aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/vuxml/vuln.xml32
-rw-r--r--textproc/libxml2/Makefile48
-rw-r--r--textproc/libxml2/distinfo4
-rw-r--r--textproc/libxml2/files/patch-Makefile.in (renamed from textproc/libxml2/files/patch-aa)35
-rw-r--r--textproc/libxml2/files/patch-config.h.in14
-rw-r--r--textproc/libxml2/files/patch-configure17
-rw-r--r--textproc/libxml2/files/patch-include_libxml_parser.h10
-rw-r--r--textproc/libxml2/files/patch-parser.c358
-rw-r--r--textproc/libxml2/files/patch-parserInternals.c11
-rw-r--r--textproc/libxml2/files/patch-python::Makefile.in20
-rw-r--r--textproc/libxml2/files/patch-python_Makefile.in26
-rw-r--r--textproc/libxml2/files/patch-python_tests_Makefile.in (renamed from textproc/libxml2/files/patch-python::tests::Makefile.in)0
-rw-r--r--textproc/libxml2/files/patch-xpointer.c41
-rw-r--r--textproc/py-libxml2/Makefile10
14 files changed, 479 insertions, 147 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 8a1c681e7aa5..3a0bd202d06d 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="843a4641-9816-11e2-9c51-080027019be0">
+ <topic>libxml2 -- cpu consumption Dos</topic>
+ <affects>
+ <package>
+ <name>libxml2</name>
+ <range><lt>2.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Kurt Seifried reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2013/q1/391">
+ <p>libxml2 is affected by the expansion of internal entities
+ (which can be used to consume resources) and external entities
+ (which can cause a denial of service against other services,
+ be used to port scan, etc.)..</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0338</cvename>
+ <cvename>CVE-2013-0339</cvename>
+ <url>http://seclists.org/oss-sec/2013/q1/391</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2013-0338</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2013-0339</url>
+ </references>
+ <dates>
+ <discovery>2013-02-21</discovery>
+ <entry>2013-03-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="daf0a339-9850-11e2-879e-d43d7e0c7c02">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 72659672cec9..ac16eb3ac07d 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -3,17 +3,11 @@
# Whom: Yukihiro Nakai <Nakai@technologist.com>
#
# $FreeBSD$
-#
-# WITHOUT_SCHEMA disable XML schema support
-# WITHOUT_THREADS disable threads support
-# WITH_MEM_DEBUG enable memory debugging (DEVELOPERS ONLY!)
-# WITH_XMLLINT_HIST enable history for xmllint
-# WITH_THREAD_ALLOC enable per-thread memory (DEVELOPERS ONLY!)
-#
+# $MCom: ports/textproc/libxml2/Makefile,v 1.15 2012/11/26 19:55:23 kwm Exp $
PORTNAME= libxml2
-PORTVERSION= 2.7.8
-PORTREVISION?= 5
+PORTVERSION= 2.8.0
+PORTREVISION?= 0
CATEGORIES?= textproc gnome
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
ftp://gd.tuwien.ac.at/pub/libxml/
@@ -27,46 +21,52 @@ COMMENT?= XML parser library for GNOME
USE_CSTD= gnu89
USE_GMAKE= yes
MAKE_JOBS_SAFE= yes
+USE_ICONV= yes
GNU_CONFIGURE= yes
-USE_GNOME?= gnomehack pkgconfig
+USES= pathfix
+USE_GNOME?= pkgconfig
USE_LDCONFIG= yes
-CONFIGURE_ARGS?=--with-html-dir=${PREFIX}/share/doc \
+CONFIGURE_ARGS?=--with-iconv=${LOCALBASE} \
+ --with-html-dir=${PREFIX}/share/doc \
--with-html-subdir=${PORTNAME} \
--without-python
CPPFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
-.if !defined(WITHOUT_ICONV)
-USE_ICONV= yes
-CONFIGURE_ARGS+=--with-iconv=${LOCALBASE}
-.else
-CONFIGURE_ARGS+=--with-iconv=no
-.endif
-
.if !defined(MASTERDIR)
MAN1= xml2-config.1 xmllint.1 xmlcatalog.1
MAN3= libxml.3
-.endif
-.if defined(WITHOUT_SCHEMA)
+OPTIONS_DEFINE= SCHEMA THREADS MEM_DEBUG XMLLINT_HIST THREAD_ALLOC
+OPTIONS_DEFAULT=SCHEMA THREADS
+SCHEMA_DESC= XML schema support
+THREADS_DESC= Threads support
+MEM_DEBUG_DESC= Memory debugging (DEVELOPERS ONLY!)
