From 84c85e191789e46998143cccefd90bdd80cc6b8b Mon Sep 17 00:00:00 2001 From: kwm Date: Fri, 29 Mar 2013 14:08:46 +0000 Subject: Update to 2.8.0. [1] Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2] Convert to OptionsNG, rename patches to standard form. [1] Notified by: swills@ [2] Obtained from: gnome team repo [1] Security: 843a4641-9816-11e2-9c51-080027019be0 --- textproc/libxml2/Makefile | 48 +-- textproc/libxml2/distinfo | 4 +- textproc/libxml2/files/patch-Makefile.in | 69 ++++ textproc/libxml2/files/patch-aa | 60 ---- textproc/libxml2/files/patch-config.h.in | 14 +- textproc/libxml2/files/patch-configure | 17 +- .../libxml2/files/patch-include_libxml_parser.h | 10 + textproc/libxml2/files/patch-parser.c | 358 +++++++++++++++++++-- textproc/libxml2/files/patch-parserInternals.c | 11 + textproc/libxml2/files/patch-python::Makefile.in | 20 -- .../libxml2/files/patch-python::tests::Makefile.in | 11 - textproc/libxml2/files/patch-python_Makefile.in | 26 ++ .../libxml2/files/patch-python_tests_Makefile.in | 11 + textproc/libxml2/files/patch-xpointer.c | 41 --- textproc/py-libxml2/Makefile | 10 +- 15 files changed, 505 insertions(+), 205 deletions(-) create mode 100644 textproc/libxml2/files/patch-Makefile.in delete mode 100644 textproc/libxml2/files/patch-aa create mode 100644 textproc/libxml2/files/patch-include_libxml_parser.h create mode 100644 textproc/libxml2/files/patch-parserInternals.c delete mode 100644 textproc/libxml2/files/patch-python::Makefile.in delete mode 100644 textproc/libxml2/files/patch-python::tests::Makefile.in create mode 100644 textproc/libxml2/files/patch-python_Makefile.in create mode 100644 textproc/libxml2/files/patch-python_tests_Makefile.in delete mode 100644 textproc/libxml2/files/patch-xpointer.c (limited to 'textproc') diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 72659672cec9..ac16eb3ac07d 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -3,17 +3,11 @@ # Whom: Yukihiro Nakai # # $FreeBSD$ -# -# WITHOUT_SCHEMA disable XML schema support -# WITHOUT_THREADS disable threads support -# WITH_MEM_DEBUG enable memory debugging (DEVELOPERS ONLY!) -# WITH_XMLLINT_HIST enable history for xmllint -# WITH_THREAD_ALLOC enable per-thread memory (DEVELOPERS ONLY!) -# +# $MCom: ports/textproc/libxml2/Makefile,v 1.15 2012/11/26 19:55:23 kwm Exp $ PORTNAME= libxml2 -PORTVERSION= 2.7.8 -PORTREVISION?= 5 +PORTVERSION= 2.8.0 +PORTREVISION?= 0 CATEGORIES?= textproc gnome MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ ftp://gd.tuwien.ac.at/pub/libxml/ @@ -27,46 +21,52 @@ COMMENT?= XML parser library for GNOME USE_CSTD= gnu89 USE_GMAKE= yes MAKE_JOBS_SAFE= yes +USE_ICONV= yes GNU_CONFIGURE= yes -USE_GNOME?= gnomehack pkgconfig +USES= pathfix +USE_GNOME?= pkgconfig USE_LDCONFIG= yes -CONFIGURE_ARGS?=--with-html-dir=${PREFIX}/share/doc \ +CONFIGURE_ARGS?=--with-iconv=${LOCALBASE} \ + --with-html-dir=${PREFIX}/share/doc \ --with-html-subdir=${PORTNAME} \ --without-python CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -.if !defined(WITHOUT_ICONV) -USE_ICONV= yes -CONFIGURE_ARGS+=--with-iconv=${LOCALBASE} -.else -CONFIGURE_ARGS+=--with-iconv=no -.endif - .if !defined(MASTERDIR) MAN1= xml2-config.1 xmllint.1 xmlcatalog.1 MAN3= libxml.3 -.endif -.if defined(WITHOUT_SCHEMA) +OPTIONS_DEFINE= SCHEMA THREADS MEM_DEBUG XMLLINT_HIST THREAD_ALLOC +OPTIONS_DEFAULT=SCHEMA THREADS +SCHEMA_DESC= XML schema support +THREADS_DESC= Threads support +MEM_DEBUG_DESC= Memory debugging (DEVELOPERS ONLY!) +XMLLINT_HIST_DESC= History for xmllint +THREAD_ALLOC_DESc= Per-thread memory (DEVELOPERS ONLY!) + +.include + +.if ${PORT_OPTIONS:MSCHEMA} CONFIGURE_ARGS+= --without-schemas .endif -.if defined(WITHOUT_THREADS) +.if ${PORT_OPTIONS:MTHREADS} CONFIGURE_ARGS+= --without-threads .endif -.if defined(WITH_MEM_DEBUG) +.if ${PORT_OPTIONS:MMEM_DEBUG} CONFIGURE_ARGS+= --with-mem-debug .endif -.if defined(WITH_XMLLINT_HIST) +.if ${PORT_OPTIONS:MXMLLINT_HIST} CONFIGURE_ARGS+= --with-history .endif -.if defined(WITH_THREAD_ALLOC) +.if ${PORT_OPTIONS:MTHREAD_ALLOC} CONFIGURE_ARGS+= --with-thread-alloc .endif +.endif # !defined(MASTERDIR) post-patch: .for d in . doc doc/devhelp doc/examples diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 41f22cc4ce6d..19079f76515d 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,2 +1,2 @@ -SHA256 (gnome2/libxml2-2.7.8.tar.gz) = cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec -SIZE (gnome2/libxml2-2.7.8.tar.gz) = 4881808 +SHA256 (gnome2/libxml2-2.8.0.tar.gz) = f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a +SIZE (gnome2/libxml2-2.8.0.tar.gz) = 4915203 diff --git a/textproc/libxml2/files/patch-Makefile.in b/textproc/libxml2/files/patch-Makefile.in new file mode 100644 index 000000000000..df4c9761dc52 --- /dev/null +++ b/textproc/libxml2/files/patch-Makefile.in @@ -0,0 +1,69 @@ + $FreeBSD$ + +--- Makefile.in.orig 2012-08-16 19:38:10.000000000 +0200 ++++ Makefile.in 2012-08-16 19:39:09.000000000 +0200 +@@ -586,7 +586,7 @@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ + ACLOCAL_AMFLAGS = -I m4 +-SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@ ++SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@ + DIST_SUBDIRS = include . doc example python xstc + INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ @LZMA_CFLAGS@ + bin_SCRIPTS = xml2-config +@@ -596,7 +596,7 @@ + @USE_VERSION_SCRIPT_TRUE@LIBXML2_VERSION_SCRIPT = $(VERSION_SCRIPT_FLAGS)$(srcdir)/libxml2.syms + libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ \ + $(LIBXML2_VERSION_SCRIPT) \ +- -version-info @LIBXML_VERSION_INFO@ \ ++ -version-info 5:0:0 \ + @MODULE_PLATFORM_LIBS@ + + @WITH_TRIO_SOURCES_FALSE@libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \ +@@ -712,7 +712,7 @@ + runxmlconf_DEPENDENCIES = $(DEPS) + runxmlconf_LDADD = $(LDADDS) + CLEANFILES = xml2Conf.sh *.gcda *.gcno +-confexecdir = $(libdir) ++confexecdir = $(sysconfdir) + confexec_DATA = xml2Conf.sh + CVS_EXTRA_DIST = + EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \ +@@ -735,8 +735,8 @@ + # Install the tests program sources as examples + # + BASE_DIR = $(datadir)/doc +-DOC_MODULE = libxml2-$(VERSION) +-EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples ++DOC_MODULE = libxml2 ++EXAMPLES_DIR = $(datadir)/examples/libxml2 + + # + # Coverage support, largely borrowed from libvirt +@@ -1094,7 +1094,7 @@ + @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< + @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo + @am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@@ -1574,7 +1574,7 @@ + exit 1; } >&2 + check-am: all-am + check: check-recursive +-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \ ++all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \ + config.h + install-binPROGRAMS: install-libLTLIBRARIES + +@@ -1634,7 +1634,7 @@ + + info-am: + +-install-data-am: install-data-local install-m4dataDATA install-man \ ++install-data-am: install-m4dataDATA install-man \ + install-pkgconfigDATA + + install-dvi: install-dvi-recursive diff --git a/textproc/libxml2/files/patch-aa b/textproc/libxml2/files/patch-aa deleted file mode 100644 index b5f110bd8368..000000000000 --- a/textproc/libxml2/files/patch-aa +++ /dev/null @@ -1,60 +0,0 @@ - $FreeBSD$ - ---- Makefile.in.orig 2012-08-16 19:47:20.000000000 +0200 -+++ Makefile.in 2012-08-16 19:47:48.000000000 +0200 -@@ -564,7 +564,7 @@ top_build_prefix = @top_build_prefix@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ - ACLOCAL_AMFLAGS = -I m4 --SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@ -+SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@ - DIST_SUBDIRS = include . doc example python xstc - INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ - bin_SCRIPTS = xml2-config -@@ -574,7 +574,7 @@ libxml2_la_LIBADD = @THREAD_LIBS@ @Z_LIB - @USE_VERSION_SCRIPT_TRUE@LIBXML2_VERSION_SCRIPT = $(VERSION_SCRIPT_FLAGS)$(srcdir)/libxml2.syms - libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ \ - $(LIBXML2_VERSION_SCRIPT) \ -- -version-info @LIBXML_VERSION_INFO@ \ -+ -version-info 5:0:0 \ - @MODULE_PLATFORM_LIBS@ - - @WITH_TRIO_SOURCES_FALSE@libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \ -@@ -690,7 +690,7 @@ runxmlconf_LDFLAGS = - runxmlconf_DEPENDENCIES = $(DEPS) - runxmlconf_LDADD = $(LDADDS) - CLEANFILES = xml2Conf.sh *.gcda *.gcno --confexecdir = $(libdir) -+confexecdir = $(sysconfdir) - confexec_DATA = xml2Conf.sh - CVS_EXTRA_DIST = - EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \ -@@ -713,8 +713,8 @@ pkgconfig_DATA = libxml-2.0.pc - # Install the tests program sources as examples - # - BASE_DIR = $(datadir)/doc --DOC_MODULE = libxml2-$(VERSION) --EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples -+DOC_MODULE = libxml2 -+EXAMPLES_DIR = $(datadir)/examples/libxml2 - - # - # Coverage support, largely borrowed from libvirt -@@ -1069,7 +1069,7 @@ distclean-compile: - @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< - @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo - @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@@ -1548,7 +1548,7 @@ distcleancheck: distclean - exit 1; } >&2 - check-am: all-am - check: check-recursive --all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \ -+all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \ - config.h - install-binPROGRAMS: install-libLTLIBRARIES - diff --git a/textproc/libxml2/files/patch-config.h.in b/textproc/libxml2/files/patch-config.h.in index e86bbf40ec89..419a2c5de8ab 100644 --- a/textproc/libxml2/files/patch-config.h.in +++ b/textproc/libxml2/files/patch-config.h.in @@ -1,11 +1,11 @@ ---- config.h.in.orig Sun Nov 3 16:55:05 2002 -+++ config.h.in Tue Nov 19 00:06:05 2002 -@@ -1,4 +1,8 @@ +--- config.h.in.orig 2012-05-23 10:56:31.000000000 +0200 ++++ config.h.in 2012-07-23 09:34:22.000000000 +0200 +@@ -1,5 +1,8 @@ /* config.h.in. Generated from configure.in by autoheader. */ -+ + +/* XXX */ +#define HAVE_VFSCANF + - #undef PACKAGE - #undef VERSION - #undef HAVE_LIBZ + /* Define to 1 if you have the header file. */ + #undef HAVE_ANSIDECL_H + diff --git a/textproc/libxml2/files/patch-configure b/textproc/libxml2/files/patch-configure index 9187f174fd50..e930a1da75eb 100644 --- a/textproc/libxml2/files/patch-configure +++ b/textproc/libxml2/files/patch-configure @@ -1,15 +1,6 @@ ---- configure.orig 2010-11-27 15:40:06.000000000 +0100 -+++ configure 2010-11-27 15:40:06.000000000 +0100 -@@ -11414,7 +11414,7 @@ else - esac - fi - -- if test -z "$VERSION_SCRIPT_FLAGS"; then -+ if test -n "$VERSION_SCRIPT_FLAGS"; then - USE_VERSION_SCRIPT_TRUE= - USE_VERSION_SCRIPT_FALSE='#' - else -@@ -13501,11 +13501,12 @@ fi +--- configure.orig 2012-08-04 11:48:19.000000000 +0200 ++++ configure 2012-08-04 11:50:50.000000000 +0200 +@@ -14228,11 +14228,12 @@ fi fi if test "$PYTHON_VERSION" != "" then @@ -23,7 +14,7 @@ else if test -r $prefix/include/python$PYTHON_VERSION/Python.h then -@@ -13901,6 +13902,8 @@ fi +@@ -14635,6 +14636,8 @@ fi fi fi ;; diff --git a/textproc/libxml2/files/patch-include_libxml_parser.h b/textproc/libxml2/files/patch-include_libxml_parser.h new file mode 100644 index 000000000000..03632be45452 --- /dev/null +++ b/textproc/libxml2/files/patch-include_libxml_parser.h @@ -0,0 +1,10 @@ +--- include/libxml/parser.h.orig 