Pullup ticket #4696 - requested by spz textproc/libxml2: security patch Revisions pulled up: - textproc/libxml2/Makefile 1.137 - textproc/libxml2/distinfo 1.106 - textproc/libxml2/patches/patch-aa 1.28 - textproc/libxml2/patches/patch-ab 1.28 - textproc/libxml2/patches/patch-ac 1.8 - textproc/libxml2/patches/patch-ad 1.18 - textproc/libxml2/patches/patch-ae 1.14 - textproc/libxml2/patches/patch-ag 1.12 - textproc/libxml2/patches/patch-aj 1.4 - textproc/libxml2/patches/patch-buf.c 1.1 - textproc/libxml2/patches/patch-include_libxml_tree.h 1.1 - textproc/libxml2/patches/patch-threads.c 1.5 - textproc/libxml2/patches/patch-xmlreader.c 1.1 --- Module Name: pkgsrc Committed By: spz Date: Fri Apr 24 11:32:29 UTC 2015 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-ag patch-aj patch-threads.c Added Files: pkgsrc/textproc/libxml2/patches: patch-buf.c patch-include_libxml_tree.h patch-xmlreader.c Log Message: patch for CVE-2015-1819 Enforce the reader to run in constant memory from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 +general patch refresh

(tron)

 @@ -1,14 +1,17 @@
-$NetBSD: distinfo,v 1.105 2014/10/28 18:55:56 drochner Exp $
+$NetBSD: distinfo,v 1.105.4.1 2015/04/29 20:35:49 tron Exp $
 SHA1 (libxml2-2.9.2.tar.gz) = f46a37ea6d869f702e03f393c376760f3cbee673
 RMD160 (libxml2-2.9.2.tar.gz) = 969b4ed8782f455fd4a6ca1c1b4ffa7651090070
 Size (libxml2-2.9.2.tar.gz) = 5444991 bytes
-SHA1 (patch-aa) = 589a279df1a5fac8b1b2dbd0018a1bbf0c5ab169
+SHA1 (patch-aa) = 7d1213079cc78c9a28476c49f1283ab1c6af3b34
-SHA1 (patch-ab) = 11567fe9a3fde42f3901fd4ab4620bf845fe634b
+SHA1 (patch-ab) = bf8983fcde35edf0e450209bf07f0fa628f7bd9e
-SHA1 (patch-ac) = 101cd554fd22e8e9817e21591240eb784b1219b5
+SHA1 (patch-ac) = 015a5903a86793bd770f16f251b94e5b2562b3f7
-SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177
+SHA1 (patch-ad) = fe255e93f9aefd5403d646cd45d9fbdcbd100bd6
-SHA1 (patch-ae) = 2823276343f65c7d244d22e548faa6a517445819
+SHA1 (patch-ae) = d479d5a0c8b906de3cbe1c30b100c6f8b1bb9c43
-SHA1 (patch-ag) = 19afd69713298ecbd247ba733a7c0c13464ae572
+SHA1 (patch-ag) = f037f13ccc4047d4bf824a2091e60ac89b172558
-SHA1 (patch-aj) = 988c30b4b09a1cbaf9e7db02bb8981da0f1beaa7
+SHA1 (patch-aj) = aab00bf2ba0168fa8f6070db985531c676b5c34d
 SHA1 (patch-ba) = 78097bb871cc614c8d95a53d825542d23e113192
-SHA1 (patch-threads.c) = 70bb0a779dff6611f755128d609f82360a492f9a
+SHA1 (patch-buf.c) = 087a768a39441189b226cda500475014462ff8fd
 SHA1 (patch-include_libxml_tree.h) = 9978e6a3ea2408a9aaf68fe1663df5f7dce12eee
 SHA1 (patch-threads.c) = 425796881df8520356abbfff001f0e6191d9f186
 SHA1 (patch-xmlreader.c) = cb8710e4c0261a98a68e3e69388d3a4341629f22