+XMLLINT_HIST_DESC= History for xmllint
+THREAD_ALLOC_DESc= Per-thread memory (DEVELOPERS ONLY!)
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MSCHEMA}
CONFIGURE_ARGS+= --without-schemas
.endif
-.if defined(WITHOUT_THREADS)
+.if ${PORT_OPTIONS:MTHREADS}
CONFIGURE_ARGS+= --without-threads
.endif
-.if defined(WITH_MEM_DEBUG)
+.if ${PORT_OPTIONS:MMEM_DEBUG}
CONFIGURE_ARGS+= --with-mem-debug
.endif
-.if defined(WITH_XMLLINT_HIST)
+.if ${PORT_OPTIONS:MXMLLINT_HIST}
CONFIGURE_ARGS+= --with-history
.endif
-.if defined(WITH_THREAD_ALLOC)
+.if ${PORT_OPTIONS:MTHREAD_ALLOC}
CONFIGURE_ARGS+= --with-thread-alloc
.endif
+.endif # !defined(MASTERDIR)
post-patch:
.for d in . doc doc/devhelp doc/examples
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 41f22cc4ce6d..19079f76515d 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,2 +1,2 @@
-SHA256 (gnome2/libxml2-2.7.8.tar.gz) = cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec
-SIZE (gnome2/libxml2-2.7.8.tar.gz) = 4881808
+SHA256 (gnome2/libxml2-2.8.0.tar.gz) = f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a
+SIZE (gnome2/libxml2-2.8.0.tar.gz) = 4915203
diff --git a/textproc/libxml2/files/patch-aa b/textproc/libxml2/files/patch-Makefile.in
index b5f110bd8368..df4c9761dc52 100644
--- a/textproc/libxml2/files/patch-aa
+++ b/textproc/libxml2/files/patch-Makefile.in
@@ -1,17 +1,17 @@
$FreeBSD$
---- Makefile.in.orig 2012-08-16 19:47:20.000000000 +0200
-+++ Makefile.in 2012-08-16 19:47:48.000000000 +0200
-@@ -564,7 +564,7 @@ top_build_prefix = @top_build_prefix@
+--- Makefile.in.orig 2012-08-16 19:38:10.000000000 +0200
++++ Makefile.in 2012-08-16 19:39:09.000000000 +0200
+@@ -586,7 +586,7 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@
+SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@
DIST_SUBDIRS = include . doc example python xstc
- INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@
+ INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ @LZMA_CFLAGS@
bin_SCRIPTS = xml2-config
-@@ -574,7 +574,7 @@ libxml2_la_LIBADD = @THREAD_LIBS@ @Z_LIB
+@@ -596,7 +596,7 @@
@USE_VERSION_SCRIPT_TRUE@LIBXML2_VERSION_SCRIPT = $(VERSION_SCRIPT_FLAGS)$(srcdir)/libxml2.syms
libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ \
$(LIBXML2_VERSION_SCRIPT) \
@@ -20,7 +20,7 @@
@MODULE_PLATFORM_LIBS@
@WITH_TRIO_SOURCES_FALSE@libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \
-@@ -690,7 +690,7 @@ runxmlconf_LDFLAGS =
+@@ -712,7 +712,7 @@
runxmlconf_DEPENDENCIES = $(DEPS)
runxmlconf_LDADD = $(LDADDS)
CLEANFILES = xml2Conf.sh *.gcda *.gcno
@@ -29,7 +29,7 @@
confexec_DATA = xml2Conf.sh
CVS_EXTRA_DIST =
EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \
-@@ -713,8 +713,8 @@ pkgconfig_DATA = libxml-2.0.pc
+@@ -735,8 +735,8 @@
# Install the tests program sources as examples
#
BASE_DIR = $(datadir)/doc
@@ -40,16 +40,16 @@
#
# Coverage support, largely borrowed from libvirt
-@@ -1069,7 +1069,7 @@ distclean-compile:
+@@ -1094,7 +1094,7 @@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
--@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-+@am__fastdepCC_TRUE@ $(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
- @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+ @am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@@ -1548,7 +1548,7 @@ distcleancheck: distclean
+@@ -1574,7 +1574,7 @@
exit 1; } >&2
check-am: all-am
check: check-recursive
@@ -58,3 +58,12 @@
