diff options
author | wiz <wiz@pkgsrc.org> | 2017-09-10 20:49:20 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2017-09-10 20:49:20 +0000 |
commit | f588ff3a67a97f793d932e6ba0e93c733b1a16fd (patch) | |
tree | b2c5a3da4b9900d55ac8ca6508a27d0272b4d192 /textproc/libxml2 | |
parent | 852b23dc872c0382a62ed6ab6a11118c99e68cda (diff) | |
download | pkgsrc-f588ff3a67a97f793d932e6ba0e93c733b1a16fd.tar.gz |
Updated libxml2 to 2.9.5.
2.9.5: Sep 04 2017
• Reference Manual
• Security:
Detect infinite recursion in parameter entities
(Nick Wellnhofer),
Fix handling of parameter-entity references (Nick
Wellnhofer),
Disallow namespace nodes in XPointer ranges (Nick
Wellnhofer),
Fix XPointer paths beginning with range-to (Nick
Wellnhofer)
• Documentation:
Documentation fixes (Nick Wellnhofer),
Spelling and grammar fixes (Nick Wellnhofer)
• Portability:
Adding README.zOS to list of extra files for the
release (Daniel Veillard),
Description of work needed to compile on zOS
(Stéphane Michaut),
Porting libxml2 on zOS encoding of code (Stéphane
Michaut),
small changes for OS/400 (Patrick Monnerat),
relaxng.c, xmlschemas.c: Fix build on pre-C99
compilers (Chun-wei Fan)
• Bug Fixes:
Problem resolving relative URIs (Daniel
Veillard),
Fix unwanted warnings when switching encodings
(Nick Wellnhofer),
Fix signature of xmlSchemaAugmentImportedIDC
(Daniel Veillard),
Heap-buffer-overflow read of size 1 in
xmlFAParsePosCharGroup (David Kilzer),
Fix NULL pointer deref in xmlFAParseCharClassEsc
(Nick Wellnhofer),
Fix infinite loops with push parser in recovery
mode (Nick Wellnhofer),
Send xmllint usage error to stderr (Nick
Wellnhofer),
Fix NULL deref in xmlParseExternalEntityPrivate
(Nick Wellnhofer),
Make sure not to call IS_BLANK_CH when parsing
the DTD (Nick Wellnhofer),
Fix xmlHaltParser (Nick Wellnhofer),
Fix pathological performance when outputting
charrefs (Nick Wellnhofer),
Fix invalid-source-encoding warnings in
testWriter.c (Nick Wellnhofer),
Fix duplicate SAX callbacks for entity content
(David Kilzer),
Treat URIs with scheme as absolute in C14N (Nick
Wellnhofer),
Fix copy-paste errors in error messages (Nick
Wellnhofer),
Fix sanity check in htmlParseNameComplex (Nick
Wellnhofer),
Fix potential infinite loop in
xmlStringLenDecodeEntities (Nick Wellnhofer),
Reset parser input pointers on encoding failure
(Nick Wellnhofer),
Fix memory leak in xmlParseEntityDecl error path
(Nick Wellnhofer),
Fix xmlBuildRelativeURI for URIs starting with '.
