Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 62F997A2E1
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed, 28 Dec 2016 17:14:22 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id D39F785682; Wed, 28 Dec 2016 17:14:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 6331185675
	for <pkgsrc-changes@NetBSD.org>; Wed, 28 Dec 2016 17:14:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id EIpRE7rfAQ3Z for <pkgsrc-changes@netbsd.org>;
	Wed, 28 Dec 2016 17:14:20 +0000 (UTC)
Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 951DC85660
	for <pkgsrc-changes@NetBSD.org>; Wed, 28 Dec 2016 17:14:20 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 90381FBA6; Wed, 28 Dec 2016 17:14:20 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_148294526036040"
MIME-Version: 1.0
Date: Wed, 28 Dec 2016 17:14:20 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2016Q3] pkgsrc/textproc/libxml2
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20161228171420.90381FBA6@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_148294526036040
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Wed Dec 28 17:14:20 UTC 2016

Modified Files:
	pkgsrc/textproc/libxml2 [pkgsrc-2016Q3]: Makefile.common distinfo
Added Files:
	pkgsrc/textproc/libxml2/patches [pkgsrc-2016Q3]:
	    patch-result_XPath_xptr_vidbase patch-test_XPath_xptr_vidbase
	    patch-xpath.c patch-xpointer.c

Log Message:
Pullup ticket #5175 - requested by sevan
textproc/libxml2: security fix

Revisions pulled up:
- textproc/libxml2/Makefile.common                              1.4
- textproc/libxml2/distinfo                                     1.114
- textproc/libxml2/patches/patch-result_XPath_xptr_vidbase      1.1
- textproc/libxml2/patches/patch-test_XPath_xptr_vidbase        1.1
- textproc/libxml2/patches/patch-xpath.c                        1.1
- textproc/libxml2/patches/patch-xpointer.c                     1.4

---
   Module Name:    pkgsrc
   Committed By:   sevan
   Date:           Tue Dec 27 02:34:34 UTC 2016

   Modified Files:
           pkgsrc/textproc/libxml2: Makefile.common distinfo
   Added Files:
           pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase
               patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c

   Log Message:
   Patch for CVE-2016-4658 & CVE-2016-5131
   Bump rev


To generate a diff of this commit:
cvs rdiff -u -r1.2.4.1 -r1.2.4.2 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.112.4.1 -r1.112.4.2 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase \
    pkgsrc/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase \
    pkgsrc/textproc/libxml2/patches/patch-xpath.c
cvs rdiff -u -r0 -r1.4.2.2 pkgsrc/textproc/libxml2/patches/patch-xpointer.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_148294526036040
Content-Disposition: inline
Content-Length: 8205
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/textproc/libxml2/Makefile.common
diff -u pkgsrc/textproc/libxml2/Makefile.common:1.2.4.1 pkgsrc/textproc/libxml2/Makefile.common:1.2.4.2
--- pkgsrc/textproc/libxml2/Makefile.common:1.2.4.1	Sun Dec  4 15:40:22 2016
+++ pkgsrc/textproc/libxml2/Makefile.common	Wed Dec 28 17:14:20 2016
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $
+# $NetBSD: Makefile.common,v 1.2.4.2 2016/12/28 17:14:20 bsiegert Exp $
 #
 # used by textproc/libxml2/Makefile
 # used by textproc/py-libxml2/Makefile
 
 DISTNAME=	libxml2-2.9.4
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/

Index: pkgsrc/textproc/libxml2/distinfo
diff -u pkgsrc/textproc/libxml2/distinfo:1.112.4.1 pkgsrc/textproc/libxml2/distinfo:1.112.4.2
--- pkgsrc/textproc/libxml2/distinfo:1.112.4.1	Sun Dec  4 15:40:22 2016
+++ pkgsrc/textproc/libxml2/distinfo	Wed Dec 28 17:14:20 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $
+$NetBSD: distinfo,v 1.112.4.2 2016/12/28 17:14:20 bsiegert Exp $
 
 SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db
 RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56
@@ -11,7 +11,11 @@ SHA1 (patch-ad) = d65b7e3be9694147e96ce4
 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
 SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c
+SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103
 SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6
+SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3
 SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b
 SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959
 SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59
+SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00
+SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032

Added files:

