pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2021Q1]: pkgsrc/textproc Pullup ticket #6458 - requested by nia
details: https://anonhg.NetBSD.org/pkgsrc/rev/a4b77a7d5387
branches: pkgsrc-2021Q1
changeset: 453225:a4b77a7d5387
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue May 25 14:44:14 2021 +0000
description:
Pullup ticket #6458 - requested by nia
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.159
- textproc/libxml2/Makefile.common 1.14
- textproc/libxml2/distinfo 1.135
- textproc/libxml2/patches/patch-parser.c deleted
- textproc/libxml2/patches/patch-python-types.c deleted
- textproc/libxml2/patches/patch-python_libxml.c deleted
- textproc/libxml2/patches/patch-xmlschemas.c deleted
- textproc/py-libxml2/Makefile 1.68
---
Module Name: pkgsrc
Committed By: nia
Date: Sun May 23 19:31:47 UTC 2021
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common distinfo
pkgsrc/textproc/py-libxml2: Makefile
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-parser.c patch-python-types.c
patch-python_libxml.c patch-xmlschemas.c
Log Message:
libxml2: update to 2.9.12
2.9.12:
"Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball."
2.9.11:
"Prompted by CVE-2021-3541, but this includes an awful lot of serious bug
fixes by Nick and others."
diffstat:
textproc/libxml2/Makefile | 3 +-
textproc/libxml2/Makefile.common | 7 +--
textproc/libxml2/distinfo | 10 ++--
textproc/libxml2/patches/patch-parser.c | 38 -------------------
textproc/libxml2/patches/patch-python-types.c | 52 --------------------------
textproc/libxml2/patches/patch-python_libxml.c | 51 -------------------------
textproc/libxml2/patches/patch-xmlschemas.c | 39 -------------------
textproc/py-libxml2/Makefile | 3 +-
8 files changed, 10 insertions(+), 193 deletions(-)
diffs (256 lines):
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/Makefile
--- a/textproc/libxml2/Makefile Fri May 21 15:01:29 2021 +0000
+++ b/textproc/libxml2/Makefile Tue May 25 14:44:14 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.157 2020/11/05 09:07:10 ryoon Exp $
+# $NetBSD: Makefile,v 1.157.4.1 2021/05/25 14:44:14 bsiegert Exp $
.include "../../textproc/libxml2/Makefile.common"
-PKGREVISION= 3
COMMENT= XML parser library from the GNOME project
LICENSE= modified-bsd
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/Makefile.common
--- a/textproc/libxml2/Makefile.common Fri May 21 15:01:29 2021 +0000
+++ b/textproc/libxml2/Makefile.common Tue May 25 14:44:14 2021 +0000
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile.common,v 1.13 2019/11/06 13:19:43 wiz Exp $
+# $NetBSD: Makefile.common,v 1.13.12.1 2021/05/25 14:44:14 bsiegert Exp $
#
# used by textproc/libxml2/Makefile
# used by textproc/py-libxml2/Makefile
-DISTNAME= libxml2-2.9.10
+DISTNAME= libxml2-2.9.12
CATEGORIES= textproc
-MASTER_SITES= ftp://xmlsoft.org/libxml2/
-MASTER_SITES+= http://xmlsoft.org/sources/
+MASTER_SITES= http://xmlsoft.org/sources/
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://xmlsoft.org/
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/distinfo
--- a/textproc/libxml2/distinfo Fri May 21 15:01:29 2021 +0000
+++ b/textproc/libxml2/distinfo Tue May 25 14:44:14 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.134 2020/11/08 23:31:44 js Exp $
+$NetBSD: distinfo,v 1.134.4.1 2021/05/25 14:44:14 bsiegert Exp $
-SHA1 (libxml2-2.9.10.tar.gz) = db6592ec9ca9708c4e71bf6bfd907bbb5cd40644
-RMD160 (libxml2-2.9.10.tar.gz) = 455f81e1f121c63dac96802de7f83ce4483f1afe
-SHA512 (libxml2-2.9.10.tar.gz) = 0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed
-Size (libxml2-2.9.10.tar.gz) = 5624761 bytes
+SHA1 (libxml2-2.9.12.tar.gz) = 339fe5bb2a7d0c13f068c26d8f7cd194c13f9a2a
+RMD160 (libxml2-2.9.12.tar.gz) = 766b9460b9e62b8152f431747c30c88c868c0c7e
+SHA512 (libxml2-2.9.12.tar.gz) = df1c6486e80f0fcf3c506f3599bcfb94b620c00d0b5d26831bc983daa78d58ec58b5057b1ec7c1a26c694f40199c6234ee2a6dcabf65abfa10c447cb5705abbd
+Size (libxml2-2.9.12.tar.gz) = 5681632 bytes
SHA1 (patch-Makefile.in) = e687eaa9805b855b0c8a944ec5c597bd34954472
SHA1 (patch-catalog.c) = 34afe787f6012b460a85be993048e133907a1621
SHA1 (patch-configure) = f6e9f08377a537657df08deee17a5cc66c60b808
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/patches/patch-parser.c
--- a/textproc/libxml2/patches/patch-parser.c Fri May 21 15:01:29 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
-$NetBSD: patch-parser.c,v 1.7 2020/01/24 10:40:36 kim Exp $
-
-Fix CVE-2020-7595
-
-https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076.patch
-
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1%huawei.com@localhost>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1%huawei.com@localhost>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- parser.c
-+++ parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- else
- c = 0;
- while ((c != 0) && (c != end) && /* non input consuming loop */
-- (c != end2) && (c != end3)) {
-+ (c != end2) && (c != end3) &&
-+ (ctxt->instate != XML_PARSER_EOF)) {
-
- if (c == 0) break;
- if ((c == '&') && (str[1] == '#')) {
---
-2.24.1
-
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/patches/patch-python-types.c
--- a/textproc/libxml2/patches/patch-python-types.c Fri May 21 15:01:29 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-$NetBSD: patch-python-types.c,v 1.1 2020/11/08 23:31:44 js Exp $
-
-Fix compilation with Python 3.9.