/' (Nick Wellnhofer),
Fix type confusion in xmlValidateOneNamespace
(Nick Wellnhofer),
Fix memory leak in xmlStringLenGetNodeList (Nick
Wellnhofer),
Fix NULL pointer deref in xmlDumpElementContent
(Daniel Veillard),
Fix memory leak in xmlBufAttrSerializeTxtContent
(Nick Wellnhofer),
Stop parser on unsupported encodings (Nick
Wellnhofer),
Check for integer overflow in memory debug code
(Nick Wellnhofer),
Fix buffer size checks in
xmlSnprintfElementContent (Nick Wellnhofer),
Avoid reparsing in xmlParseStartTag2 (Nick
Wellnhofer),
Fix undefined behavior in
xmlRegExecPushStringInternal (Nick Wellnhofer),
Check XPath exponents for overflow (Nick
Wellnhofer),
Check for overflow in
xmlXPathIsPositionalPredicate (Nick Wellnhofer),
Fix spurious error message (Nick Wellnhofer),
Fix memory leak in xmlCanonicPath (Nick
Wellnhofer),
Fix memory leak in xmlXPathCompareNodeSetValue
(Nick Wellnhofer),
Fix memory leak in pattern error path (Nick
Wellnhofer),
Fix memory leak in parser error path (Nick
Wellnhofer),
Fix memory leaks in XPointer error paths (Nick
Wellnhofer),
Fix memory leak in xmlXPathNodeSetMergeAndClear
(Nick Wellnhofer),
Fix memory leak in XPath filter optimizations
(Nick Wellnhofer),
Fix memory leaks in XPath error paths (Nick
Wellnhofer),
Do not leak the new CData node if adding fails
(David Tardon),
Prevent unwanted external entity reference (Neel
Mehta),
Increase buffer space for port in HTTP redirect
support (Daniel Veillard),
Fix more NULL pointer derefs in xpointer.c (Nick
Wellnhofer),
Avoid function/data pointer conversion in xpath.c
(Nick Wellnhofer),
Fix format string warnings (Nick Wellnhofer),
Disallow namespace nodes in XPointer points (Nick
Wellnhofer),
Fix comparison with root node in xmlXPathCmpNodes
(Nick Wellnhofer),
Fix attribute decoding during XML schema
validation (Alex Henrie),
Fix NULL pointer deref in XPointer range-to (Nick
Wellnhofer)
• Improvements:
Updating the spec file to reflect Fedora 24
(Daniel Veillard),
Add const in five places to move 1 KiB to .rdata
(Bruce Dawson),
Fix missing part of comment for function
xmlXPathEvalExpression() (Daniel Veillard),
Get rid of "blanks wrapper" for parameter
entities (Nick Wellnhofer),
Simplify handling of parameter entity references
(Nick Wellnhofer),
Deduplicate code in encoding.c (Nick Wellnhofer),
Make HTML parser functions take const pointers
(Nick Wellnhofer),
Build test programs only when needed (Nick
Wellnhofer),
Fix doc/examples/index.py (Nick Wellnhofer),
Fix compiler warnings in threads.c (Nick
Wellnhofer),
Fix empty-body warning in nanohttp.c (Nick
Wellnhofer),
Fix cast-align warnings (Nick Wellnhofer),
Fix unused-parameter warnings (Nick Wellnhofer),
Rework entity boundary checks (Nick Wellnhofer),
Don't switch encoding for internal parameter
entities (Nick Wellnhofer),
Merge duplicate code paths handling PE references
(Nick Wellnhofer),
Test SAX2 callbacks with entity substitution
(Nick Wellnhofer),
Support catalog and threads tests under
--without-sax1 (Nick Wellnhofer),
Misc fixes for 'make tests' (Nick Wellnhofer),
Initialize keepBlanks in HTML parser (Nick
Wellnhofer),
Add test cases for bug 758518 (David Kilzer),
Fix compiler warning in htmlParseElementInternal
(Nick Wellnhofer),
Remove useless check in xmlParseAttributeListDecl
(Nick Wellnhofer),
Allow zero sized memory input buffers (Nick
Wellnhofer),
Add TODO comment in xmlSwitchEncoding (Nick
Wellnhofer),
Check for integer overflow in
xmlXPathFormatNumber (Nick Wellnhofer),
Make Travis print UBSan stacktraces (Nick
Wellnhofer),
Add .travis.yml (Nick Wellnhofer),
Fix expected error output in Python tests (Nick
Wellnhofer),
Simplify control flow in xmlParseStartTag2 (Nick
Wellnhofer),
Disable LeakSanitizer when running API tests
(Nick Wellnhofer),
Avoid out-of-bound array access in API tests
(Nick Wellnhofer),
Avoid spurious UBSan errors in parser.c (Nick
Wellnhofer),
Parse small XPath numbers more accurately (Nick
Wellnhofer),
Rework XPath rounding functions (Nick
Wellnhofer),
Fix white space in test output (Nick Wellnhofer),
Fix axis traversal from attribute and namespace
nodes (Nick Wellnhofer),
Check for trailing characters in XPath
expressions earlier (Nick Wellnhofer),