config.h
install-binPROGRAMS: install-libLTLIBRARIES
+@@ -1634,7 +1634,7 @@
+
+ info-am:
+
+-install-data-am: install-data-local install-m4dataDATA install-man \
++install-data-am: install-m4dataDATA install-man \
+ install-pkgconfigDATA
+
+ install-dvi: install-dvi-recursive
diff --git a/textproc/libxml2/files/patch-config.h.in b/textproc/libxml2/files/patch-config.h.in
index e86bbf40ec89..419a2c5de8ab 100644
--- a/textproc/libxml2/files/patch-config.h.in
+++ b/textproc/libxml2/files/patch-config.h.in
@@ -1,11 +1,11 @@
---- config.h.in.orig Sun Nov 3 16:55:05 2002
-+++ config.h.in Tue Nov 19 00:06:05 2002
-@@ -1,4 +1,8 @@
+--- config.h.in.orig 2012-05-23 10:56:31.000000000 +0200
++++ config.h.in 2012-07-23 09:34:22.000000000 +0200
+@@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.in by autoheader. */
-+
+
+/* XXX */
+#define HAVE_VFSCANF
+
- #undef PACKAGE
- #undef VERSION
- #undef HAVE_LIBZ
+ /* Define to 1 if you have the <ansidecl.h> header file. */
+ #undef HAVE_ANSIDECL_H
+
diff --git a/textproc/libxml2/files/patch-configure b/textproc/libxml2/files/patch-configure
index 9187f174fd50..e930a1da75eb 100644
--- a/textproc/libxml2/files/patch-configure
+++ b/textproc/libxml2/files/patch-configure
@@ -1,15 +1,6 @@
---- configure.orig 2010-11-27 15:40:06.000000000 +0100
-+++ configure 2010-11-27 15:40:06.000000000 +0100
-@@ -11414,7 +11414,7 @@ else
- esac
- fi
-
-- if test -z "$VERSION_SCRIPT_FLAGS"; then
-+ if test -n "$VERSION_SCRIPT_FLAGS"; then
- USE_VERSION_SCRIPT_TRUE=
- USE_VERSION_SCRIPT_FALSE='#'
- else
-@@ -13501,11 +13501,12 @@ fi
+--- configure.orig 2012-08-04 11:48:19.000000000 +0200
++++ configure 2012-08-04 11:50:50.000000000 +0200
+@@ -14228,11 +14228,12 @@ fi
fi
if test "$PYTHON_VERSION" != ""
then
@@ -23,7 +14,7 @@
else
if test -r $prefix/include/python$PYTHON_VERSION/Python.h
then
-@@ -13901,6 +13902,8 @@ fi
+@@ -14635,6 +14636,8 @@ fi
fi
fi
;;
diff --git a/textproc/libxml2/files/patch-include_libxml_parser.h b/textproc/libxml2/files/patch-include_libxml_parser.h
new file mode 100644
index 000000000000..03632be45452
--- /dev/null
+++ b/textproc/libxml2/files/patch-include_libxml_parser.h
@@ -0,0 +1,10 @@
+--- include/libxml/parser.h.orig 2012-05-15 03:09:43.000000000 +0000
++++ include/libxml/parser.h 2013-03-13 09:42:57.000000000 +0000
+@@ -310,6 +310,7 @@
+ xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */
+
+ int input_id; /* we need to label inputs */
++ unsigned long sizeentcopy; /* volume of entity copy */
+ };
+
+ /**
diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c
index d44616c8f1eb..1316d921d0f5 100644
--- a/textproc/libxml2/files/patch-parser.c
+++ b/textproc/libxml2/files/patch-parser.c
@@ -1,25 +1,343 @@
-Commit doesn't mention it but this fixes CVE-2011-3919
-From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 16 Dec 2011 10:53:35 +0000
-Subject: Fix an allocation error when copying entities
-
----
-(limited to 'parser.c')
-
-diff --git a/parser.c b/parser.c
-index 4e5dcb9..c55e41d 100644
---- parser.c
-+++ parser.c
-@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+--- parser.c.orig 2013-03-13 09:36:07.000000000 +0000
++++ parser.c 2013-03-13 09:35:54.000000000 +0000
+@@ -40,6 +40,7 @@
+ #endif
+
+ #include <stdlib.h>
++#include <limits.h>
+ #include <string.h>
+ #include <stdarg.h>
+ #include <libxml/xmlmemory.h>
+@@ -117,16 +118,33 @@
+ * parser option.
