Wed Dec 28 17:14:20 2016 UTC ()
Pullup ticket #5175 - requested by sevan
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile.common 1.4
- textproc/libxml2/distinfo 1.114
- textproc/libxml2/patches/patch-result_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-test_XPath_xptr_vidbase 1.1
- textproc/libxml2/patches/patch-xpath.c 1.1
- textproc/libxml2/patches/patch-xpointer.c 1.4
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Dec 27 02:34:34 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-result_XPath_xptr_vidbase
patch-test_XPath_xptr_vidbase patch-xpath.c patch-xpointer.c
Log Message:
Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
(bsiegert)
diff -r1.2.4.1 -r1.2.4.2 pkgsrc/textproc/libxml2/Makefile.common
diff -r1.112.4.1 -r1.112.4.2 pkgsrc/textproc/libxml2/distinfo
diff -r0 -r1.1.2.2 pkgsrc/textproc/libxml2/patches/patch-result_XPath_xptr_vidbase
diff -r0 -r1.1.2.2 pkgsrc/textproc/libxml2/patches/patch-test_XPath_xptr_vidbase
diff -r0 -r1.1.2.2 pkgsrc/textproc/libxml2/patches/patch-xpath.c
diff -r0 -r1.4.2.2 pkgsrc/textproc/libxml2/patches/patch-xpointer.c
--- pkgsrc/textproc/libxml2/Makefile.common 2016/12/04 15:40:22 1.2.4.1
+++ pkgsrc/textproc/libxml2/Makefile.common 2016/12/28 17:14:20 1.2.4.2
| @@ -1,13 +1,13 @@ | | | @@ -1,13 +1,13 @@ |
| 1 | # $NetBSD: Makefile.common,v 1.2.4.1 2016/12/04 15:40:22 bsiegert Exp $ | | 1 | # $NetBSD: Makefile.common,v 1.2.4.2 2016/12/28 17:14:20 bsiegert Exp $ |
| 2 | # | | 2 | # |
| 3 | # used by textproc/libxml2/Makefile | | 3 | # used by textproc/libxml2/Makefile |
| 4 | # used by textproc/py-libxml2/Makefile | | 4 | # used by textproc/py-libxml2/Makefile |
| 5 | | | 5 | |
| 6 | DISTNAME= libxml2-2.9.4 | | 6 | DISTNAME= libxml2-2.9.4 |
| 7 | PKGREVISION= 1 | | 7 | PKGREVISION= 2 |
| 8 | CATEGORIES= textproc | | 8 | CATEGORIES= textproc |
| 9 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ | | 9 | MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ |
| 10 | http://xmlsoft.org/sources/ | | 10 | http://xmlsoft.org/sources/ |
| 11 | | | 11 | |
| 12 | MAINTAINER= pkgsrc-users@NetBSD.org | | 12 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 13 | HOMEPAGE= http://xmlsoft.org/ | | 13 | HOMEPAGE= http://xmlsoft.org/ |
--- pkgsrc/textproc/libxml2/distinfo 2016/12/04 15:40:22 1.112.4.1
+++ pkgsrc/textproc/libxml2/distinfo 2016/12/28 17:14:20 1.112.4.2
| @@ -1,17 +1,21 @@ | | | @@ -1,17 +1,21 @@ |
| 1 | $NetBSD: distinfo,v 1.112.4.1 2016/12/04 15:40:22 bsiegert Exp $ | | 1 | $NetBSD: distinfo,v 1.112.4.2 2016/12/28 17:14:20 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db | | 3 | SHA1 (libxml2-2.9.4.tar.gz) = 958ae70baf186263a4bd801a81dd5d682aedd1db |
| 4 | RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 | | 4 | RMD160 (libxml2-2.9.4.tar.gz) = bb59656e0683d64a38a2f1a45ca9d918837e1e56 |
| 5 | SHA512 (libxml2-2.9.4.tar.gz) = f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 | | 5 | SHA512 (libxml2-2.9.4.tar.gz) = f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 |
| 6 | Size (libxml2-2.9.4.tar.gz) = 5374830 bytes | | 6 | Size (libxml2-2.9.4.tar.gz) = 5374830 bytes |
| 7 | SHA1 (patch-aa) = e687eaa9805b855b0c8a944ec5c597bd34954472 | | 7 | SHA1 (patch-aa) = e687eaa9805b855b0c8a944ec5c597bd34954472 |
| 8 | SHA1 (patch-ab) = d6d6e9a91307da0c7f334b5b9ad432878babd1ac | | 8 | SHA1 (patch-ab) = d6d6e9a91307da0c7f334b5b9ad432878babd1ac |
| 9 | SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621 | | 9 | SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621 |
| 10 | SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 | | 10 | SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81 |
| 11 | SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 | | 11 | SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2 |
| 12 | SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 | | 12 | SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096 |
| 13 | SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c | | 13 | SHA1 (patch-parseInternals.c) = dc58145943a4fb6368d848c0155d144b1f9b676c |
| | | 14 | SHA1 (patch-result_XPath_xptr_vidbase) = f0ef1ac593cb25f96b7ffef93e0f214aa8fc6103 |
| 14 | SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 | | 15 | SHA1 (patch-runtest.c) = 759fcee959833b33d72e85108f7973859dcba1f6 |
| | | 16 | SHA1 (patch-test_XPath_xptr_vidbase) = a9b497505f914924388145c6266aa517152f9da3 |
| 15 | SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b | | 17 | SHA1 (patch-testlimits.c) = 8cba18464b619469abbb8488fd950a32a567be7b |
