Pullup ticket #4696 - requested by spz textproc/libxml2: security patch Revisions pulled up: - textproc/libxml2/Makefile 1.137 - textproc/libxml2/distinfo 1.106 - textproc/libxml2/patches/patch-aa 1.28 - textproc/libxml2/patches/patch-ab 1.28 - textproc/libxml2/patches/patch-ac 1.8 - textproc/libxml2/patches/patch-ad 1.18 - textproc/libxml2/patches/patch-ae 1.14 - textproc/libxml2/patches/patch-ag 1.12 - textproc/libxml2/patches/patch-aj 1.4 - textproc/libxml2/patches/patch-buf.c 1.1 - textproc/libxml2/patches/patch-include_libxml_tree.h 1.1 - textproc/libxml2/patches/patch-threads.c 1.5 - textproc/libxml2/patches/patch-xmlreader.c 1.1 --- Module Name: pkgsrc Committed By: spz Date: Fri Apr 24 11:32:29 UTC 2015 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-ag patch-aj patch-threads.c Added Files: pkgsrc/textproc/libxml2/patches: patch-buf.c patch-include_libxml_tree.h patch-xmlreader.c Log Message: patch for CVE-2015-1819 Enforce the reader to run in constant memory from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 +general patch refreshdiff -r1.136 -r1.136.2.1 pkgsrc/textproc/libxml2/Makefile
(tron)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.136 2015/03/22 05:53:12 tnn Exp $ | 1 | # $NetBSD: Makefile,v 1.136.2.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= libxml2-2.9.2 | 3 | DISTNAME= libxml2-2.9.2 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= textproc | 5 | CATEGORIES= textproc | |
6 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | 6 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | |
7 | http://xmlsoft.org/sources/ | 7 | http://xmlsoft.org/sources/ | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://xmlsoft.org/ | 10 | HOMEPAGE= http://xmlsoft.org/ | |
11 | COMMENT= XML parser library from the GNOME project | 11 | COMMENT= XML parser library from the GNOME project | |
12 | LICENSE= modified-bsd | 12 | LICENSE= modified-bsd | |
13 | 13 | |||
14 | USE_FEATURES= glob | 14 | USE_FEATURES= glob | |
15 | USE_LIBTOOL= yes | 15 | USE_LIBTOOL= yes | |
16 | USE_TOOLS+= gmake | 16 | USE_TOOLS+= gmake | |
17 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes |
@@ -1,14 +1,17 @@ | @@ -1,14 +1,17 @@ | |||
1 | $NetBSD: distinfo,v 1.105 2014/10/28 18:55:56 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.105.4.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (libxml2-2.9.2.tar.gz) = f46a37ea6d869f702e03f393c376760f3cbee673 | 3 | SHA1 (libxml2-2.9.2.tar.gz) = f46a37ea6d869f702e03f393c376760f3cbee673 | |
4 | RMD160 (libxml2-2.9.2.tar.gz) = 969b4ed8782f455fd4a6ca1c1b4ffa7651090070 | 4 | RMD160 (libxml2-2.9.2.tar.gz) = 969b4ed8782f455fd4a6ca1c1b4ffa7651090070 | |
5 | Size (libxml2-2.9.2.tar.gz) = 5444991 bytes | 5 | Size (libxml2-2.9.2.tar.gz) = 5444991 bytes | |
6 | SHA1 (patch-aa) = 589a279df1a5fac8b1b2dbd0018a1bbf0c5ab169 | 6 | SHA1 (patch-aa) = 7d1213079cc78c9a28476c49f1283ab1c6af3b34 | |
7 | SHA1 (patch-ab) = 11567fe9a3fde42f3901fd4ab4620bf845fe634b | 7 | SHA1 (patch-ab) = bf8983fcde35edf0e450209bf07f0fa628f7bd9e | |
8 | SHA1 (patch-ac) = 101cd554fd22e8e9817e21591240eb784b1219b5 | 8 | SHA1 (patch-ac) = 015a5903a86793bd770f16f251b94e5b2562b3f7 | |
9 | SHA1 (patch-ad) = cd45da492b02cce9983c46762839f68b8b1e0177 | 9 | SHA1 (patch-ad) = fe255e93f9aefd5403d646cd45d9fbdcbd100bd6 | |