Rework final handling of XPath results (Nick
Wellnhofer),
Make xmlXPathEvalExpression call xmlXPathEval
(Nick Wellnhofer),
Remove unused variables (Nick Wellnhofer),
Don't print generic error messages in XPath tests
(Nick Wellnhofer)
• Cleanups:
Fix a couple of misleading indentation errors
(Daniel Veillard),
Remove unnecessary calls to xmlPopInput (Nick
Wellnhofer)
Diffstat (limited to 'textproc/libxml2')
-rw-r--r-- | textproc/libxml2/Makefile | 4 | ||||
-rw-r--r-- | textproc/libxml2/Makefile.common | 4 | ||||
-rw-r--r-- | textproc/libxml2/distinfo | 21 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-parseInternals.c | 18 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-parser.c | 69 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-result_XPath_xptr_vidbase | 24 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-runtest.c | 17 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-test_XPath_xptr_vidbase | 11 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-testlimits.c | 43 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-timsort.h | 16 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-valid.c | 102 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-xmlIO.c | 17 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-xpath.c | 27 | ||||
-rw-r--r-- | textproc/libxml2/patches/patch-xpointer.c | 102 |
14 files changed, 8 insertions, 467 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 75d1a58eba8..60f5b4d3855 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,9 +1,7 @@ -# $NetBSD: Makefile,v 1.145 2017/06/21 00:23:23 tez Exp $ +# $NetBSD: Makefile,v 1.146 2017/09/10 20:49:20 wiz Exp $ .include "../../textproc/libxml2/Makefile.common" -PKGREVISION= 4 - COMMENT= XML parser library from the GNOME project LICENSE= modified-bsd diff --git a/textproc/libxml2/Makefile.common b/textproc/libxml2/Makefile.common index 43bc907f44b..b23cd937838 100644 --- a/textproc/libxml2/Makefile.common +++ b/textproc/libxml2/Makefile.common @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.6 2017/01/19 18:52:27 agc Exp $ +# $NetBSD: Makefile.common,v 1.7 2017/09/10 20:49:20 wiz Exp $ # # used by textproc/libxml2/Makefile # used by textproc/py-libxml2/Makefile -DISTNAME= libxml2-2.9.4 +DISTNAME= libxml2-2.9.5 CATEGORIES= textproc MASTER_SITES= ftp://xmlsoft.org/libxml2/ MASTER_SITES+= http://xmlsoft.org/sources/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 1f8a9d5fcd1..ea931b83a77 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,23 +1,12 @@ -$NetBSD: distinfo,v 1.116 2017/06/21 00:23:23 tez Exp $ +$NetBSD: distinfo,v 1.117 2017/09/10 20:49:20 wiz Exp $ -SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db -RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 -SHA512 (libxml2-2.9.4.tar.gz) = f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 -Size (libxml2-2.9.4.tar.gz) = 5374830 bytes +SHA1 (libxml2-2.9.5.tar.gz) = 6ab515fa4d087a3973e880d46bf6bdad48114d20 +RMD160 (libxml2-2.9.5.tar.gz) = 598fbbd97120b672760c934c12648dfd1065f856 +SHA512 (libxml2-2.9.5.tar.gz) = 197dbd1722e5f90eea43837323352f48d215e198aa6b95685645ef7511e2beba8aadc0dd67e099c945120c5dbe7f8c9da5f376b22f447059e9ffa941c1bfd175 +Size (libxml2-2.9.5.tar.gz) = 5466888 bytes SHA1 (patch-aa) = e687eaa9805b855b0c8a944ec5c597bd34954472 SHA1 (patch-ab) = d6d6e9a91307da0c7f334b5b9ad432878babd1ac SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621 SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 -SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c -SHA1 (patch-parser.c) = 23e39127bf65e721dd76d80b389c1ccacf8e5746 -SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103 -SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 -SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3 -SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b -SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 -SHA1 (patch-valid.c) = 9eda3633b3ea5269e0ef33fa0508de18e7a76def -SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 -SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00 -SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032 diff --git a/textproc/libxml2/patches/patch-parseInternals.c