 @@ -1,85 +1,85 @@
-$NetBSD: patch-ab,v 1.27 2013/05/26 09:22:14 adam Exp $
+$NetBSD: patch-ab,v 1.27.16.1 2015/04/29 20:35:49 tron Exp $
---- configure.orig	2013-04-19 07:36:11.000000000 +0000
+--- configure.orig	2014-10-16 07:35:12.000000000 +0000
 +++ configure
-@@ -13948,7 +13948,7 @@ fi
+@@ -14349,7 +14349,7 @@ fi
  fi
 -XML_LIBDIR='-L${libdir}'
 +XML_LIBDIR='-Wl,-R${libdir} -L${libdir}'
  XML_INCLUDEDIR='-I${includedir}/libxml2'
  XML_CFLAGS=""
-@@ -14417,13 +14417,13 @@ else
+@@ -14822,13 +14822,13 @@ else
          if test "$with_threads" = "pthread" || test "$with_threads" = "" || test "$with_threads" = "yes" ; then
              ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default"
  if test "x$ac_cv_header_pthread_h" = xyes; then :
 -  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in -lpthread" >&5
 -$as_echo_n "checking for pthread_join in -lpthread... " >&6; }
 +  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" >&5
 +$as_echo_n "checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}... " >&6; }
  if ${ac_cv_lib_pthread_pthread_join+:} false; then :
    $as_echo_n "(cached) " >&6
  else
    ac_check_lib_save_LIBS=$LIBS
 -LIBS="-lpthread  $LIBS"
 +LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}  $LIBS"
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  /* end confdefs.h.  */
-@@ -14455,7 +14455,7 @@ fi
+@@ -14860,7 +14860,7 @@ fi
  $as_echo "$ac_cv_lib_pthread_pthread_join" >&6; }
  if test "x$ac_cv_lib_pthread_pthread_join" = xyes; then :
 -                THREAD_LIBS="-lpthread"
 +                THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}"
  $as_echo "#define HAVE_LIBPTHREAD /**/" >>confdefs.h
-@@ -14477,12 +14477,12 @@ fi
+@@ -14882,12 +14882,12 @@ fi
         *beos*) WITH_THREADS="1"
  	   THREAD_CFLAGS="$THREAD_CFLAGS -DHAVE_BEOS_THREADS"
         ;;
 -       *linux*)
 +       *linux* | *openbsd* | *mirbsd*)
             if test "${GCC}" = "yes" ; then
  	       GCC_VERSION=`${CC} --version | head -1 | awk '{print $3}'`
  	       GCC_MAJOR=`echo ${GCC_VERSION} | sed 's+\..*++'`
  	       GCC_MEDIUM=`echo ${GCC_VERSION} | sed 's+[0-9]*\.++' | sed 's+\..*++'`
 -	       if test "${THREAD_LIBS}" = "-lpthread" ; then
 +	       if test "${THREAD_LIBS}" = "${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" ; then
  	           if expr ${GCC_MEDIUM} \> 2 \& ${GCC_MAJOR} = 3 > /dev/null
  		   then
  		       THREAD_LIBS=""
-@@ -14499,6 +14499,10 @@ fi
+@@ -14904,6 +14904,10 @@ fi
  	       fi
  	   fi
         ;;
 +       *freebsd* | *netbsd* | *dragonfly*)
 +	   THREAD_LIBS=""
 +	   BASE_THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}"
 +       ;;
      esac
      if test "$WITH_THREADS" = "1" ; then
  	THREAD_CFLAGS="$THREAD_CFLAGS -D_REENTRANT"
-@@ -14769,7 +14773,7 @@ else
+@@ -15174,7 +15178,7 @@ else
      TEST_SAX=SAXtests
  fi
 - if test "${WITH_TRIO}" = "1"; then
 + if test "${WITH_SAX1}" = "1"; then
    WITH_SAX1_SOURCES_TRUE=
    WITH_SAX1_SOURCES_FALSE='#'
  else
-@@ -15191,10 +15195,6 @@ case "$host" in
+@@ -15605,10 +15609,6 @@ case "$host" in
  $as_echo "#define _WINSOCKAPI_ 1" >>confdefs.h
 - if test "${PYTHON}" != ""
 - then
 -   WIN32_EXTRA_PYTHON_LIBADD="-L${pythondir}/../../libs -lpython$(echo ${PYTHON_VERSION} | tr -d .)"
 - fi
   ;;
   *-*-cygwin*)
   CYGWIN_EXTRA_LDFLAGS="-no-undefined"