10 | SHA1 (patch-ae) = 2823276343f65c7d244d22e548faa6a517445819 | 10 | SHA1 (patch-ae) = d479d5a0c8b906de3cbe1c30b100c6f8b1bb9c43 | |
11 | SHA1 (patch-ag) = 19afd69713298ecbd247ba733a7c0c13464ae572 | 11 | SHA1 (patch-ag) = f037f13ccc4047d4bf824a2091e60ac89b172558 | |
12 | SHA1 (patch-aj) = 988c30b4b09a1cbaf9e7db02bb8981da0f1beaa7 | 12 | SHA1 (patch-aj) = aab00bf2ba0168fa8f6070db985531c676b5c34d | |
13 | SHA1 (patch-ba) = 78097bb871cc614c8d95a53d825542d23e113192 | 13 | SHA1 (patch-ba) = 78097bb871cc614c8d95a53d825542d23e113192 | |
14 | SHA1 (patch-threads.c) = 70bb0a779dff6611f755128d609f82360a492f9a | 14 | SHA1 (patch-buf.c) = 087a768a39441189b226cda500475014462ff8fd | |
15 | SHA1 (patch-include_libxml_tree.h) = 9978e6a3ea2408a9aaf68fe1663df5f7dce12eee | |||
16 | SHA1 (patch-threads.c) = 425796881df8520356abbfff001f0e6191d9f186 | |||
17 | SHA1 (patch-xmlreader.c) = cb8710e4c0261a98a68e3e69388d3a4341629f22 |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: patch-aa,v 1.27 2013/05/26 09:22:14 adam Exp $ | 1 | $NetBSD: patch-aa,v 1.27.16.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- Makefile.in.orig 2010-11-04 17:28:16.000000000 +0000 | 3 | --- Makefile.in.orig 2014-10-16 07:35:13.000000000 +0000 | |
4 | +++ Makefile.in | 4 | +++ Makefile.in | |
5 | @@ -765,7 +765,7 @@ pkgconfig_DATA = libxml-2.0.pc | 5 | @@ -835,7 +835,7 @@ cmake_DATA = libxml2-config.cmake | |
6 | # | 6 | # | |
7 | BASE_DIR = $(datadir)/doc | 7 | BASE_DIR = $(datadir)/doc | |
8 | DOC_MODULE = libxml2-$(VERSION) | 8 | DOC_MODULE = libxml2-$(VERSION) | |
9 | -EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples | 9 | -EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples | |
10 | +EXAMPLES_DIR = $(datadir)/examples/libxml2 | 10 | +EXAMPLES_DIR = $(datadir)/examples/libxml2 | |
11 | 11 | |||
12 | # | 12 | # | |
13 | # Coverage support, largely borrowed from libvirt | 13 | # Coverage support, largely borrowed from libvirt |
@@ -1,85 +1,85 @@ | @@ -1,85 +1,85 @@ | |||
1 | $NetBSD: patch-ab,v 1.27 2013/05/26 09:22:14 adam Exp $ | 1 | $NetBSD: patch-ab,v 1.27.16.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- configure.orig 2013-04-19 07:36:11.000000000 +0000 | 3 | --- configure.orig 2014-10-16 07:35:12.000000000 +0000 | |
4 | +++ configure | 4 | +++ configure | |
5 | @@ -13948,7 +13948,7 @@ fi | 5 | @@ -14349,7 +14349,7 @@ fi | |
6 | fi | 6 | fi | |
7 | 7 | |||
8 | 8 | |||
9 | -XML_LIBDIR='-L${libdir}' | 9 | -XML_LIBDIR='-L${libdir}' | |
10 | +XML_LIBDIR='-Wl,-R${libdir} -L${libdir}' | 10 | +XML_LIBDIR='-Wl,-R${libdir} -L${libdir}' | |
11 | XML_INCLUDEDIR='-I${includedir}/libxml2' | 11 | XML_INCLUDEDIR='-I${includedir}/libxml2' | |
12 | 12 | |||
13 | XML_CFLAGS="" | 13 | XML_CFLAGS="" | |
14 | @@ -14417,13 +14417,13 @@ else | 14 | @@ -14822,13 +14822,13 @@ else | |
15 | if test "$with_threads" = "pthread" || test "$with_threads" = "" || test "$with_threads" = "yes" ; then | 15 | if test "$with_threads" = "pthread" || test "$with_threads" = "" || test "$with_threads" = "yes" ; then | |
16 | ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" | 16 | ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" | |
17 | if test "x$ac_cv_header_pthread_h" = xyes; then : | 17 | if test "x$ac_cv_header_pthread_h" = xyes; then : | |
18 | - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in -lpthread" >&5 | 18 | - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in -lpthread" >&5 | |