2012-05-15 03:09:43.000000000 +0000 ++++ include/libxml/parser.h 2013-03-13 09:42:57.000000000 +0000 +@@ -310,6 +310,7 @@ + xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ + + int input_id; /* we need to label inputs */ ++ unsigned long sizeentcopy; /* volume of entity copy */ + }; + + /** diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c index d44616c8f1eb..1316d921d0f5 100644 --- a/textproc/libxml2/files/patch-parser.c +++ b/textproc/libxml2/files/patch-parser.c @@ -1,25 +1,343 @@ -Commit doesn't mention it but this fixes CVE-2011-3919 -From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Fri, 16 Dec 2011 10:53:35 +0000 -Subject: Fix an allocation error when copying entities - ---- -(limited to 'parser.c') - -diff --git a/parser.c b/parser.c -index 4e5dcb9..c55e41d 100644 ---- parser.c -+++ parser.c -@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, +--- parser.c.orig 2013-03-13 09:36:07.000000000 +0000 ++++ parser.c 2013-03-13 09:35:54.000000000 +0000 +@@ -40,6 +40,7 @@ + #endif + + #include ++#include + #include + #include + #include +@@ -117,16 +118,33 @@ + * parser option. + */ + static int +-xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size, +- xmlEntityPtr ent) ++xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, ++ xmlEntityPtr ent, size_t replacement) + { +- unsigned long consumed = 0; ++ size_t consumed = 0; + + if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) + return (0); + if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) + return (1); +- if (size != 0) { ++ if (replacement != 0) { ++ if (replacement < XML_MAX_TEXT_LENGTH) ++ return(0); ++ ++ /* ++ * If the volume of entity copy reaches 10 times the ++ * amount of parsed data and over the large text threshold ++ * then that's very likely to be an abuse. ++ */ ++ if (ctxt->input != NULL) { ++ consumed = ctxt->input->consumed + ++ (ctxt->input->cur - ctxt->input->base); ++ } ++ consumed += ctxt->sizeentities; ++ ++ if (replacement < XML_PARSER_NON_LINEAR * consumed) ++ return(0); ++ } else if (size != 0) { + /* + * Do the check based on the replacement size of the entity + */ +@@ -172,7 +190,6 @@ + */ + return (0); + } +- + xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); + return (1); + } +@@ -2589,15 +2606,17 @@ + + /* + * Macro used to grow the current buffer. ++ * buffer##_size is expected to be a size_t ++ * mem_error: is expected to handle memory allocation failures + */ + #define growBuffer(buffer, n) { \ + xmlChar *tmp; \ +- buffer##_size *= 2; \ +- buffer##_size += n; \ +- tmp = (xmlChar *) \ +- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \ ++ size_t new_size = buffer##_size * 2 + n; \ ++ if (new_size < buffer##_size) goto mem_error; \ ++ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \ + if (tmp == NULL) goto mem_error; \ + buffer = tmp; \ ++ buffer##_size = new_size; \ + } + + /** +@@ -2623,14 +2642,14 @@ + xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + int what, xmlChar end, xmlChar end2, xmlChar end3) { + xmlChar *buffer = NULL; +- int buffer_size = 0; ++ size_t buffer_size = 0; ++ size_t nbchars = 0; + + xmlChar *current = NULL; + xmlChar *rep = NULL; + const xmlChar *last; + xmlEntityPtr ent; + int c,l; +- int nbchars = 0; + + if ((ctxt == NULL) || (str == NULL) || (len < 0)) + return(NULL); +@@ -2647,7 +2666,7 @@ + * allocate a translation buffer. + */ + buffer_size = XML_PARSER_BIG_BUFFER_SIZE; +- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar)); ++ buffer = (xmlChar *) xmlMallocAtomic(buffer_size); + if (buffer == NULL) goto mem_error; + + /* +@@ -2667,7 +2686,7 @@ + if (val != 0) { + COPY_BUF(0,buffer,nbchars,val); + } +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) { +@@ -2685,7 +2704,7 @@ + (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { + if (ent->content != NULL) { + COPY_BUF(0,buffer,nbchars,ent->content[0]); +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } else { +@@ -2702,9 +2721,8 @@ + current = rep; + while (*current != 0) { /* non input consuming loop */ + buffer[nbchars++] = *current++; +- if (nbchars > +- buffer_size - XML_PARSER_BUFFER_SIZE) { +- if (xmlParserEntityCheck(ctxt, nbchars, ent)) ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) + goto int_error; + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } +@@ -2717,7 +2735,7 @@ + const xmlChar *cur = ent->name; buffer[nbchars++] = '&'; - if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { -- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); -+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); +- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) - buffer[nbchars++] = *cur++; --- -cgit v0.9.0.2 +@@ -2745,9 +2763,8 @@ + current = rep; + while (*current != 0) { /* non input consuming loop */ + buffer[nbchars++] = *current++; +- if (nbchars > +- buffer_size - XML_PARSER_BUFFER_SIZE) { +- if (xmlParserEntityCheck(ctxt, nbchars, ent)) ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) + goto int_error; + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } +@@ -2759,8 +2776,8 @@ + } else { + COPY_BUF(l,buffer,nbchars,c); + str += l; +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } + if (str < last) +@@ -3764,8 +3781,8 @@ + xmlChar limit = 0; + xmlChar *buf = NULL; + xmlChar *rep = NULL; +- int len = 0; +- int buf_size = 0; ++ size_t len = 0; ++ size_t buf_size = 0; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3787,7 +3804,7 @@ + * allocate a translation buffer. + */ + buf_size = XML_PARSER_BUFFER_SIZE; +- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar)); ++ buf = (xmlChar *) xmlMallocAtomic(buf_size); + if (buf == NULL) goto mem_error; + + /* +@@ -3804,7 +3821,7 @@ + + if (val == '&') { + if (ctxt->replaceEntities) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + buf[len++] = '&'; +@@ -3813,7 +3830,7 @@ + * The reparsing will be done in xmlStringGetNodeList() + * called by the attribute() function in SAX.c + */ +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + buf[len++] = '&'; +@@ -3823,7 +3840,7 @@ + buf[len++] = ';'; + } + } else if (val != 0) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + len += xmlCopyChar(0, &buf[len], val); +@@ -3835,7 +3852,7 @@ + ctxt->nbentities += ent->owner; + if ((ent != NULL) && + (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + if ((ctxt->replaceEntities == 0) && +@@ -3863,7 +3880,7 @@ + current++; + } else + buf[len++] = *current++; +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3871,7 +3888,7 @@ + rep = NULL; + } + } else { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + if (ent->content != NULL) +@@ -3899,7 +3916,7 @@ + * Just output the reference + */ + buf[len++] = '&'; +- while (len > buf_size - i - 10) { ++ while (len + i + 10 > buf_size) { + growBuffer(buf, i + 10); + } + for (;i > 0;i--) +@@ -3912,7 +3929,7 @@ + if ((len != 0) || (!normalize)) { + if ((!normalize) || (!in_space)) { + COPY_BUF(l,buf,len,0x20); +- while (len > buf_size - 10) { ++ while (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3921,7 +3938,7 @@ + } else { + in_space = 0; + COPY_BUF(l,buf,len,c); +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3931,7 +3948,7 @@ + c = CUR_CHAR(l); + } + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +@@ -3946,7 +3963,18 @@ + } + } else + NEXT; +- if (attlen != NULL) *attlen = len; ++ ++ /* ++ * There we potentially risk an overflow, don't allow attribute value of ++ * lenght more than INT_MAX it is a very reasonnable assumption ! ++ */ ++ if (len >= INT_MAX) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue lenght too long\n"); ++ goto mem_error; ++ } ++ ++ if (attlen != NULL) *attlen = (int) len; + return(buf); + + mem_error: +@@ -6964,7 +6992,7 @@ + xmlFreeNodeList(list); + return; + } +- if (xmlParserEntityCheck(ctxt, 0, ent)) { ++ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { + xmlFreeNodeList(list); + return; + } +@@ -7124,6 +7152,13 @@ + xmlNodePtr nw = NULL, cur, firstChild = NULL; + + /* ++ * We are copying here, make sure there is no abuse ++ */ ++ ctxt->sizeentcopy += ent->length; ++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) ++ return; ++ ++ /* + * when operating on a reader, the entities definitions + * are always owning the entities subtree. + if (ctxt->parseMode == XML_PARSE_READER) +@@ -7163,6 +7198,14 @@ + } else if (list == NULL) { + xmlNodePtr nw = NULL, cur, next, last, + firstChild = NULL; ++ ++ /* ++ * We are copying here, make sure there is no abuse ++ */ ++ ctxt->sizeentcopy += ent->length; ++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) ++ return; ++ + /* + * Copy the entity child list and make it the new + * entity child list. The goal is to make sure any +@@ -14343,6 +14386,7 @@ + ctxt->catalogs = NULL; + ctxt->nbentities = 0; + ctxt->sizeentities = 0; ++ ctxt->sizeentcopy = 0; + xmlInitNodeInfoSeq(&ctxt->node_seq); + + if (ctxt->attsDefault != NULL) { diff --git a/textproc/libxml2/files/patch-parserInternals.c b/textproc/libxml2/files/patch-parserInternals.c new file mode 100644 index 000000000000..ac0123de03c2 --- /dev/null +++ b/textproc/libxml2/files/patch-parserInternals.c @@ -0,0 +1,11 @@ +--- parserInternals.c.orig 2012-05-15 03:16:38.000000000 +0000 ++++ parserInternals.c 2013-03-13 09:35:54.000000000 +0000 +@@ -1761,6 +1761,8 @@ + ctxt->charset = XML_CHAR_ENCODING_UTF8; + ctxt->catalogs = NULL; + ctxt->nbentities = 0; ++ ctxt->sizeentities = 0; ++ ctxt->sizeentcopy = 0; + ctxt->input_id = 1; + xmlInitNodeInfoSeq(&ctxt->node_seq); + return(0); diff --git a/textproc/libxml2/files/patch-python::Makefile.in b/textproc/libxml2/files/patch-python::Makefile.in deleted file mode 100644 index 37a01dce1d23..000000000000 --- a/textproc/libxml2/files/patch-python::Makefile.in +++ /dev/null @@ -1,20 +0,0 @@ ---- python/Makefile.in.orig 2008-05-23 22:39:11.000000000 -0500 -+++ python/Makefile.in 2008-05-23 22:40:42.000000000 -0500 -@@ -322,7 +322,7 @@ - -I$(top_builddir)/include \ - -I$(top_builddir)/$(subdir) - --docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) -+docsdir = $(datadir)/doc/py-libxml2 - # libxml2class.txt is generated - dist_docs_DATA = TODO - EXTRA_DIST = \ -@@ -335,7 +335,7 @@ - - libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version - @WITH_PYTHON_TRUE@mylibs = \ --@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la -+@WITH_PYTHON_TRUE@ -lxml2 - - @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la - @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = libxml.c types.c diff --git a/textproc/libxml2/files/patch-python::tests::Makefile.in b/textproc/libxml2/files/patch-python::tests::Makefile.in deleted file mode 100644 index 405539d86ce6..000000000000 --- a/textproc/libxml2/files/patch-python::tests::Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- python/tests/Makefile.in.orig 2008-05-23 22:41:49.000000000 -0500 -+++ python/tests/Makefile.in 2008-05-23 22:42:12.000000000 -0500 -@@ -270,7 +270,7 @@ - target_alias = @target_alias@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ --exampledir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)/examples -+exampledir = $(datadir)/examples/py-libxml2 - dist_example_DATA = $(PYTESTS) $(XMLS) - PYTESTS = \ - build.py \ diff --git a/textproc/libxml2/files/patch-python_Makefile.in