-
---- python/types.c.orig 2019-10-22 18:46:01.000000000 +0000
-+++ python/types.c
-@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject
- if (obj == NULL) {
- return (NULL);
- }
-- if PyFloat_Check (obj) {
-+ if (PyFloat_Check (obj)) {
- ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj));
-- } else if PyLong_Check(obj) {
-+ } else if (PyLong_Check(obj)) {
- #ifdef PyLong_AS_LONG
- ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj));
- #else
- ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj));
- #endif
- #ifdef PyBool_Check
-- } else if PyBool_Check (obj) {
-+ } else if (PyBool_Check (obj)) {
-
- if (obj == Py_True) {
- ret = xmlXPathNewBoolean(1);
-@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject
- ret = xmlXPathNewBoolean(0);
- }
- #endif
-- } else if PyBytes_Check (obj) {
-+ } else if (PyBytes_Check (obj)) {
- xmlChar *str;
-
- str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj),
- PyBytes_GET_SIZE(obj));
- ret = xmlXPathWrapString(str);
- #ifdef PyUnicode_Check
-- } else if PyUnicode_Check (obj) {
-+ } else if (PyUnicode_Check (obj)) {
- #if PY_VERSION_HEX >= 0x03030000
- xmlChar *str;
- const char *tmp;
-@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject
- ret = xmlXPathWrapString(str);
- #endif
- #endif
-- } else if PyList_Check (obj) {
-+ } else if (PyList_Check (obj)) {
- int i;
- PyObject *node;
- xmlNodePtr cur;
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/patches/patch-python_libxml.c
--- a/textproc/libxml2/patches/patch-python_libxml.c Fri May 21 15:01:29 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,51 +0,0 @@
-$NetBSD: patch-python_libxml.c,v 1.2 2020/11/08 23:31:44 js Exp $
-
-Avoid returning invalid UTF-8 strings to python.
-Based on https://bugzilla.opensuse.org/attachment.cgi?id=746044&action=edit
-Fixes https://github.com/itstool/itstool/issues/22
-Fix compilation with Python 3.9.
-
---- python/libxml.c.orig 2019-10-22 18:46:01.000000000 +0000
-+++ python/libxml.c
-@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, ch
- lenread = PyBytes_Size(ret);
- data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
-- } else if PyUnicode_Check (ret) {
-+ } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
- Py_ssize_t size;
- const char *tmp;
-@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char
- lenread = PyBytes_Size(ret);
- data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
-- } else if PyUnicode_Check (ret) {
-+ } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
- Py_ssize_t size;
- const char *tmp;
-@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- PyObject *message;
- PyObject *result;
- char str[1000];
-+ unsigned char *ptr = (unsigned char *)str;
-
- #ifdef DEBUG_ERROR
- printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
-@@ -1636,10 +1637,14 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
- str[999] = 0;
- va_end(ap);
-
-+ /* Ensure the error string doesn't start at UTF8 continuation. */
-+ while (*ptr && (*ptr & 0xc0) == 0x80)
-+ ptr++;
-+
- list = PyTuple_New(2);
- PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
- Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
-- message = libxml_charPtrConstWrap(str);
-+ message = libxml_charPtrConstWrap(ptr);
- PyTuple_SetItem(list, 1, message);
- result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
- Py_XDECREF(list);
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/libxml2/patches/patch-xmlschemas.c
--- a/textproc/libxml2/patches/patch-xmlschemas.c Fri May 21 15:01:29 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-$NetBSD: patch-xmlschemas.c,v 1.1 2020/01/24 10:40:36 kim Exp $
-
-Fix CVE-2019-20388
-
-https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68.patch
-
-From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1%huawei.com@localhost>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1%huawei.com@localhost>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- xmlschemas.c
-+++ xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
- vctxt->nberrors = 0;
- vctxt->depth = -1;
- vctxt->skipDepth = -1;
-- vctxt->xsiAssemble = 0;
- vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
- vctxt->createIDCNodeTables = 1;
---
-2.24.1
-
diff -r 36f937f0e9d7 -r a4b77a7d5387 textproc/py-libxml2/Makefile
--- a/textproc/py-libxml2/Makefile Fri May 21 15:01:29 2021 +0000
+++ b/textproc/py-libxml2/Makefile Tue May 25 14:44:14 2021 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.66 2020/11/05 09:09:14 ryoon Exp $
+# $NetBSD: Makefile,v 1.66.4.1 2021/05/25 14:44:14 bsiegert Exp $
-PKGREVISION= 2
.include "../../textproc/libxml2/Makefile.common"
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
Home |
Main Index |
Thread Index |
Old Index