 @@ -1,16 +1,16 @@
-$NetBSD: patch-ac,v 1.7 2012/09/15 10:23:38 adam Exp $
+$NetBSD: patch-ac,v 1.7.22.1 2015/04/29 20:35:49 tron Exp $
---- catalog.c.orig	2005-04-01 15:15:01.000000000 +0200
+--- catalog.c.orig	2014-10-03 11:28:05.000000000 +0000
 +++ catalog.c
 @@ -70,10 +70,10 @@
  #define XML_URN_PUBID "urn:publicid:"
  #define XML_CATAL_BREAK ((xmlChar *) -1)
  #ifndef XML_XML_DEFAULT_CATALOG
 -#define XML_XML_DEFAULT_CATALOG "file:///etc/xml/catalog"
 +#define XML_XML_DEFAULT_CATALOG "file://@@XML_DEFAULT_CATALOG@@"
  #endif
  #ifndef XML_SGML_DEFAULT_CATALOG
 -#define XML_SGML_DEFAULT_CATALOG "file:///etc/sgml/catalog"
 +#define XML_SGML_DEFAULT_CATALOG "file://@@SGML_DEFAULT_CATALOG@@"
  #endif

$NetBSD: patch-buf.c,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $ patch for CVE-2015-1819 Enforce the reader to run in constant memory from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 part 1 --- buf.c.orig 2014-10-13 08:01:31.000000000 +0000 +++ buf.c @@ -27,6 +27,7 @@ #include <libxml/tree.h> #include <libxml/globals.h> #include <libxml/tree.h> +#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */ #include "buf.h" #define WITH_BUFFER_COMPAT @@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf, if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) || (scheme == XML_BUFFER_ALLOC_EXACT) || (scheme == XML_BUFFER_ALLOC_HYBRID) || - (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) { + (scheme == XML_BUFFER_ALLOC_IMMUTABLE) || + (scheme == XML_BUFFER_ALLOC_BOUNDED)) { buf->alloc = scheme; if (buf->buffer) buf->buffer->alloc = scheme; @@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t size = buf->use + len + 100; #endif + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits + */ + if ((buf->use + len >= XML_MAX_TEXT_LENGTH) || + (buf->size >= XML_MAX_TEXT_LENGTH)) { + xmlBufMemoryError(buf, "buffer error: text too long\n"); + return(0); + } + if (size >= XML_MAX_TEXT_LENGTH) + size = XML_MAX_TEXT_LENGTH; + } if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { size_t start_buf = buf->content - buf->contentIO; @@ -738,7 +752,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) return(0); CHECK_COMPAT(buf) - if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits + */ + if (size >= XML_MAX_TEXT_LENGTH) { + xmlBufMemoryError(buf, "buffer error: text too long\n"); + return(0); + } + } /* Don't resize if we don't have to */ if (size < buf->size) @@ -867,6 +889,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar * needSize = buf->use + len + 2; if (needSize > buf->size){ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits + */ + if (needSize >= XML_MAX_TEXT_LENGTH) { + xmlBufMemoryError(buf, "buffer error: text too long\n"); + return(-1); + } + } if (!xmlBufResize(buf, needSize)){ xmlBufMemoryError(buf, "growing buffer"); return XML_ERR_NO_MEMORY; @@ -938,6 +969,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlCh } needSize = buf->use + len + 2; if (needSize > buf->size){ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits + */ + if (needSize >= XML_MAX_TEXT_LENGTH) { + xmlBufMemoryError(buf, "buffer error: text too long\n"); + return(-1); + } + } if (!xmlBufResize(buf, needSize)){ xmlBufMemoryError(buf, "growing buffer"); return XML_ERR_NO_MEMORY;

