATH_OP_ARG:
+@@ -13982,6 +14047,7 @@ xmlXPathCompOpEval(xmlXPathParserContext
+ }
+ xmlGenericError(xmlGenericErrorContext,
+ "XPath: unknown precompiled operation %d\n", op->op);
++ ctxt->error = XPATH_INVALID_OPERAND;
+ return (total);
+ }
+@@ -14329,6 +14395,7 @@ xmlXPathRunEval(xmlXPathParserContextPtr
+ ctxt->valueNr = 0;
+ ctxt->valueMax = 10;
+ ctxt->value = NULL;
++ ctxt->valueFrame = 0;
+ }
+ #ifdef XPATH_STREAMING
+ if (ctxt->comp->stream) {
diff --git a/textproc/libxml2/patches/patch-include_libxml_xpath.h b/textproc/libxml2/patches/patch-include_libxml_xpath.h
new file mode 100644
index 00000000000..6f8d20e6904
--- /dev/null
+++ b/textproc/libxml2/patches/patch-include_libxml_xpath.h
@@ -0,0 +1,23 @@
+$NetBSD: patch-include_libxml_xpath.h,v 1.1 2011/11/01 19:21:06 spz Exp $
+
+--- include/libxml/xpath.h.orig 2010-10-12 06:25:32.000000000 +0000
++++ include/libxml/xpath.h
+@@ -68,7 +68,8 @@ typedef enum {
+ XPATH_UNDEF_PREFIX_ERROR,
+ XPATH_ENCODING_ERROR,
+ XPATH_INVALID_CHAR_ERROR,
+- XPATH_INVALID_CTXT
++ XPATH_INVALID_CTXT,
++ XPATH_STACK_ERROR
+ } xmlXPathError;
+
+ /*
+@@ -380,6 +381,8 @@ struct _xmlXPathParserContext {
+ xmlXPathCompExprPtr comp; /* the precompiled expression */
+ int xptr; /* it this an XPointer expression */
+ xmlNodePtr ancestor; /* used for walking preceding axis */
++
++ int valueFrame; /* used to limit Pop on the stack */
+ };
+
+ /************************************************************************
diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c
new file mode 100644
index 00000000000..83ac46edf56
--- /dev/null
+++ b/textproc/libxml2/patches/patch-xpointer.c
@@ -0,0 +1,12 @@
+$NetBSD: patch-xpointer.c,v 1.1 2011/11/01 19:21:06 spz Exp $
+
+--- xpointer.c.orig 2010-10-12 06:25:33.000000000 +0000
++++ xpointer.c
+@@ -1269,6 +1269,7 @@ xmlXPtrEvalXPointer(xmlXPathParserContex
+ ctxt->valueNr = 0;
+ ctxt->valueMax = 10;
+ ctxt->value = NULL;
++ ctxt->valueFrame = 0;
+ }
+ SKIP_BLANKS;
+ if (CUR == '/') {