+ */
+ static int
+-xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
+- xmlEntityPtr ent)
++xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
++ xmlEntityPtr ent, size_t replacement)
+ {
+- unsigned long consumed = 0;
++ size_t consumed = 0;
+
+ if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
+ return (0);
+ if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
+ return (1);
+- if (size != 0) {
++ if (replacement != 0) {
++ if (replacement < XML_MAX_TEXT_LENGTH)
++ return(0);
++
++ /*
++ * If the volume of entity copy reaches 10 times the
++ * amount of parsed data and over the large text threshold
++ * then that's very likely to be an abuse.
++ */
++ if (ctxt->input != NULL) {
++ consumed = ctxt->input->consumed +
++ (ctxt->input->cur - ctxt->input->base);
++ }
++ consumed += ctxt->sizeentities;
++
++ if (replacement < XML_PARSER_NON_LINEAR * consumed)
++ return(0);
++ } else if (size != 0) {
+ /*
+ * Do the check based on the replacement size of the entity
+ */
+@@ -172,7 +190,6 @@
+ */
+ return (0);
+ }
+-
+ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
+ return (1);
+ }
+@@ -2589,15 +2606,17 @@
+
+ /*
+ * Macro used to grow the current buffer.
++ * buffer##_size is expected to be a size_t
++ * mem_error: is expected to handle memory allocation failures
+ */
+ #define growBuffer(buffer, n) { \
+ xmlChar *tmp; \
+- buffer##_size *= 2; \
+- buffer##_size += n; \
+- tmp = (xmlChar *) \
+- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
++ size_t new_size = buffer##_size * 2 + n; \
++ if (new_size < buffer##_size) goto mem_error; \
++ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
+ if (tmp == NULL) goto mem_error; \
+ buffer = tmp; \
++ buffer##_size = new_size; \
+ }
+
+ /**
+@@ -2623,14 +2642,14 @@
+ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ int what, xmlChar end, xmlChar end2, xmlChar end3) {
+ xmlChar *buffer = NULL;
+- int buffer_size = 0;
++ size_t buffer_size = 0;
++ size_t nbchars = 0;
+
+ xmlChar *current = NULL;
+ xmlChar *rep = NULL;
+ const xmlChar *last;
+ xmlEntityPtr ent;
+ int c,l;
+- int nbchars = 0;
+
+ if ((ctxt == NULL) || (str == NULL) || (len < 0))
+ return(NULL);
+@@ -2647,7 +2666,7 @@
+ * allocate a translation buffer.