$NetBSD: patch-include_libxml_tree.h,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $ patch for CVE-2015-1819 Enforce the reader to run in constant memory from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 part 2 --- include/libxml/tree.h.orig 2014-10-13 08:20:09.000000000 +0000 +++ include/libxml/tree.h @@ -76,7 +76,8 @@ typedef enum { XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */ XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */ XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */ - XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */ + XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */ + XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */ } xmlBufferAllocationScheme; /**

$NetBSD: patch-xmlreader.c,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $ patch for CVE-2015-1819 Enforce the reader to run in constant memory from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 part 3 --- xmlreader.c.orig 2014-10-06 12:05:09.000000000 +0000 +++ xmlreader.c @@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr "xmlNewTextReader : malloc failed\n"); return(NULL); } + /* no operation on a reader should require a huge buffer */ + xmlBufSetAllocationScheme(ret->buffer, + XML_BUFFER_ALLOC_BOUNDED); ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); if (ret->sax == NULL) { xmlBufFree(ret->buffer); @@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr return(((xmlNsPtr) node)->href); case XML_ATTRIBUTE_NODE:{ xmlAttrPtr attr = (xmlAttrPtr) node; + const xmlChar *ret; if ((attr->children != NULL) && (attr->children->type == XML_TEXT_NODE) && @@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr "xmlTextReaderSetup : malloc failed\n"); return (NULL); } + xmlBufSetAllocationScheme(reader->buffer, + XML_BUFFER_ALLOC_BOUNDED); } else xmlBufEmpty(reader->buffer); xmlBufGetNodeContent(reader->buffer, node); - return(xmlBufContent(reader->buffer)); + ret = xmlBufContent(reader->buffer); + if (ret == NULL) { + /* error on the buffer best to reallocate */ + xmlBufFree(reader->buffer); + reader->buffer = xmlBufCreateSize(100); + xmlBufSetAllocationScheme(reader->buffer, + XML_BUFFER_ALLOC_BOUNDED); + ret = BAD_CAST ""; + } + return(ret); } break; } @@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr read "xmlTextReaderSetup : malloc failed\n"); return (-1); } + /* no operation on a reader should require a huge buffer */ + xmlBufSetAllocationScheme(reader->buffer, + XML_BUFFER_ALLOC_BOUNDED); if (reader->sax == NULL) reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); if (reader->sax == NULL) {

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.136 2015/03/22 05:53:12 tnn Exp $
+# $NetBSD: Makefile,v 1.136.2.1 2015/04/29 20:35:49 tron Exp $
 DISTNAME=	libxml2-2.9.2
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://xmlsoft.org/
 COMMENT=	XML parser library from the GNOME project
 LICENSE=	modified-bsd
 USE_FEATURES=		glob
 USE_LIBTOOL=		yes
 USE_TOOLS+=		gmake
 GNU_CONFIGURE=		yes

 @@ -1,13 +1,13 @@
-$NetBSD: patch-aa,v 1.27 2013/05/26 09:22:14 adam Exp $
+$NetBSD: patch-aa,v 1.27.16.1 2015/04/29 20:35:49 tron Exp $
---- Makefile.in.orig	2010-11-04 17:28:16.000000000 +0000
+--- Makefile.in.orig	2014-10-16 07:35:13.000000000 +0000
 +++ Makefile.in
-@@ -765,7 +765,7 @@ pkgconfig_DATA = libxml-2.0.pc
+@@ -835,7 +835,7 @@ cmake_DATA = libxml2-config.cmake
+ #
  BASE_DIR = $(datadir)/doc
  DOC_MODULE = libxml2-$(VERSION)
 -EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples
 +EXAMPLES_DIR = $(datadir)/examples/libxml2
+ #
  # Coverage support, largely borrowed from libvirt