Index: pkgsrc/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase:1.1.2.2
--- /dev/null	Wed Dec 28 17:14:20 2016
+++ pkgsrc/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase	Wed Dec 28 17:14:20 2016
@@ -0,0 +1,24 @@
+$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- result/XPath/xptr/vidbase.orig	2016-12-27 02:22:25.000000000 +0000
++++ result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+   To node
+     ELEMENT p
+ 
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 :   Object is a range :
++  From node
++     /
++  To node
++    ELEMENT chapter
++      ATTRIBUTE id
++        TEXT
++          content=chapter2
++
Index: pkgsrc/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase:1.1.2.2
--- /dev/null	Wed Dec 28 17:14:20 2016
+++ pkgsrc/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase	Wed Dec 28 17:14:20 2016
@@ -0,0 +1,11 @@
+$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- test/XPath/xptr/vidbase.orig	2016-12-27 02:22:06.000000000 +0000
++++ test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
Index: pkgsrc/textproc/libxml2/patches/patch-xpath.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-xpath.c:1.1.2.2
--- /dev/null	Wed Dec 28 17:14:20 2016
+++ pkgsrc/textproc/libxml2/patches/patch-xpath.c	Wed Dec 28 17:14:20 2016
@@ -0,0 +1,27 @@
+$NetBSD: patch-xpath.c,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpath.c.orig	2016-12-27 02:21:53.000000000 +0000
++++ xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
+ 		    lc = 1;
+ 		    break;
+ 		} else if ((NXT(len) == '(')) {
+-		    /* Note Type or Function */
++		    /* Node Type or Function */
+ 		    if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,
+ 				"PathExpr: Type search\n");
+ #endif
+ 			lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++                    } else if (ctxt->xptr &&
++                               xmlStrEqual(name, BAD_CAST "range-to")) {
++                        lc = 1;
++#endif
+ 		    } else {
+ #ifdef DEBUG_STEP
+ 		        xmlGenericError(xmlGenericErrorContext,

Index: pkgsrc/textproc/libxml2/patches/patch-xpointer.c
diff -u /dev/null pkgsrc/textproc/libxml2/patches/patch-xpointer.c:1.4.2.2
--- /dev/null	Wed Dec 28 17:14:20 2016
+++ pkgsrc/textproc/libxml2/patches/patch-xpointer.c	Wed Dec 28 17:14:20 2016
@@ -0,0 +1,102 @@
+$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $
+
+CVE-2016-4658
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+CVE-2016-5131
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+
+--- xpointer.c.orig	2016-12-27 02:19:03.000000000 +0000
++++ xpointer.c
+@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
+     ret->here = here;
+     ret->origin = origin;
+ 
+-    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+-	                 xmlXPtrRangeToFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ 	                 xmlXPtrRangeFunction);
+     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
+  * @nargs:  the number of args
+  *
+  * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+  */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+-    xmlXPathObjectPtr range;
+-    const xmlChar *cur;
+-    xmlXPathObjectPtr res, obj;
+-    xmlXPathObjectPtr tmp;
+-    xmlLocationSetPtr newset = NULL;
+-    xmlNodeSetPtr oldset;
+-    int i;
+-
+-    if (ctxt == NULL) return;
+-    CHECK_ARITY(1);
+-    /*
+-     * Save the expression pointer since we will have to evaluate
+-     * it multiple times. Initialize the new set.
+-     */
+-    CHECK_TYPE(XPATH_NODESET);
+-    obj = valuePop(ctxt);
+-    oldset = obj->nodesetval;
+-    ctxt->context->node = NULL;
+-
+-    cur = ctxt->cur;
+-    newset = xmlXPtrLocationSetCreate(NULL);
+-
+-    for (i = 0; i < oldset->nodeNr; i++) {
+-	ctxt->cur = cur;
+-
+-	/*
+-	 * Run the evaluation with a node list made of a single item
+-	 * in the nodeset.
+-	 */
+-	ctxt->context->node = oldset->nodeTab[i];
+-	tmp = xmlXPathNewNodeSet(ctxt->context->node);
+-	valuePush(ctxt, tmp);
+-
+-	xmlXPathEvalExpr(ctxt);
+-	CHECK_ERROR;
+-
+-	/*
+-	 * The result of the evaluation need to be tested to
+-	 * decided whether the filter succeeded or not
+-	 */
+-	res = valuePop(ctxt);
+-	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+-	if (range != NULL) {
+-	    xmlXPtrLocationSetAdd(newset, range);
+-	}
+-
+-	/*
+-	 * Cleanup
+-	 */
+-	if (res != NULL)
+-	    xmlXPathFreeObject(res);
+-	if (ctxt->value == tmp) {
+-	    res = valuePop(ctxt);
+-	    xmlXPathFreeObject(res);
+-	}
+-
+-	ctxt->context->node = NULL;
+-    }
+-
+-    /*
+-     * The result is used as the new evaluation set.
+-     */
+-    xmlXPathFreeObject(obj);
+-    ctxt->context->node = NULL;
+-    ctxt->context->contextSize = -1;
+-    ctxt->context->proximityPosition = -1;
+-    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++                       int nargs ATTRIBUTE_UNUSED) {
++    XP_ERROR(XPATH_EXPR_ERROR);
+ }
+ 
+ /**


--_----------=_148294526036040--