19 | -$as_echo_n "checking for pthread_join in -lpthread... " >&6; } | 19 | -$as_echo_n "checking for pthread_join in -lpthread... " >&6; } | |
20 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" >&5 | 20 | + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" >&5 | |
21 | +$as_echo_n "checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}... " >&6; } | 21 | +$as_echo_n "checking for pthread_join in ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}... " >&6; } | |
22 | if ${ac_cv_lib_pthread_pthread_join+:} false; then : | 22 | if ${ac_cv_lib_pthread_pthread_join+:} false; then : | |
23 | $as_echo_n "(cached) " >&6 | 23 | $as_echo_n "(cached) " >&6 | |
24 | else | 24 | else | |
25 | ac_check_lib_save_LIBS=$LIBS | 25 | ac_check_lib_save_LIBS=$LIBS | |
26 | -LIBS="-lpthread $LIBS" | 26 | -LIBS="-lpthread $LIBS" | |
27 | +LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS} $LIBS" | 27 | +LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS} $LIBS" | |
28 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | 28 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | |
29 | /* end confdefs.h. */ | 29 | /* end confdefs.h. */ | |
30 | 30 | |||
31 | @@ -14455,7 +14455,7 @@ fi | 31 | @@ -14860,7 +14860,7 @@ fi | |
32 | $as_echo "$ac_cv_lib_pthread_pthread_join" >&6; } | 32 | $as_echo "$ac_cv_lib_pthread_pthread_join" >&6; } | |
33 | if test "x$ac_cv_lib_pthread_pthread_join" = xyes; then : | 33 | if test "x$ac_cv_lib_pthread_pthread_join" = xyes; then : | |
34 | 34 | |||
35 | - THREAD_LIBS="-lpthread" | 35 | - THREAD_LIBS="-lpthread" | |
36 | + THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" | 36 | + THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" | |
37 | 37 | |||
38 | $as_echo "#define HAVE_LIBPTHREAD /**/" >>confdefs.h | 38 | $as_echo "#define HAVE_LIBPTHREAD /**/" >>confdefs.h | |
39 | 39 | |||
40 | @@ -14477,12 +14477,12 @@ fi | 40 | @@ -14882,12 +14882,12 @@ fi | |
41 | *beos*) WITH_THREADS="1" | 41 | *beos*) WITH_THREADS="1" | |
42 | THREAD_CFLAGS="$THREAD_CFLAGS -DHAVE_BEOS_THREADS" | 42 | THREAD_CFLAGS="$THREAD_CFLAGS -DHAVE_BEOS_THREADS" | |
43 | ;; | 43 | ;; | |
44 | - *linux*) | 44 | - *linux*) | |
45 | + *linux* | *openbsd* | *mirbsd*) | 45 | + *linux* | *openbsd* | *mirbsd*) | |
46 | if test "${GCC}" = "yes" ; then | 46 | if test "${GCC}" = "yes" ; then | |
47 | GCC_VERSION=`${CC} --version | head -1 | awk '{print $3}'` | 47 | GCC_VERSION=`${CC} --version | head -1 | awk '{print $3}'` | |
48 | GCC_MAJOR=`echo ${GCC_VERSION} | sed 's+\..*++'` | 48 | GCC_MAJOR=`echo ${GCC_VERSION} | sed 's+\..*++'` | |
49 | GCC_MEDIUM=`echo ${GCC_VERSION} | sed 's+[0-9]*\.++' | sed 's+\..*++'` | 49 | GCC_MEDIUM=`echo ${GCC_VERSION} | sed 's+[0-9]*\.++' | sed 's+\..*++'` | |
50 | - if test "${THREAD_LIBS}" = "-lpthread" ; then | 50 | - if test "${THREAD_LIBS}" = "-lpthread" ; then | |
51 | + if test "${THREAD_LIBS}" = "${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" ; then | 51 | + if test "${THREAD_LIBS}" = "${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" ; then | |
52 | if expr ${GCC_MEDIUM} \> 2 \& ${GCC_MAJOR} = 3 > /dev/null | 52 | if expr ${GCC_MEDIUM} \> 2 \& ${GCC_MAJOR} = 3 > /dev/null | |
53 | then | 53 | then | |
54 | THREAD_LIBS="" | 54 | THREAD_LIBS="" | |