 @@ -1,13 +1,13 @@
-$NetBSD: patch-ad,v 1.17 2005/07/12 21:15:21 recht Exp $
+$NetBSD: patch-ad,v 1.17.82.1 2015/04/29 20:35:49 tron Exp $
---- xmlcatalog.c.orig	2005-01-04 15:49:48.000000000 +0100
+--- xmlcatalog.c.orig	2014-10-03 11:28:06.000000000 +0000
 +++ xmlcatalog.c
 @@ -43,7 +43,7 @@ static char *filename = NULL;
  #ifndef XML_SGML_DEFAULT_CATALOG
 -#define XML_SGML_DEFAULT_CATALOG "/etc/sgml/catalog"
 +#define XML_SGML_DEFAULT_CATALOG "@@SGML_DEFAULT_CATALOG@@"
  #endif
  /************************************************************************

 @@ -1,13 +1,13 @@
-$NetBSD: patch-ae,v 1.13 2013/05/26 09:22:14 adam Exp $
+$NetBSD: patch-ae,v 1.13.16.1 2015/04/29 20:35:49 tron Exp $
---- doc/examples/Makefile.in.orig	2012-09-11 06:55:36.000000000 +0000
+--- doc/examples/Makefile.in.orig	2014-10-16 07:35:13.000000000 +0000
 +++ doc/examples/Makefile.in
-@@ -844,7 +844,7 @@ uninstall-am:
+@@ -916,7 +916,7 @@ uninstall-am:
  install-data-local:
  	$(MKDIR_P) $(DESTDIR)$(HTML_DIR)
 -	-$(INSTALL) -m 0644 $(srcdir)/*.html $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR)
 +	-$(INSTALL) -m 0644 $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR)
  clean-local:
  	test -f Makefile.am || rm -f test?.xml

 @@ -1,14 +1,14 @@
-$NetBSD: patch-ag,v 1.11 2012/09/15 10:23:38 adam Exp $
+$NetBSD: patch-ag,v 1.11.22.1 2015/04/29 20:35:49 tron Exp $
---- encoding.c.orig	2009-09-24 17:31:59.000000000 +0200
+--- encoding.c.orig	2014-10-03 11:53:06.000000000 +0000
 +++ encoding.c
 @@ -1433,6 +1433,9 @@ xmlInitCharEncodingHandlers(void) {
      xmlRegisterCharEncodingHandlersISO8859x ();
  #endif
  #endif
 +#ifdef __NetBSD__ /* XXX needed by selftest */
 +    xmlAddEncodingAlias("CP1141", "IBM-1141");
 +#endif
+ }

 @@ -1,18 +1,18 @@
-$NetBSD: patch-aj,v 1.3 2012/09/15 10:23:38 adam Exp $
+$NetBSD: patch-aj,v 1.3.22.1 2015/04/29 20:35:49 tron Exp $
 Inlucde resolv.h conditionally:
   https://bugzilla.gnome.org/show_bug.cgi?id=617053
---- nanohttp.c.orig	2012-09-11 04:23:25.000000000 +0000
+--- nanohttp.c.orig	2014-10-03 11:28:05.000000000 +0000
 +++ nanohttp.c
 @@ -43,8 +43,10 @@
  #ifdef HAVE_ARPA_NAMESER_H
  #include <arpa/nameser.h>
  #endif
 +#ifdef HAVE_RESOLV_H
  #include <resolv.h>
  #endif
 +#endif
  #ifdef HAVE_FCNTL_H
  #include <fcntl.h>
  #endif

 @@ -1,20 +1,20 @@
-$NetBSD: patch-threads.c,v 1.4 2013/05/26 09:22:14 adam Exp $
+$NetBSD: patch-threads.c,v 1.4.16.1 2015/04/29 20:35:49 tron Exp $
 * Treat OpenBSD and MirBSD same as Linux to avoid linking with libpthread
 * NetBSD<4.99.36 and FreeBSD<7.0 lack pthread_equal() stub function in libc
 * pthread_once_t cast needed to avoid compilation error
---- threads.c.orig	2010-10-15 17:28:30.000000000 +0000
+--- threads.c.orig	2014-10-13 07:02:28.000000000 +0000
 +++ threads.c
 @@ -42,13 +42,17 @@
  #include <note.h>
  #endif
 +#if defined(__NetBSD__)
 +#include <sys/param.h>
 +#endif
++
  /* #define DEBUG_THREADS */
  #ifdef HAVE_PTHREAD_H