CVS commit: pkgsrc/textproc/p5-XML-LibXML

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/p5-XML-LibXML
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 11 May 2026 06:24:03 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon May 11 06:24:02 UTC 2026

Modified Files:
        pkgsrc/textproc/p5-XML-LibXML: Makefile distinfo
Added Files:
        pkgsrc/textproc/p5-XML-LibXML/patches: patch-dom.c patch-t_06elements.t

Log Message:
p5-XML-LibXML: Add upstream patch to fix CVE-2026-8177

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 pkgsrc/textproc/p5-XML-LibXML/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/textproc/p5-XML-LibXML/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/p5-XML-LibXML/patches/patch-dom.c \
    pkgsrc/textproc/p5-XML-LibXML/patches/patch-t_06elements.t

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/p5-XML-LibXML/Makefile
diff -u pkgsrc/textproc/p5-XML-LibXML/Makefile:1.105 pkgsrc/textproc/p5-XML-LibXML/Makefile:1.106
--- pkgsrc/textproc/p5-XML-LibXML/Makefile:1.105        Wed Jan  7 08:49:06 2026
+++ pkgsrc/textproc/p5-XML-LibXML/Makefile      Mon May 11 06:24:02 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.105 2026/01/07 08:49:06 wiz Exp $
+# $NetBSD: Makefile,v 1.106 2026/05/11 06:24:02 wiz Exp $
 
 DISTNAME=      XML-LibXML-2.0210
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   8
+PKGREVISION=   9
 CATEGORIES=    textproc perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=XML/}
 

Index: pkgsrc/textproc/p5-XML-LibXML/distinfo
diff -u pkgsrc/textproc/p5-XML-LibXML/distinfo:1.55 pkgsrc/textproc/p5-XML-LibXML/distinfo:1.56
--- pkgsrc/textproc/p5-XML-LibXML/distinfo:1.55 Sun Jan 28 11:57:32 2024
+++ pkgsrc/textproc/p5-XML-LibXML/distinfo      Mon May 11 06:24:02 2026
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.55 2024/01/28 11:57:32 wiz Exp $
+$NetBSD: distinfo,v 1.56 2026/05/11 06:24:02 wiz Exp $
 
 BLAKE2s (XML-LibXML-2.0210.tar.gz) = 93c95821f009eb1272ee2cb483c85e14318f3260ef78a4a7cc5265db86e1b0a6
 SHA512 (XML-LibXML-2.0210.tar.gz) = ae72b25ac6362152fa85ec9fed03fad694382bde29f459e1bd95b3ca4d1b0dffb76d2f8319bc6fbc6e291583696c3b95b41a23cc2bb509ce6f3fd7d74666fd77
 Size (XML-LibXML-2.0210.tar.gz) = 466316 bytes
+SHA1 (patch-dom.c) = b54099c9fe7c879b8d74ddf1cb3ba18d6fb296b4
+SHA1 (patch-t_06elements.t) = 67c124556766e2afa0c9e364efc68d6815344963

Added files:

