pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/expat update to 2.2.0
details: https://anonhg.NetBSD.org/pkgsrc/rev/b6e2a6e7b766
branches: trunk
changeset: 349003:b6e2a6e7b766
user: drochner <drochner%pkgsrc.org@localhost>
date: Wed Jun 22 15:39:09 2016 +0000
description:
update to 2.2.0
changes:
-security patches which we already had in pkgsrc are integrated
-Use more entropy for hash initialization than the original fix
to CVE-2012-0876
-Resolve troublesome internal call to srand that was introduced
with Expat 2.1.0 when addressing CVE-2012-0876
diffstat:
textproc/expat/Makefile | 5 +-
textproc/expat/distinfo | 15 +-
textproc/expat/patches/patch-CVE-2016-0718-1 | 130 ----------
textproc/expat/patches/patch-CVE-2016-0718-2 | 324 ---------------------------
textproc/expat/patches/patch-CVE-2016-0718-3 | 32 --
textproc/expat/patches/patch-CVE-2016-0718-4 | 267 ----------------------
textproc/expat/patches/patch-Makefile.in | 20 -
7 files changed, 7 insertions(+), 786 deletions(-)
diffs (truncated from 827 to 300 lines):
diff -r 412f53c4f1e5 -r b6e2a6e7b766 textproc/expat/Makefile
--- a/textproc/expat/Makefile Wed Jun 22 13:01:14 2016 +0000
+++ b/textproc/expat/Makefile Wed Jun 22 15:39:09 2016 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.32 2016/05/17 19:15:01 drochner Exp $
+# $NetBSD: Makefile,v 1.33 2016/06/22 15:39:09 drochner Exp $
#
-DISTNAME= expat-2.1.1
-PKGREVISION= 1
+DISTNAME= expat-2.2.0
CATEGORIES= textproc
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=expat/}
EXTRACT_SUFX= .tar.bz2
diff -r 412f53c4f1e5 -r b6e2a6e7b766 textproc/expat/distinfo
--- a/textproc/expat/distinfo Wed Jun 22 13:01:14 2016 +0000
+++ b/textproc/expat/distinfo Wed Jun 22 15:39:09 2016 +0000
@@ -1,11 +1,6 @@
-$NetBSD: distinfo,v 1.25 2016/05/17 19:15:01 drochner Exp $
+$NetBSD: distinfo,v 1.26 2016/06/22 15:39:09 drochner Exp $
-SHA1 (expat-2.1.1.tar.bz2) = ff91419882ac52151050dad0ee8190645fbeee08
-RMD160 (expat-2.1.1.tar.bz2) = a1741237726c0b48d7a3f03943c76826ee6f3e48
-SHA512 (expat-2.1.1.tar.bz2) = 088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628
-Size (expat-2.1.1.tar.bz2) = 405103 bytes
-SHA1 (patch-CVE-2016-0718-1) = b5257981ec29ae821dd50e63a25d0511ffebbbe8
-SHA1 (patch-CVE-2016-0718-2) = c91d96a459bb0af27323ab9456bd6248f04c27aa
-SHA1 (patch-CVE-2016-0718-3) = c54ea018a52e178f53623b1a4b608e350001c60d
-SHA1 (patch-CVE-2016-0718-4) = c6d7fdbd48f049cf8490e1745b7cf3867efbe30d
-SHA1 (patch-Makefile.in) = 196837e69acda50ce813c198b730a9ba18015196
+SHA1 (expat-2.2.0.tar.bz2) = 8453bc52324be4c796fd38742ec48470eef358b3
+RMD160 (expat-2.2.0.tar.bz2) = fb4ff9f78c8f09019f571758f8d559a3c640002f
+SHA512 (expat-2.2.0.tar.bz2) = 2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8
+Size (expat-2.2.0.tar.bz2) = 414352 bytes
diff -r 412f53c4f1e5 -r b6e2a6e7b766 textproc/expat/patches/patch-CVE-2016-0718-1
--- a/textproc/expat/patches/patch-CVE-2016-0718-1 Wed Jun 22 13:01:14 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,130 +0,0 @@
-$NetBSD: patch-CVE-2016-0718-1,v 1.1 2016/05/17 19:15:01 drochner Exp $
-
-also fixes issues with the fix for CVE-2015-1283 (part of expat-2.1.1):
- possible undefined compiler behaviour on signed integer overflows
- (upstream commit f0bec73b018caa07d3e75ec8dd967f3785d71bde)
-
---- lib/xmlparse.c.orig 2016-03-12 03:21:09.000000000 +0000
-+++ lib/xmlparse.c
-@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len
- }
-
- if (len > bufferLim - bufferEnd) {
-- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+ /* Do not invoke signed arithmetic overflow: */
-+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
- if (neededSize < 0) {
- errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
-@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
-- bufferSize *= 2;
-+ /* Do not invoke signed arithmetic overflow: */
-+ bufferSize = (int) (2U * (unsigned) bufferSize);
- } while (bufferSize < neededSize && bufferSize > 0);
- if (bufferSize <= 0) {
- errorCode = XML_ERROR_NO_MEMORY;
-@@ -2426,11 +2428,11 @@ doContent(XML_Parser parser,
- for (;;) {
- int bufSize;
- int convLen;
-- XmlConvert(enc,
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc,
- &fromPtr, rawNameEnd,
- (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
- convLen = (int)(toPtr - (XML_Char *)tag->buf);
-- if (fromPtr == rawNameEnd) {
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
- tag->name.strLen = convLen;
- break;
- }
-@@ -2651,11 +2653,11 @@ doContent(XML_Parser parser,
- if (MUST_CONVERT(enc, s)) {
- for (;;) {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = s;
- charDataHandler(handlerArg, dataBuf,
- (int)(dataPtr - (ICHAR *)dataBuf));
-- if (s == next)
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- *eventPP = s;
- }
-@@ -3261,11 +3263,11 @@ doCdataSection(XML_Parser parser,
- if (MUST_CONVERT(enc, s)) {
- for (;;) {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = next;
- charDataHandler(handlerArg, dataBuf,
- (int)(dataPtr - (ICHAR *)dataBuf));
-- if (s == next)
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- *eventPP = s;
- }
-@@ -5342,6 +5344,7 @@ reportDefault(XML_Parser parser, const E