b/textproc/libxml2/files/patch-python_Makefile.in new file mode 100644 index 000000000000..56427195122a --- /dev/null +++ b/textproc/libxml2/files/patch-python_Makefile.in @@ -0,0 +1,26 @@ +--- python/Makefile.in.orig 2012-08-04 12:00:53.000000000 +0200 ++++ python/Makefile.in 2012-08-04 12:02:59.000000000 +0200 +@@ -395,7 +395,7 @@ + -I$(top_builddir)/include \ + -I$(top_builddir)/$(subdir) + +-docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) ++docsdir = $(datadir)/doc/py-libxml2 + # libxml2class.txt is generated + dist_docs_DATA = TODO + EXTRA_DIST = \ +@@ -408,12 +408,12 @@ + + libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version + @WITH_PYTHON_TRUE@mylibs = \ +-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la ++@WITH_PYTHON_TRUE@ -lxml2 + + @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la + @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = $(srcdir)/libxml.c $(srcdir)/types.c + @WITH_PYTHON_TRUE@nodist_libxml2mod_la_SOURCES = libxml2-py.c +-@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ -lpython$(PYTHON_VERSION) ++@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ + @WITH_PYTHON_TRUE@python_DATA = \ + @WITH_PYTHON_TRUE@ libxml2.py + diff --git a/textproc/libxml2/files/patch-python_tests_Makefile.in b/textproc/libxml2/files/patch-python_tests_Makefile.in new file mode 100644 index 000000000000..405539d86ce6 --- /dev/null +++ b/textproc/libxml2/files/patch-python_tests_Makefile.in @@ -0,0 +1,11 @@ +--- python/tests/Makefile.in.orig 2008-05-23 22:41:49.000000000 -0500 ++++ python/tests/Makefile.in 2008-05-23 22:42:12.000000000 -0500 +@@ -270,7 +270,7 @@ + target_alias = @target_alias@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ +-exampledir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)/examples ++exampledir = $(datadir)/examples/py-libxml2 + dist_example_DATA = $(PYTESTS) $(XMLS) + PYTESTS = \ + build.py \ diff --git a/textproc/libxml2/files/patch-xpointer.c b/textproc/libxml2/files/patch-xpointer.c deleted file mode 100644 index 877ea2a7d920..000000000000 --- a/textproc/libxml2/files/patch-xpointer.c +++ /dev/null @@ -1,41 +0,0 @@ -From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001 -From: Jüri Aedla -Date: Mon, 07 May 2012 07:06:56 +0000 -Subject: Fix an off by one pointer access - -getting out of the range of memory allocated for xpointer decoding -CVE-2011-3102 - ---- -diff --git a/xpointer.c b/xpointer.c -index 37afa3a..0b463dd 100644 ---- xpointer.c -+++ xpointer.c -@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) { - NEXT; - break; - } -- *cur++ = CUR; - } else if (CUR == '(') { - level++; -- *cur++ = CUR; - } else if (CUR == '^') { -- NEXT; -- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) { -- *cur++ = CUR; -- } else { -- *cur++ = '^'; -- *cur++ = CUR; -- } -- } else { -- *cur++ = CUR; -+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) { -+ NEXT; -+ } - } -+ *cur++ = CUR; - NEXT; - } - *cur = 0; --- -cgit v0.9.0.2 diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile index 29c6aa62c811..cd715806d4c4 100644 --- a/textproc/py-libxml2/Makefile +++ b/textproc/py-libxml2/Makefile @@ -1,11 +1,7 @@ -# New ports collection makefile for: py-libxml2 -# Date created: 30 Jun 2004 -# Whom: Alexander Nedotsukov -# +# Created by: Alexander Nedotsukov # $FreeBSD$ -# -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= textproc gnome python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -18,7 +14,7 @@ INSTALL_WRKSRC= ${BUILD_WRKSRC} DESCR= ${.CURDIR}/pkg-descr PLIST= ${.CURDIR}/pkg-plist -USE_GNOME= gnomehack libxml2 +USE_GNOME+= libxml2 USE_PYTHON= yes CPPFLAGS+= `${PYTHON_VERSION}-config --cflags` LDFLAGS+= `${PYTHON_VERSION}-config --libs` -- cgit