b/textproc/libxml2/patches/patch-parseInternals.c deleted file mode 100644 index c14ab3d4333..00000000000 --- a/textproc/libxml2/patches/patch-parseInternals.c +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-parseInternals.c,v 1.1 2016/11/30 14:46:22 sevan Exp $ - -CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726 - ---- parserInternals.c.orig 2016-11-30 14:35:55.000000000 +0000 -+++ parserInternals.c -@@ -1438,6 +1438,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr - break; - case XML_EXTERNAL_GENERAL_PARSED_ENTITY: - case XML_EXTERNAL_PARAMETER_ENTITY: -+ if (((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0)) { -+ xmlErrInternal(ctxt, "xmlNewEntityInputStream will not read content for external entity\n", -+ NULL); -+ } - return(xmlLoadExternalEntity((char *) entity->URI, - (char *) entity->ExternalID, ctxt)); - case XML_INTERNAL_GENERAL_ENTITY: diff --git a/textproc/libxml2/patches/patch-parser.c b/textproc/libxml2/patches/patch-parser.c deleted file mode 100644 index 88b70f85411..00000000000 --- a/textproc/libxml2/patches/patch-parser.c +++ /dev/null @@ -1,69 +0,0 @@ -$NetBSD: patch-parser.c,v 1.3 2017/06/21 00:23:24 tez Exp $ - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. - -From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 - - ---- parser.c.orig -+++ parser.c -@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); diff --git a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase deleted file mode 100644 index 54fa4259464..00000000000 --- a/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000 -+++ result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ diff --git a/textproc/libxml2/patches/patch-runtest.c b/textproc/libxml2/patches/patch-runtest.c deleted file mode 100644 index 4a3c82ac1ea..00000000000 --- a/textproc/libxml2/patches/patch-runtest.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- runtest.c.orig 2016-05-23 07:25:25.000000000 +0000 -+++ runtest.c -@@ -688,7 +688,7 @@ static int compareFileMem(const char *fi - } - if (info.st_size != size) { - fprintf(stderr, "file %s is %ld bytes, result is %d bytes\n", -- filename, info.st_size, size); -+ filename, (long)info.st_size, size); - return(-1); - } - fd = open(filename, RD_FLAGS); diff --git a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase deleted file mode 100644 index 19f060fb828..00000000000 --- a/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase +++ /dev/null @@ -1,11 +0,0 @@ -$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000 -+++ test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) diff --git a/textproc/libxml2/patches/patch-testlimits.c b/textproc/libxml2/patches/patch-testlimits.c deleted file mode 100644 index 60332ae0695..00000000000 --- a/textproc/libxml2/patches/patch-testlimits.c +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to unsigned long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- testlimits.c.orig 2016-02-09 10:17:34.000000000 +0000 -+++ testlimits.c -@@ -1284,13 +1284,14 @@ saxTest(const char *filename, size_t lim - if (fail) - res = 0; - else { -- fprintf(stderr, "Failed to parse '%s' %lu\n", filename, limit); -+ fprintf(stderr, "Failed to parse '%s' %lu\n", filename, -+ (unsigned long)limit); - res = 1; - } - } else { - if (fail) { - fprintf(stderr, "Failed to get failure for '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } else - res = 0; -@@ -1339,7 +1340,7 @@ readerTest(const char *filename, size_t - filename, crazy_indx); - else - fprintf(stderr, "Failed to parse '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } - } else { -@@ -1349,7 +1350,7 @@ readerTest(const char *filename, size_t - filename, crazy_indx); - else - fprintf(stderr, "Failed to get failure for '%s' %lu\n", -- filename, limit); -+ filename, (unsigned long)limit); - res = 1; - } else - res = 0; diff --git a/textproc/libxml2/patches/patch-timsort.h b/textproc/libxml2/patches/patch-timsort.h deleted file mode 100644 index 15e5d6bb871..00000000000 --- a/textproc/libxml2/patches/patch-timsort.h +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD$ - -Cast argument (gcc says "unsigned int") to match %lu