- const char *s, const char *end)
- {
- if (MUST_CONVERT(enc, s)) {
-+ enum XML_Convert_Result convert_res;
- const char **eventPP;
- const char **eventEndPP;
- if (enc == encoding) {
-@@ -5354,11 +5357,11 @@ reportDefault(XML_Parser parser, const E
- }
- do {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-+ convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = s;
- defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf));
- *eventPP = s;
-- } while (s != end);
-+ } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE));
- }
- else
- defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s));
-@@ -6163,8 +6166,8 @@ poolAppend(STRING_POOL *pool, const ENCO
- if (!pool->ptr && !poolGrow(pool))
- return NULL;
- for (;;) {
-- XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-- if (ptr == end)
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- if (!poolGrow(pool))
- return NULL;
-@@ -6248,8 +6251,13 @@ poolGrow(STRING_POOL *pool)
- }
- }
- if (pool->blocks && pool->start == pool->blocks->s) {
-- int blockSize = (int)(pool->end - pool->start)*2;
-- BLOCK *temp = (BLOCK *)
-+ BLOCK *temp;
-+ int blockSize = (int)((unsigned)(pool->end - pool->start)*2U);
-+
-+ if (blockSize < 0)
-+ return XML_FALSE;
-+
-+ temp = (BLOCK *)
- pool->mem->realloc_fcn(pool->blocks,
- (offsetof(BLOCK, s)
- + blockSize * sizeof(XML_Char)));
-@@ -6264,6 +6272,10 @@ poolGrow(STRING_POOL *pool)
- else {
- BLOCK *tem;
- int blockSize = (int)(pool->end - pool->start);
-+
-+ if (blockSize < 0)
-+ return XML_FALSE;
-+
- if (blockSize < INIT_BLOCK_SIZE)
- blockSize = INIT_BLOCK_SIZE;
- else
diff -r 412f53c4f1e5 -r b6e2a6e7b766 textproc/expat/patches/patch-CVE-2016-0718-2
--- a/textproc/expat/patches/patch-CVE-2016-0718-2 Wed Jun 22 13:01:14 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,324 +0,0 @@
-$NetBSD: patch-CVE-2016-0718-2,v 1.1 2016/05/17 19:15:01 drochner Exp $
-
---- lib/xmltok.c.orig 2016-03-12 03:21:09.000000000 +0000
-+++ lib/xmltok.c
-@@ -318,39 +318,55 @@ enum { /* UTF8_cvalN is value of masked
- UTF8_cval4 = 0xf0
- };
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
- {
-+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
- char *to;
- const char *from;
- if (fromLim - *fromP > toLim - *toP) {
- /* Avoid copying partial characters. */
-+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
- for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
- if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
- break;
- }
-- for (to = *toP, from = *fromP; from != fromLim; from++, to++)
-+ for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++)
- *to = *from;
- *fromP = from;
- *toP = to;
-+
-+ if ((to == toLim) && (from < fromLim))
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
-+ else
-+ return res;
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf16(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- unsigned short **toP, const unsigned short *toLim)
- {
-+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
- unsigned short *to = *toP;
- const char *from = *fromP;
-- while (from != fromLim && to != toLim) {
-+ while (from < fromLim && to < toLim) {
- switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
- case BT_LEAD2:
-+ if (fromLim - from < 2) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ break;
-+ }
- *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));
- from += 2;
- break;
- case BT_LEAD3:
-+ if (fromLim - from < 3) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ break;
-+ }
- *to++ = (unsigned short)(((from[0] & 0xf) << 12)
- | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));
- from += 3;
-@@ -358,8 +374,14 @@ utf8_toUtf16(const ENCODING *enc,
- case BT_LEAD4:
- {
- unsigned long n;
-- if (to + 1 == toLim)
-+ if (toLim - to < 2) {
-+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
- goto after;
-+ }
-+ if (fromLim - from < 4) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ goto after;
-+ }
- n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12)
- | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
- n -= 0x10000;
-@@ -377,6 +399,7 @@ utf8_toUtf16(const ENCODING *enc,
- after:
- *fromP = from;
- *toP = to;
-+ return res;
- }
-
- #ifdef XML_NS
-@@ -425,7 +448,7 @@ static const struct normal_encoding inte
- STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
- };
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
-@@ -433,30 +456,35 @@ latin1_toUtf8(const ENCODING *enc,
- for (;;) {
- unsigned char c;
- if (*fromP == fromLim)
-- break;
-+ return XML_CONVERT_COMPLETED;
- c = (unsigned char)**fromP;
- if (c & 0x80) {
- if (toLim - *toP < 2)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- *(*toP)++ = (char)((c >> 6) | UTF8_cval2);
- *(*toP)++ = (char)((c & 0x3f) | 0x80);
- (*fromP)++;
- }
- else {
- if (*toP == toLim)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- *(*toP)++ = *(*fromP)++;
- }
- }
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf16(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- unsigned short **toP, const unsigned short *toLim)
- {
-- while (*fromP != fromLim && *toP != toLim)
Home |
Main Index |
Thread Index |
Old Index