55 | @@ -14499,6 +14499,10 @@ fi | 55 | @@ -14904,6 +14904,10 @@ fi | |
56 | fi | 56 | fi | |
57 | fi | 57 | fi | |
58 | ;; | 58 | ;; | |
59 | + *freebsd* | *netbsd* | *dragonfly*) | 59 | + *freebsd* | *netbsd* | *dragonfly*) | |
60 | + THREAD_LIBS="" | 60 | + THREAD_LIBS="" | |
61 | + BASE_THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" | 61 | + BASE_THREAD_LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" | |
62 | + ;; | 62 | + ;; | |
63 | esac | 63 | esac | |
64 | if test "$WITH_THREADS" = "1" ; then | 64 | if test "$WITH_THREADS" = "1" ; then | |
65 | THREAD_CFLAGS="$THREAD_CFLAGS -D_REENTRANT" | 65 | THREAD_CFLAGS="$THREAD_CFLAGS -D_REENTRANT" | |
66 | @@ -14769,7 +14773,7 @@ else | 66 | @@ -15174,7 +15178,7 @@ else | |
67 | TEST_SAX=SAXtests | 67 | TEST_SAX=SAXtests | |
68 | fi | 68 | fi | |
69 | 69 | |||
70 | - if test "${WITH_TRIO}" = "1"; then | 70 | - if test "${WITH_TRIO}" = "1"; then | |
71 | + if test "${WITH_SAX1}" = "1"; then | 71 | + if test "${WITH_SAX1}" = "1"; then | |
72 | WITH_SAX1_SOURCES_TRUE= | 72 | WITH_SAX1_SOURCES_TRUE= | |
73 | WITH_SAX1_SOURCES_FALSE='#' | 73 | WITH_SAX1_SOURCES_FALSE='#' | |
74 | else | 74 | else | |
75 | @@ -15191,10 +15195,6 @@ case "$host" in | 75 | @@ -15605,10 +15609,6 @@ case "$host" in | |
76 | 76 | |||
77 | $as_echo "#define _WINSOCKAPI_ 1" >>confdefs.h | 77 | $as_echo "#define _WINSOCKAPI_ 1" >>confdefs.h | |
78 | 78 | |||
79 | - if test "${PYTHON}" != "" | 79 | - if test "${PYTHON}" != "" | |
80 | - then | 80 | - then | |
81 | - WIN32_EXTRA_PYTHON_LIBADD="-L${pythondir}/../../libs -lpython$(echo ${PYTHON_VERSION} | tr -d .)" | 81 | - WIN32_EXTRA_PYTHON_LIBADD="-L${pythondir}/../../libs -lpython$(echo ${PYTHON_VERSION} | tr -d .)" | |
82 | - fi | 82 | - fi | |
83 | ;; | 83 | ;; | |
84 | *-*-cygwin*) | 84 | *-*-cygwin*) | |
85 | CYGWIN_EXTRA_LDFLAGS="-no-undefined" | 85 | CYGWIN_EXTRA_LDFLAGS="-no-undefined" |
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | $NetBSD: patch-ac,v 1.7 2012/09/15 10:23:38 adam Exp $ | 1 | $NetBSD: patch-ac,v 1.7.22.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- catalog.c.orig 2005-04-01 15:15:01.000000000 +0200 | 3 | --- catalog.c.orig 2014-10-03 11:28:05.000000000 +0000 | |
4 | +++ catalog.c | 4 | +++ catalog.c | |
5 | @@ -70,10 +70,10 @@ | 5 | @@ -70,10 +70,10 @@ | |
6 | #define XML_URN_PUBID "urn:publicid:" | 6 | #define XML_URN_PUBID "urn:publicid:" | |
7 | #define XML_CATAL_BREAK ((xmlChar *) -1) | 7 | #define XML_CATAL_BREAK ((xmlChar *) -1) | |
8 | #ifndef XML_XML_DEFAULT_CATALOG | 8 | #ifndef XML_XML_DEFAULT_CATALOG | |
9 | -#define XML_XML_DEFAULT_CATALOG "file:///etc/xml/catalog" | 9 | -#define XML_XML_DEFAULT_CATALOG "file:///etc/xml/catalog" | |
10 | +#define XML_XML_DEFAULT_CATALOG "file://@@XML_DEFAULT_CATALOG@@" | 10 | +#define XML_XML_DEFAULT_CATALOG "file://@@XML_DEFAULT_CATALOG@@" | |
11 | #endif | 11 | #endif | |
12 | #ifndef XML_SGML_DEFAULT_CATALOG | 12 | #ifndef XML_SGML_DEFAULT_CATALOG | |
13 | -#define XML_SGML_DEFAULT_CATALOG "file:///etc/sgml/catalog" | 13 | -#define XML_SGML_DEFAULT_CATALOG "file:///etc/sgml/catalog" | |
14 | +#define XML_SGML_DEFAULT_CATALOG "file://@@SGML_DEFAULT_CATALOG@@" | 14 | +#define XML_SGML_DEFAULT_CATALOG "file://@@SGML_DEFAULT_CATALOG@@" | |
15 | #endif | 15 | #endif | |