+ */
+ buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
+- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
++ buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
+ if (buffer == NULL) goto mem_error;
+
+ /*
+@@ -2667,7 +2686,7 @@
+ if (val != 0) {
+ COPY_BUF(0,buffer,nbchars,val);
+ }
+- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ }
+ } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
+@@ -2685,7 +2704,7 @@
+ (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
+ if (ent->content != NULL) {
+ COPY_BUF(0,buffer,nbchars,ent->content[0]);
+- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ }
+ } else {
+@@ -2702,9 +2721,8 @@
+ current = rep;
+ while (*current != 0) { /* non input consuming loop */
+ buffer[nbchars++] = *current++;
+- if (nbchars >
+- buffer_size - XML_PARSER_BUFFER_SIZE) {
+- if (xmlParserEntityCheck(ctxt, nbchars, ent))
++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
+ goto int_error;
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ }
+@@ -2717,7 +2735,7 @@
+ const xmlChar *cur = ent->name;
buffer[nbchars++] = '&';
- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
-- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
+- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
++ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
}
for (;i > 0;i--)
- buffer[nbchars++] = *cur++;
---
-cgit v0.9.0.2
+@@ -2745,9 +2763,8 @@
+ current = rep;
+ while (*current != 0) { /* non input consuming loop */
+ buffer[nbchars++] = *current++;
+- if (nbchars >
+- buffer_size - XML_PARSER_BUFFER_SIZE) {
+- if (xmlParserEntityCheck(ctxt, nbchars, ent))
++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
+ goto int_error;
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ }
+@@ -2759,8 +2776,8 @@
+ } else {
+ COPY_BUF(l,buffer,nbchars,c);
+ str += l;
+- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
++ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ }
+ }
+ if (str < last)
+@@ -3764,8 +3781,8 @@
+ xmlChar limit = 0;
+ xmlChar *buf = NULL;
+ xmlChar *rep = NULL;
+- int len = 0;
+- int buf_size = 0;
++ size_t len = 0;
++ size_t buf_size = 0;
+ int c, l, in_space = 0;
+ xmlChar *current = NULL;
+ xmlEntityPtr ent;
+@@ -3787,7 +3804,7 @@
+ * allocate a translation buffer.
+ */
+ buf_size = XML_PARSER_BUFFER_SIZE;
+- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
++ buf = (xmlChar *) xmlMallocAtomic(buf_size);
+ if (buf == NULL) goto mem_error;
+
+ /*
+@@ -3804,7 +3821,7 @@
+
+ if (val == '&') {
+ if (ctxt->replaceEntities) {
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ buf[len++] = '&';
+@@ -3813,7 +3830,7 @@
+ * The reparsing will be done in xmlStringGetNodeList()
+ * called by the attribute() function in SAX.c
+ */
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ buf[len++] = '&';
+@@ -3823,7 +3840,7 @@
+ buf[len++] = ';';
+ }
+ } else if (val != 0) {
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ len += xmlCopyChar(0, &buf[len], val);
+@@ -3835,7 +3852,7 @@
+ ctxt->nbentities += ent->owner;
+ if ((ent != NULL) &&
+ (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ if ((ctxt->replaceEntities == 0) &&
+@@ -3863,7 +3880,7 @@
+ current++;
+ } else
+ buf[len++] = *current++;
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ }
+@@ -3871,7 +3888,7 @@
+ rep = NULL;
+ }
+ } else {
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ if (ent->content != NULL)
+@@ -3899,7 +3916,7 @@
+ * Just output the reference
+ */
+ buf[len++] = '&';
+- while (len > buf_size - i - 10) {
++ while (len + i + 10 > buf_size) {
+ growBuffer(buf, i + 10);
+ }
+ for (;i > 0;i--)
+@@ -3912,7 +3929,7 @@
+ if ((len != 0) || (!normalize)) {
+ if ((!normalize) || (!in_space)) {
+ COPY_BUF(l,buf,len,0x20);
+- while (len > buf_size - 10) {
++ while (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ }
+@@ -3921,7 +3938,7 @@
+ } else {
+ in_space = 0;
+ COPY_BUF(l,buf,len,c);
+- if (len > buf_size - 10) {
++ if (len + 10 > buf_size) {
+ growBuffer(buf, 10);
+ }
+ }
+@@ -3931,7 +3948,7 @@
+ c = CUR_CHAR(l);
+ }
+ if ((in_space) && (normalize)) {
+- while (buf[len - 1] == 0x20) len--;
++ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+ }
+ buf[len] = 0;
+ if (RAW == '<') {
+@@ -3946,7 +3963,18 @@
+ }
+ } else
+ NEXT;
+- if (attlen != NULL) *attlen = len;
++
++ /*
++ * There we potentially risk an overflow, don't allow attribute value of
++ * lenght more than INT_MAX it is a very reasonnable assumption !