Index: pkgsrc/textproc/p5-XML-LibXML/patches/patch-dom.c
diff -u /dev/null pkgsrc/textproc/p5-XML-LibXML/patches/patch-dom.c:1.1
--- /dev/null   Mon May 11 06:24:02 2026
+++ pkgsrc/textproc/p5-XML-LibXML/patches/patch-dom.c   Mon May 11 06:24:02 2026
@@ -0,0 +1,68 @@
+$NetBSD: patch-dom.c,v 1.1 2026/05/11 06:24:02 wiz Exp $
+
+From 15652bd905a6c9dda59a81b14d4766adbbae2ea8 Mon Sep 17 00:00:00 2001
+From: Toddr Bot <toddbot%rinaldo.us@localhost>
+Date: Fri, 8 May 2026 12:26:36 +0000
+Subject: [PATCH] fix: validate UTF-8 continuation bytes in domParseChar to
+ prevent OOB read
+
+domParseChar() read continuation bytes for multi-byte UTF-8 sequences
+without verifying they actually exist or are valid. A truncated sequence
+like "a\xF0" caused reads past the NUL terminator into uninitialized
+heap memory. The caller LibXML_test_node_name() then advanced its
+pointer by the (wrong) reported length, continuing to read from
+uncontrolled heap until hitting a zero byte or unmapped memory.
+
+Add validation that each continuation byte has the 10xxxxxx form
+before reading it, matching libxml2's own xmlCurrentChar() behavior.
+Invalid sequences now return 0 with *len = -1.
+
+Fixes #146
+
+Co-Authored-By: Claude Opus 4.6 <noreply%anthropic.com@localhost>
+---
+ dom.c          | 18 ++++++++++++++++++
+ t/06elements.t | 10 +++++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+--- dom.c.orig 2017-10-23 08:52:55.000000000 +0000
++++ dom.c
+@@ -292,6 +292,13 @@ domParseChar( xmlChar *cur, int *len )
+         if ((c & 0xe0) == 0xe0) {
+             if ((c & 0xf0) == 0xf0) {
+                 /* 4-byte code */
++                if ((cur[1] & 0xC0) != 0x80 ||
++                    (cur[2] & 0xC0) != 0x80 ||
++                    (cur[3] & 0xC0) != 0x80)
++                {
++                    *len = -1;
++                    return(0);
++                }
+                 *len = 4;
+                 val = (cur[0] & 0x7) << 18;
+                 val |= (cur[1] & 0x3f) << 12;
+@@ -299,6 +306,12 @@ domParseChar( xmlChar *cur, int *len )
+                 val |= cur[3] & 0x3f;
+             } else {
+                 /* 3-byte code */
++                if ((cur[1] & 0xC0) != 0x80 ||
++                    (cur[2] & 0xC0) != 0x80)
++                {
++                    *len = -1;
++                    return(0);
++                }
+                 *len = 3;
+                 val = (cur[0] & 0xf) << 12;
+                 val |= (cur[1] & 0x3f) << 6;
+@@ -306,6 +319,11 @@ domParseChar( xmlChar *cur, int *len )
+             }
+             } else {
+             /* 2-byte code */
++            if ((cur[1] & 0xC0) != 0x80)
++            {
++                *len = -1;
++                return(0);
++            }
+             *len = 2;
+             val = (cur[0] & 0x1f) << 6;
+             val |= cur[1] & 0x3f;
Index: pkgsrc/textproc/p5-XML-LibXML/patches/patch-t_06elements.t
diff -u /dev/null pkgsrc/textproc/p5-XML-LibXML/patches/patch-t_06elements.t:1.1
--- /dev/null   Mon May 11 06:24:02 2026
+++ pkgsrc/textproc/p5-XML-LibXML/patches/patch-t_06elements.t  Mon May 11 06:24:02 2026
@@ -0,0 +1,53 @@
+$NetBSD: patch-t_06elements.t,v 1.1 2026/05/11 06:24:02 wiz Exp $
+
+From 15652bd905a6c9dda59a81b14d4766adbbae2ea8 Mon Sep 17 00:00:00 2001
+From: Toddr Bot <toddbot%rinaldo.us@localhost>
+Date: Fri, 8 May 2026 12:26:36 +0000
+Subject: [PATCH] fix: validate UTF-8 continuation bytes in domParseChar to
+ prevent OOB read
+
+domParseChar() read continuation bytes for multi-byte UTF-8 sequences
+without verifying they actually exist or are valid. A truncated sequence
+like "a\xF0" caused reads past the NUL terminator into uninitialized
+heap memory. The caller LibXML_test_node_name() then advanced its
+pointer by the (wrong) reported length, continuing to read from
+uncontrolled heap until hitting a zero byte or unmapped memory.
+
+Add validation that each continuation byte has the 10xxxxxx form
+before reading it, matching libxml2's own xmlCurrentChar() behavior.
+Invalid sequences now return 0 with *len = -1.
+
+Fixes #146
+
+Co-Authored-By: Claude Opus 4.6 <noreply%anthropic.com@localhost>
+---
+ dom.c          | 18 ++++++++++++++++++
+ t/06elements.t | 10 +++++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+--- t/06elements.t.orig        2016-05-30 09:01:59.000000000 +0000
++++ t/06elements.t
+@@ -7,7 +7,7 @@ use warnings;
+ use warnings;
+ 
+ # Should be 187.
+-use Test::More tests => 191;
++use Test::More tests => 200;
+ 
+ use XML::LibXML;
+ 
+@@ -21,8 +21,12 @@ my $attname3  = "C";
+ my $attvalue2 = "b";
+ my $attname3  = "C";
+ 
+-# TEST:$badnames=4;
+-my @badnames= ("1A", "<><", "&", "-:");
++# TEST:$badnames=7;
++my @badnames= ("1A", "<><", "&", "-:",
++    "a\xF0",          # truncated 4-byte UTF-8
++    "a\xE0",          # truncated 3-byte UTF-8
++    "a\xC0",          # truncated 2-byte UTF-8
++);
+ 
+ # 1. bound node
+ {

Prev by Date: CVS commit: pkgsrc/converters/py-bidi
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/converters/py-bidi
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index