16 | 16 |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: patch-ad,v 1.17 2005/07/12 21:15:21 recht Exp $ | 1 | $NetBSD: patch-ad,v 1.17.82.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- xmlcatalog.c.orig 2005-01-04 15:49:48.000000000 +0100 | 3 | --- xmlcatalog.c.orig 2014-10-03 11:28:06.000000000 +0000 | |
4 | +++ xmlcatalog.c | 4 | +++ xmlcatalog.c | |
5 | @@ -43,7 +43,7 @@ static char *filename = NULL; | 5 | @@ -43,7 +43,7 @@ static char *filename = NULL; | |
6 | 6 | |||
7 | 7 | |||
8 | #ifndef XML_SGML_DEFAULT_CATALOG | 8 | #ifndef XML_SGML_DEFAULT_CATALOG | |
9 | -#define XML_SGML_DEFAULT_CATALOG "/etc/sgml/catalog" | 9 | -#define XML_SGML_DEFAULT_CATALOG "/etc/sgml/catalog" | |
10 | +#define XML_SGML_DEFAULT_CATALOG "@@SGML_DEFAULT_CATALOG@@" | 10 | +#define XML_SGML_DEFAULT_CATALOG "@@SGML_DEFAULT_CATALOG@@" | |
11 | #endif | 11 | #endif | |
12 | 12 | |||
13 | /************************************************************************ | 13 | /************************************************************************ |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: patch-ae,v 1.13 2013/05/26 09:22:14 adam Exp $ | 1 | $NetBSD: patch-ae,v 1.13.16.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- doc/examples/Makefile.in.orig 2012-09-11 06:55:36.000000000 +0000 | 3 | --- doc/examples/Makefile.in.orig 2014-10-16 07:35:13.000000000 +0000 | |
4 | +++ doc/examples/Makefile.in | 4 | +++ doc/examples/Makefile.in | |
5 | @@ -844,7 +844,7 @@ uninstall-am: | 5 | @@ -916,7 +916,7 @@ uninstall-am: | |
6 | 6 | |||
7 | install-data-local: | 7 | install-data-local: | |
8 | $(MKDIR_P) $(DESTDIR)$(HTML_DIR) | 8 | $(MKDIR_P) $(DESTDIR)$(HTML_DIR) | |
9 | - -$(INSTALL) -m 0644 $(srcdir)/*.html $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR) | 9 | - -$(INSTALL) -m 0644 $(srcdir)/*.html $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR) | |
10 | + -$(INSTALL) -m 0644 $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR) | 10 | + -$(INSTALL) -m 0644 $(srcdir)/*.c $(srcdir)/*.xml $(srcdir)/*.xsl $(srcdir)/*.res $(DESTDIR)$(HTML_DIR) | |
11 | 11 | |||
12 | clean-local: | 12 | clean-local: | |
13 | test -f Makefile.am || rm -f test?.xml | 13 | test -f Makefile.am || rm -f test?.xml |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: patch-ag,v 1.11 2012/09/15 10:23:38 adam Exp $ | 1 | $NetBSD: patch-ag,v 1.11.22.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | --- encoding.c.orig 2009-09-24 17:31:59.000000000 +0200 | 3 | --- encoding.c.orig 2014-10-03 11:53:06.000000000 +0000 | |
4 | +++ encoding.c | 4 | +++ encoding.c | |
5 | @@ -1433,6 +1433,9 @@ xmlInitCharEncodingHandlers(void) { | 5 | @@ -1433,6 +1433,9 @@ xmlInitCharEncodingHandlers(void) { | |
6 | xmlRegisterCharEncodingHandlersISO8859x (); | 6 | xmlRegisterCharEncodingHandlersISO8859x (); | |
7 | #endif | 7 | #endif | |
8 | #endif | 8 | #endif | |
9 | +#ifdef __NetBSD__ /* XXX needed by selftest */ | 9 | +#ifdef __NetBSD__ /* XXX needed by selftest */ | |
10 | + xmlAddEncodingAlias("CP1141", "IBM-1141"); | 10 | + xmlAddEncodingAlias("CP1141", "IBM-1141"); | |
11 | +#endif | 11 | +#endif | |
12 | 12 | |||
13 | } | 13 | } | |
14 | 14 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: patch-aj,v 1.3 2012/09/15 10:23:38 adam Exp $ | 1 | $NetBSD: patch-aj,v 1.3.22.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | Inlucde resolv.h conditionally: | 3 | Inlucde resolv.h conditionally: | |