++ */
++ if (len >= INT_MAX) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
++ "AttValue lenght too long\n");
++ goto mem_error;
++ }
++
++ if (attlen != NULL) *attlen = (int) len;
+ return(buf);
+
+ mem_error:
+@@ -6964,7 +6992,7 @@
+ xmlFreeNodeList(list);
+ return;
+ }
+- if (xmlParserEntityCheck(ctxt, 0, ent)) {
++ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
+ xmlFreeNodeList(list);
+ return;
+ }
+@@ -7124,6 +7152,13 @@
+ xmlNodePtr nw = NULL, cur, firstChild = NULL;
+
+ /*
++ * We are copying here, make sure there is no abuse
++ */
++ ctxt->sizeentcopy += ent->length;
++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
++ return;
++
++ /*
+ * when operating on a reader, the entities definitions
+ * are always owning the entities subtree.
+ if (ctxt->parseMode == XML_PARSE_READER)
+@@ -7163,6 +7198,14 @@
+ } else if (list == NULL) {
+ xmlNodePtr nw = NULL, cur, next, last,
+ firstChild = NULL;
++
++ /*
++ * We are copying here, make sure there is no abuse
++ */
++ ctxt->sizeentcopy += ent->length;
++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
++ return;
++
+ /*
+ * Copy the entity child list and make it the new
+ * entity child list. The goal is to make sure any
+@@ -14343,6 +14386,7 @@
+ ctxt->catalogs = NULL;
+ ctxt->nbentities = 0;
+ ctxt->sizeentities = 0;
++ ctxt->sizeentcopy = 0;
+ xmlInitNodeInfoSeq(&ctxt->node_seq);
+
+ if (ctxt->attsDefault != NULL) {
diff --git a/textproc/libxml2/files/patch-parserInternals.c b/textproc/libxml2/files/patch-parserInternals.c
new file mode 100644
index 000000000000..ac0123de03c2
--- /dev/null
+++ b/textproc/libxml2/files/patch-parserInternals.c
@@ -0,0 +1,11 @@
+--- parserInternals.c.orig 2012-05-15 03:16:38.000000000 +0000
++++ parserInternals.c 2013-03-13 09:35:54.000000000 +0000
+@@ -1761,6 +1761,8 @@
+ ctxt->charset = XML_CHAR_ENCODING_UTF8;
+ ctxt->catalogs = NULL;
+ ctxt->nbentities = 0;
++ ctxt->sizeentities = 0;
++ ctxt->sizeentcopy = 0;
+ ctxt->input_id = 1;
+ xmlInitNodeInfoSeq(&ctxt->node_seq);
+ return(0);
diff --git a/textproc/libxml2/files/patch-python::Makefile.in b/textproc/libxml2/files/patch-python::Makefile.in
deleted file mode 100644
index 37a01dce1d23..000000000000
--- a/textproc/libxml2/files/patch-python::Makefile.in
+++ /dev/null
@@ -1,20 +0,0 @@
---- python/Makefile.in.orig 2008-05-23 22:39:11.000000000 -0500
-+++ python/Makefile.in 2008-05-23 22:40:42.000000000 -0500
-@@ -322,7 +322,7 @@
- -I$(top_builddir)/include \
- -I$(top_builddir)/$(subdir)
-
--docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)
-+docsdir = $(datadir)/doc/py-libxml2
- # libxml2class.txt is generated
- dist_docs_DATA = TODO
- EXTRA_DIST = \
-@@ -335,7 +335,7 @@
-
- libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version
- @WITH_PYTHON_TRUE@mylibs = \
--@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la
-+@WITH_PYTHON_TRUE@ -lxml2
-
- @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la
- @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = libxml.c types.c
diff --git a/textproc/libxml2/files/patch-python_Makefile.in b/textproc/libxml2/files/patch-python_Makefile.in
new file mode 100644
index 000000000000..56427195122a
--- /dev/null