format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- timsort.h.orig 2016-02-09 10:17:34.000000000 +0000 -+++ timsort.h -@@ -323,7 +323,7 @@ static void TIM_SORT_RESIZE(TEMP_STORAGE - SORT_TYPE *tempstore = (SORT_TYPE *)realloc(store->storage, new_size * sizeof(SORT_TYPE)); - if (tempstore == NULL) - { -- fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", sizeof(SORT_TYPE) * new_size); -+ fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", (unsigned long)(sizeof(SORT_TYPE) * new_size)); - exit(1); - } - store->storage = tempstore; diff --git a/textproc/libxml2/patches/patch-valid.c b/textproc/libxml2/patches/patch-valid.c deleted file mode 100644 index 0096999861b..00000000000 --- a/textproc/libxml2/patches/patch-valid.c +++ /dev/null @@ -1,102 +0,0 @@ -$NetBSD: patch-valid.c,v 1.2 2017/06/21 00:23:24 tez Exp $ - -Upstream commit by Daniel Veillard - -Fix NULL pointer deref in xmlDumpElementContent -Can only be triggered in recovery mode. -Fixes bug 758422 (CVE-2017-5969). - - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. -Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). -From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 - - ---- valid.c.orig 2017-06-21 00:07:08.204619100 +0000 -+++ valid.c -@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, - xmlBufferWriteCHAR(buf, content->name); - break; - case XML_ELEMENT_CONTENT_SEQ: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " , "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); - break; - case XML_ELEMENT_CONTENT_OR: -- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -+ if ((content->c1 != NULL) && -+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || -+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) - xmlDumpElementContent(buf, content->c1, 1); - else - xmlDumpElementContent(buf, content->c1, 0); - xmlBufferWriteChar(buf, " | "); -- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) -+ if ((content->c2 != NULL) && -+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || -+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && -+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) - xmlDumpElementContent(buf, content->c2, 1); - else - xmlDumpElementContent(buf, content->c2, 0); -@@ -1262,22 +1266,23 @@ xmlSnprintfElementContent(char *buf, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1324,7 @@ xmlSnprintfElementContent(char *buf, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { diff --git a/textproc/libxml2/patches/patch-xmlIO.c b/textproc/libxml2/patches/patch-xmlIO.c deleted file mode 100644 index 1ee175b79c1..00000000000 --- a/textproc/libxml2/patches/patch-xmlIO.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD$ - -Since this is built with C90, and %zu isn't supported then, cast -the size_t argument to unsigned long to match the format. -https://bugzilla.gnome.org/show_bug.cgi?id=766839 - ---- xmlIO.c.orig 2016-05-23 07:25:25.000000000 +0000 -+++ xmlIO.c -@@ -1674,7 +1674,7 @@ xmlZMemBuffExtend( xmlZMemBuffPtr buff, - xmlStrPrintf(msg, 500, - "xmlZMemBuffExtend: %s %lu bytes.\n", - "Allocation failure extending output buffer to", -- new_size ); -+ (unsigned long)new_size ); - xmlIOErr(XML_IO_WRITE, (const char *) msg); - } - diff --git a/textproc/libxml2/patches/patch-xpath.c b/textproc/libxml2/patches/patch-xpath.c deleted file mode 100644 index 2089e4abf72..00000000000 --- a/textproc/libxml2/patches/patch-xpath.c +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-xpath.c,v 1.1 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000 -+++ xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, diff --git a/textproc/libxml2/patches/patch-xpointer.c b/textproc/libxml2/patches/patch-xpointer.c deleted file mode 100644 index 4da030f286e..00000000000 --- a/textproc/libxml2/patches/patch-xpointer.c +++ /dev/null @@ -1,102 +0,0 @@ -$NetBSD: patch-xpointer.c,v 1.4 2016/12/27 02:34:34 sevan Exp $ - -CVE-2016-4658 -https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b - -CVE-2016-5131 -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - ---- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000 -+++ xpointer.c -@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** |