4 | https://bugzilla.gnome.org/show_bug.cgi?id=617053 | 4 | https://bugzilla.gnome.org/show_bug.cgi?id=617053 | |
5 | 5 | |||
6 | --- nanohttp.c.orig 2012-09-11 04:23:25.000000000 +0000 | 6 | --- nanohttp.c.orig 2014-10-03 11:28:05.000000000 +0000 | |
7 | +++ nanohttp.c | 7 | +++ nanohttp.c | |
8 | @@ -43,8 +43,10 @@ | 8 | @@ -43,8 +43,10 @@ | |
9 | #ifdef HAVE_ARPA_NAMESER_H | 9 | #ifdef HAVE_ARPA_NAMESER_H | |
10 | #include <arpa/nameser.h> | 10 | #include <arpa/nameser.h> | |
11 | #endif | 11 | #endif | |
12 | +#ifdef HAVE_RESOLV_H | 12 | +#ifdef HAVE_RESOLV_H | |
13 | #include <resolv.h> | 13 | #include <resolv.h> | |
14 | #endif | 14 | #endif | |
15 | +#endif | 15 | +#endif | |
16 | #ifdef HAVE_FCNTL_H | 16 | #ifdef HAVE_FCNTL_H | |
17 | #include <fcntl.h> | 17 | #include <fcntl.h> | |
18 | #endif | 18 | #endif |
$NetBSD: patch-buf.c,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $
patch for CVE-2015-1819 Enforce the reader to run in constant memory
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
part 1
--- buf.c.orig 2014-10-13 08:01:31.000000000 +0000
+++ buf.c
@@ -27,6 +27,7 @@
#include <libxml/tree.h>
#include <libxml/globals.h>
#include <libxml/tree.h>
+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
#include "buf.h"
#define WITH_BUFFER_COMPAT
@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
(scheme == XML_BUFFER_ALLOC_EXACT) ||
(scheme == XML_BUFFER_ALLOC_HYBRID) ||
- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
+ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
+ (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
buf->alloc = scheme;
if (buf->buffer)
buf->buffer->alloc = scheme;
@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t
size = buf->use + len + 100;
#endif
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
+ (buf->size >= XML_MAX_TEXT_LENGTH)) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(0);
+ }
+ if (size >= XML_MAX_TEXT_LENGTH)
+ size = XML_MAX_TEXT_LENGTH;
+ }
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
@@ -738,7 +752,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
return(0);
CHECK_COMPAT(buf)
- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (size >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(0);
+ }
+ }
/* Don't resize if we don't have to */
if (size < buf->size)
@@ -867,6 +889,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *
needSize = buf->use + len + 2;
if (needSize > buf->size){
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(-1);
+ }
+ }
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
@@ -938,6 +969,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlCh
}
needSize = buf->use + len + 2;
if (needSize > buf->size){
+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
+ /*
+ * Used to provide parsing limits
+ */
+ if (needSize >= XML_MAX_TEXT_LENGTH) {
+ xmlBufMemoryError(buf, "buffer error: text too long\n");
+ return(-1);
+ }
+ }
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
$NetBSD: patch-include_libxml_tree.h,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $
patch for CVE-2015-1819 Enforce the reader to run in constant memory
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
part 2
--- include/libxml/tree.h.orig 2014-10-13 08:20:09.000000000 +0000
