pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/textproc/libxml2 Patch for CVE-2016-4658 & CVE-2016-5131



details:   https://anonhg.NetBSD.org/pkgsrc/rev/f8bdd7563ad7
branches:  trunk
changeset: 356294:f8bdd7563ad7
user:      sevan <sevan%pkgsrc.org@localhost>
date:      Tue Dec 27 02:34:33 2016 +0000

description:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev

diffstat:

 textproc/libxml2/Makefile.common                         |    4 +-
 textproc/libxml2/distinfo                                |    6 +-
 textproc/libxml2/patches/patch-result_XPath_xptr_vidbase |   24 +++
 textproc/libxml2/patches/patch-test_XPath_xptr_vidbase   |   11 +
 textproc/libxml2/patches/patch-xpath.c                   |   27 +++
 textproc/libxml2/patches/patch-xpointer.c                |  102 +++++++++++++++
 6 files changed, 171 insertions(+), 3 deletions(-)

diffs (217 lines):

diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/Makefile.common
--- a/textproc/libxml2/Makefile.common  Mon Dec 26 22:36:30 2016 +0000
+++ b/textproc/libxml2/Makefile.common  Tue Dec 27 02:34:33 2016 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.3 2016/11/30 14:46:22 sevan Exp $
+# $NetBSD: Makefile.common,v 1.4 2016/12/27 02:34:33 sevan Exp $
 #
 # used by textproc/libxml2/Makefile
 # used by textproc/py-libxml2/Makefile
 
 DISTNAME=      libxml2-2.9.4
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    textproc
 MASTER_SITES=  ftp://xmlsoft.org/libxml2/ \
                http://xmlsoft.org/sources/
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Mon Dec 26 22:36:30 2016 +0000
+++ b/textproc/libxml2/distinfo Tue Dec 27 02:34:33 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.113 2016/11/30 14:46:22 sevan Exp $
+$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -11,7 +11,11 @@
 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
 SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
+SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103
 SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
+SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
+SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
+SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase  Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- result/XPath/xptr/vidbase.orig     2016-12-27 02:22:25.000000000 +0000
++++ result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+   To node
+     ELEMENT p
+ 
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 :   Object is a range :
++  From node
++     /
++  To node
++    ELEMENT chapter
++      ATTRIBUTE id
++        TEXT
++          content=chapter2
++
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase    Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,11 @@
+$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- test/XPath/xptr/vidbase.orig       2016-12-27 02:22:06.000000000 +0000
++++ test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-xpath.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-xpath.c    Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-xpath.c,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpath.c.orig       2016-12-27 02:21:53.000000000 +0000
++++ xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+                   lc = 1;
+                   break;
+               } else if ((NXT(len) == '(')) {
+-                  /* Note Type or Function */
++                  /* Node Type or Function */
+                   if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+                       xmlGenericError(xmlGenericErrorContext,
+                               "PathExpr: Type search\n");
+ #endif
+                       lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++                    } else if (ctxt->xptr &&
++                               xmlStrEqual(name, BAD_CAST "range-to")) {
++                        lc = 1;
++#endif
+                   } else {
+ #ifdef DEBUG_STEP
+                       xmlGenericError(xmlGenericErrorContext,
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-xpointer.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-xpointer.c Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,102 @@
+$NetBSD: patch-xpointer.c,v 1.4 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-4658
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpointer.c.orig    2016-12-27 02:19:03.000000000 +0000
++++ xpointer.c
+@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+     ret->here = here;
+     ret->origin = origin;
+ 
+-    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+-                       xmlXPtrRangeToFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+                        xmlXPtrRangeFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+  * @nargs:  the number of args
+  *
+  * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+  */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+-    xmlXPathObjectPtr range;
+-    const xmlChar *cur;
+-    xmlXPathObjectPtr res, obj;
+-    xmlXPathObjectPtr tmp;
+-    xmlLocationSetPtr newset = NULL;
+-    xmlNodeSetPtr oldset;
+-    int i;
+-
+-    if (ctxt == NULL) return;
+-    CHECK_ARITY(1);
+-    /*
+-     * Save the expression pointer since we will have to evaluate
+-     * it multiple times. Initialize the new set.
+-     */
+-    CHECK_TYPE(XPATH_NODESET);
+-    obj = valuePop(ctxt);
+-    oldset = obj->nodesetval;
+-    ctxt->context->node = NULL;
+-
+-    cur = ctxt->cur;
+-    newset = xmlXPtrLocationSetCreate(NULL);
+-
+-    for (i = 0; i < oldset->nodeNr; i++) {
+-      ctxt->cur = cur;
+-
+-      /*
+-       * Run the evaluation with a node list made of a single item
+-       * in the nodeset.
+-       */
+-      ctxt->context->node = oldset->nodeTab[i];
+-      tmp = xmlXPathNewNodeSet(ctxt->context->node);
+-      valuePush(ctxt, tmp);
+-
+-      xmlXPathEvalExpr(ctxt);
+-      CHECK_ERROR;
+-
+-      /*
+-       * The result of the evaluation need to be tested to
+-       * decided whether the filter succeeded or not
+-       */
+-      res = valuePop(ctxt);
+-      range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+-      if (range != NULL) {
+-          xmlXPtrLocationSetAdd(newset, range);
+-      }
+-
+-      /*
+-       * Cleanup
+-       */
+-      if (res != NULL)
+-          xmlXPathFreeObject(res);
+-      if (ctxt->value == tmp) {
+-          res = valuePop(ctxt);
+-          xmlXPathFreeObject(res);
+-      }
+-
+-      ctxt->context->node = NULL;
+-    }
+-
+-    /*
+-     * The result is used as the new evaluation set.
+-     */
+-    xmlXPathFreeObject(obj);
+-    ctxt->context->node = NULL;
+-    ctxt->context->contextSize = -1;
+-    ctxt->context->proximityPosition = -1;
+-    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++                       int nargs ATTRIBUTE_UNUSED) {
++    XP_ERROR(XPATH_EXPR_ERROR);
+ }
+ 
+ /**



Home | Main Index | Thread Index | Old Index