+++ b/textproc/libxml2/files/patch-python_Makefile.in
@@ -0,0 +1,26 @@
+--- python/Makefile.in.orig 2012-08-04 12:00:53.000000000 +0200
++++ python/Makefile.in 2012-08-04 12:02:59.000000000 +0200
+@@ -395,7 +395,7 @@
+ -I$(top_builddir)/include \
+ -I$(top_builddir)/$(subdir)
+
+-docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)
++docsdir = $(datadir)/doc/py-libxml2
+ # libxml2class.txt is generated
+ dist_docs_DATA = TODO
+ EXTRA_DIST = \
+@@ -408,12 +408,12 @@
+
+ libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version
+ @WITH_PYTHON_TRUE@mylibs = \
+-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la
++@WITH_PYTHON_TRUE@ -lxml2
+
+ @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la
+ @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = $(srcdir)/libxml.c $(srcdir)/types.c
+ @WITH_PYTHON_TRUE@nodist_libxml2mod_la_SOURCES = libxml2-py.c
+-@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ -lpython$(PYTHON_VERSION)
++@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@
+ @WITH_PYTHON_TRUE@python_DATA = \
+ @WITH_PYTHON_TRUE@ libxml2.py
+
diff --git a/textproc/libxml2/files/patch-python::tests::Makefile.in b/textproc/libxml2/files/patch-python_tests_Makefile.in
index 405539d86ce6..405539d86ce6 100644
--- a/textproc/libxml2/files/patch-python::tests::Makefile.in
+++ b/textproc/libxml2/files/patch-python_tests_Makefile.in
diff --git a/textproc/libxml2/files/patch-xpointer.c b/textproc/libxml2/files/patch-xpointer.c
deleted file mode 100644
index 877ea2a7d920..000000000000
--- a/textproc/libxml2/files/patch-xpointer.c
+++ /dev/null
@@ -1,41 +0,0 @@
-From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
-From: Jüri Aedla <asd@ut.ee>
-Date: Mon, 07 May 2012 07:06:56 +0000
-Subject: Fix an off by one pointer access
-
-getting out of the range of memory allocated for xpointer decoding
-CVE-2011-3102
-
----
-diff --git a/xpointer.c b/xpointer.c
-index 37afa3a..0b463dd 100644
---- xpointer.c
-+++ xpointer.c
-@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) {
- NEXT;
- break;
- }
-- *cur++ = CUR;
- } else if (CUR == '(') {
- level++;
-- *cur++ = CUR;
- } else if (CUR == '^') {
-- NEXT;
-- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
-- *cur++ = CUR;
-- } else {
-- *cur++ = '^';
-- *cur++ = CUR;
-- }
-- } else {
-- *cur++ = CUR;
-+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
-+ NEXT;
-+ }
- }
-+ *cur++ = CUR;
- NEXT;
- }
- *cur = 0;
---
-cgit v0.9.0.2
diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile
index 29c6aa62c811..cd715806d4c4 100644
--- a/textproc/py-libxml2/Makefile
+++ b/textproc/py-libxml2/Makefile
@@ -1,11 +1,7 @@
-# New ports collection makefile for: py-libxml2
-# Date created: 30 Jun 2004
-# Whom: Alexander Nedotsukov <bland@FreeBSD.org>
-#
+# Created by: Alexander Nedotsukov <bland@FreeBSD.org>
# $FreeBSD$
-#
-PORTREVISION= 2
+PORTREVISION= 0
CATEGORIES= textproc gnome python
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@@ -18,7 +14,7 @@ INSTALL_WRKSRC= ${BUILD_WRKSRC}
DESCR= ${.CURDIR}/pkg-descr
PLIST= ${.CURDIR}/pkg-plist
-USE_GNOME= gnomehack libxml2
+USE_GNOME+= libxml2
USE_PYTHON= yes
CPPFLAGS+= `${PYTHON_VERSION}-config --cflags`
LDFLAGS+= `${PYTHON_VERSION}-config --libs`