+++ include/libxml/tree.h
@@ -76,7 +76,8 @@ typedef enum {
XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
+ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
} xmlBufferAllocationScheme;
/**
$NetBSD: patch-xmlreader.c,v 1.1.2.2 2015/04/29 20:35:49 tron Exp $
patch for CVE-2015-1819 Enforce the reader to run in constant memory
from https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
part 3
--- xmlreader.c.orig 2014-10-06 12:05:09.000000000 +0000
+++ xmlreader.c
@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr
"xmlNewTextReader : malloc failed\n");
return(NULL);
}
+ /* no operation on a reader should require a huge buffer */
+ xmlBufSetAllocationScheme(ret->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
if (ret->sax == NULL) {
xmlBufFree(ret->buffer);
@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr
return(((xmlNsPtr) node)->href);
case XML_ATTRIBUTE_NODE:{
xmlAttrPtr attr = (xmlAttrPtr) node;
+ const xmlChar *ret;
if ((attr->children != NULL) &&
(attr->children->type == XML_TEXT_NODE) &&
@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr
"xmlTextReaderSetup : malloc failed\n");
return (NULL);
}
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
} else
xmlBufEmpty(reader->buffer);
xmlBufGetNodeContent(reader->buffer, node);
- return(xmlBufContent(reader->buffer));
+ ret = xmlBufContent(reader->buffer);
+ if (ret == NULL) {
+ /* error on the buffer best to reallocate */
+ xmlBufFree(reader->buffer);
+ reader->buffer = xmlBufCreateSize(100);
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
+ ret = BAD_CAST "";
+ }
+ return(ret);
}
break;
}
@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr read
"xmlTextReaderSetup : malloc failed\n");
return (-1);
}
+ /* no operation on a reader should require a huge buffer */
+ xmlBufSetAllocationScheme(reader->buffer,
+ XML_BUFFER_ALLOC_BOUNDED);
if (reader->sax == NULL)
reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
if (reader->sax == NULL) {
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | $NetBSD: patch-threads.c,v 1.4 2013/05/26 09:22:14 adam Exp $ | 1 | $NetBSD: patch-threads.c,v 1.4.16.1 2015/04/29 20:35:49 tron Exp $ | |
2 | 2 | |||
3 | * Treat OpenBSD and MirBSD same as Linux to avoid linking with libpthread | 3 | * Treat OpenBSD and MirBSD same as Linux to avoid linking with libpthread | |
4 | * NetBSD<4.99.36 and FreeBSD<7.0 lack pthread_equal() stub function in libc | 4 | * NetBSD<4.99.36 and FreeBSD<7.0 lack pthread_equal() stub function in libc | |
5 | * pthread_once_t cast needed to avoid compilation error | 5 | * pthread_once_t cast needed to avoid compilation error | |
6 | 6 | |||
7 | --- threads.c.orig 2010-10-15 17:28:30.000000000 +0000 | 7 | --- threads.c.orig 2014-10-13 07:02:28.000000000 +0000 | |
8 | +++ threads.c | 8 | +++ threads.c | |
9 | @@ -42,13 +42,17 @@ | 9 | @@ -42,13 +42,17 @@ | |
10 | #include <note.h> | 10 | #include <note.h> | |
11 | #endif | 11 | #endif | |
12 | 12 | |||
13 | +#if defined(__NetBSD__) | 13 | +#if defined(__NetBSD__) | |
14 | +#include <sys/param.h> | 14 | +#include <sys/param.h> | |
15 | +#endif | 15 | +#endif | |
16 | + | 16 | + | |
17 | /* #define DEBUG_THREADS */ | 17 | /* #define DEBUG_THREADS */ | |
18 | 18 | |||
19 | #ifdef HAVE_PTHREAD_H | 19 | #ifdef HAVE_PTHREAD_H | |
20 | 20 |