pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/libxml2 Patch for CVE-2016-4658 & CVE-2016-5131
details: https://anonhg.NetBSD.org/pkgsrc/rev/f8bdd7563ad7
branches: trunk
changeset: 356294:f8bdd7563ad7
user: sevan <sevan%pkgsrc.org@localhost>
date: Tue Dec 27 02:34:33 2016 +0000
description:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
diffstat:
textproc/libxml2/Makefile.common | 4 +-
textproc/libxml2/distinfo | 6 +-
textproc/libxml2/patches/patch-result_XPath_xptr_vidbase | 24 +++
textproc/libxml2/patches/patch-test_XPath_xptr_vidbase | 11 +
textproc/libxml2/patches/patch-xpath.c | 27 +++
textproc/libxml2/patches/patch-xpointer.c | 102 +++++++++++++++
6 files changed, 171 insertions(+), 3 deletions(-)
diffs (217 lines):
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/Makefile.common
--- a/textproc/libxml2/Makefile.common Mon Dec 26 22:36:30 2016 +0000
+++ b/textproc/libxml2/Makefile.common Tue Dec 27 02:34:33 2016 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.3 2016/11/30 14:46:22 sevan Exp $
+# $NetBSD: Makefile.common,v 1.4 2016/12/27 02:34:33 sevan Exp $
#
# used by textproc/libxml2/Makefile
# used by textproc/py-libxml2/Makefile
DISTNAME= libxml2-2.9.4
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= textproc
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
http://xmlsoft.org/sources/
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Mon Dec 26 22:36:30 2016 +0000
+++ b/textproc/libxml2/distinfo Tue Dec 27 02:34:33 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.113 2016/11/30 14:46:22 sevan Exp $
+$NetBSD: distinfo,v 1.114 2016/12/27 02:34:33 sevan Exp $
SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -11,7 +11,11 @@
SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
+SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103
SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
+SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
+SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
+SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000
++++ result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+ To node
+ ELEMENT p
+
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 : Object is a range :
++ From node
++ /
++ To node
++ ELEMENT chapter
++ ATTRIBUTE id
++ TEXT
++ content=chapter2
++
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,11 @@
+$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000
++++ test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-xpath.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-xpath.c Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-xpath.c,v 1.1 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000
++++ xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+ lc = 1;
+ break;
+ } else if ((NXT(len) == '(')) {
+- /* Note Type or Function */
++ /* Node Type or Function */
+ if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+ "PathExpr: Type search\n");
+ #endif
+ lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++ } else if (ctxt->xptr &&
++ xmlStrEqual(name, BAD_CAST "range-to")) {
++ lc = 1;
++#endif
+ } else {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
diff -r 412a6a860354 -r f8bdd7563ad7 textproc/libxml2/patches/patch-xpointer.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxml2/patches/patch-xpointer.c Tue Dec 27 02:34:33 2016 +0000
@@ -0,0 +1,102 @@
+$NetBSD: patch-xpointer.c,v 1.4 2016/12/27 02:34:34 sevan Exp $
+
+CVE-2016-4658
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000
++++ xpointer.c
+@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+ ret->here = here;
+ ret->origin = origin;
+
+- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+- xmlXPtrRangeToFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ xmlXPtrRangeFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+ * @nargs: the number of args
+ *
+ * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+ */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+- xmlXPathObjectPtr range;
+- const xmlChar *cur;
+- xmlXPathObjectPtr res, obj;
+- xmlXPathObjectPtr tmp;
+- xmlLocationSetPtr newset = NULL;
+- xmlNodeSetPtr oldset;
+- int i;
+-
+- if (ctxt == NULL) return;
+- CHECK_ARITY(1);
+- /*
+- * Save the expression pointer since we will have to evaluate
+- * it multiple times. Initialize the new set.
+- */
+- CHECK_TYPE(XPATH_NODESET);
+- obj = valuePop(ctxt);
+- oldset = obj->nodesetval;
+- ctxt->context->node = NULL;
+-
+- cur = ctxt->cur;
+- newset = xmlXPtrLocationSetCreate(NULL);
+-
+- for (i = 0; i < oldset->nodeNr; i++) {
+- ctxt->cur = cur;
+-
+- /*
+- * Run the evaluation with a node list made of a single item
+- * in the nodeset.
+- */
+- ctxt->context->node = oldset->nodeTab[i];
+- tmp = xmlXPathNewNodeSet(ctxt->context->node);
+- valuePush(ctxt, tmp);
+-
+- xmlXPathEvalExpr(ctxt);
+- CHECK_ERROR;
+-
+- /*
+- * The result of the evaluation need to be tested to
+- * decided whether the filter succeeded or not
+- */
+- res = valuePop(ctxt);
+- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+- if (range != NULL) {
+- xmlXPtrLocationSetAdd(newset, range);
+- }
+-
+- /*
+- * Cleanup
+- */
+- if (res != NULL)
+- xmlXPathFreeObject(res);
+- if (ctxt->value == tmp) {
+- res = valuePop(ctxt);
+- xmlXPathFreeObject(res);
+- }
+-
+- ctxt->context->node = NULL;
+- }
+-
+- /*
+- * The result is used as the new evaluation set.
+- */
+- xmlXPathFreeObject(obj);
+- ctxt->context->node = NULL;
+- ctxt->context->contextSize = -1;
+- ctxt->context->proximityPosition = -1;
+- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++ int nargs ATTRIBUTE_UNUSED) {
++ XP_ERROR(XPATH_EXPR_ERROR);
+ }
+
+ /**
Home |
Main Index |
Thread Index |
Old Index