| 16 | SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 | | 18 | SHA1 (patch-timsort.h) = e09118e7c99d53f71c28fe4d54269c4801244959 |
| 17 | SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 | | 19 | SHA1 (patch-xmlIO.c) = 5efcc5e43a8b3139832ab69af6b5ab94e5a6ad59 |
| | | 20 | SHA1 (patch-xpath.c) = ec94ab2116f99a08f51630dee6b9e7e25d2b5c00 |
| | | 21 | SHA1 (patch-xpointer.c) = 8ca75f64b89369106c0d088ff7fd36b38005e032 |
$NetBSD: patch-result_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
CVE-2016-5131
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
--- result/XPath/xptr/vidbase.orig 2016-12-27 02:22:25.000000000 +0000
+++ result/XPath/xptr/vidbase
@@ -17,3 +17,16 @@ Object is a Location Set:
To node
ELEMENT p
+
+========================
+Expression: xpointer(range-to(id('chapter2')))
+Object is a Location Set:
+1 : Object is a range :
+ From node
+ /
+ To node
+ ELEMENT chapter
+ ATTRIBUTE id
+ TEXT
+ content=chapter2
+
$NetBSD: patch-test_XPath_xptr_vidbase,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
CVE-2016-5131
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
--- test/XPath/xptr/vidbase.orig 2016-12-27 02:22:06.000000000 +0000
+++ test/XPath/xptr/vidbase
@@ -1,2 +1,3 @@
xpointer(id('chapter1')/p)
xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
+xpointer(range-to(id('chapter2')))
$NetBSD: patch-xpath.c,v 1.1.2.2 2016/12/28 17:14:20 bsiegert Exp $
CVE-2016-5131
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
--- xpath.c.orig 2016-12-27 02:21:53.000000000 +0000
+++ xpath.c
@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserConte
lc = 1;
break;
} else if ((NXT(len) == '(')) {
- /* Note Type or Function */
+ /* Node Type or Function */
if (xmlXPathIsNodeType(name)) {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
"PathExpr: Type search\n");
#endif
lc = 1;
+#ifdef LIBXML_XPTR_ENABLED
+ } else if (ctxt->xptr &&
+ xmlStrEqual(name, BAD_CAST "range-to")) {
+ lc = 1;
+#endif
} else {
#ifdef DEBUG_STEP
xmlGenericError(xmlGenericErrorContext,
$NetBSD: patch-xpointer.c,v 1.4.2.2 2016/12/28 17:14:20 bsiegert Exp $
CVE-2016-4658
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-5131
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
--- xpointer.c.orig 2016-12-27 02:19:03.000000000 +0000
+++ xpointer.c
@@ -1295,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNode
ret->here = here;
ret->origin = origin;
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
- xmlXPtrRangeToFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range",
xmlXPtrRangeFunction);
xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
@@ -2206,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParse
* @nargs: the number of args
*
* Implement the range-to() XPointer function
+ *
+ * Obsolete. range-to is not a real function but a special type of location
+ * step which is handled in xpath.c.
*/
void
-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathObjectPtr range;
- const xmlChar *cur;
- xmlXPathObjectPtr res, obj;
- xmlXPathObjectPtr tmp;
- xmlLocationSetPtr newset = NULL;
- xmlNodeSetPtr oldset;
- int i;
-
- if (ctxt == NULL) return;
- CHECK_ARITY(1);
- /*
- * Save the expression pointer since we will have to evaluate
- * it multiple times. Initialize the new set.
- */
- CHECK_TYPE(XPATH_NODESET);
- obj = valuePop(ctxt);
- oldset = obj->nodesetval;
- ctxt->context->node = NULL;
-
- cur = ctxt->cur;
- newset = xmlXPtrLocationSetCreate(NULL);
-
- for (i = 0; i < oldset->nodeNr; i++) {
- ctxt->cur = cur;
-
- /*
- * Run the evaluation with a node list made of a single item
- * in the nodeset.
- */
- ctxt->context->node = oldset->nodeTab[i];
- tmp = xmlXPathNewNodeSet(ctxt->context->node);
- valuePush(ctxt, tmp);
-
- xmlXPathEvalExpr(ctxt);
- CHECK_ERROR;
-
- /*
- * The result of the evaluation need to be tested to
- * decided whether the filter succeeded or not
- */
- res = valuePop(ctxt);
- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
- if (range != NULL) {
- xmlXPtrLocationSetAdd(newset, range);
- }
-
- /*
- * Cleanup
- */
- if (res != NULL)
- xmlXPathFreeObject(res);
- if (ctxt->value == tmp) {
- res = valuePop(ctxt);
- xmlXPathFreeObject(res);
- }
-
- ctxt->context->node = NULL;
- }
-
- /*
- * The result is used as the new evaluation set.
- */
- xmlXPathFreeObject(obj);
- ctxt->context->node = NULL;
- ctxt->context->contextSize = -1;
- ctxt->context->proximityPosition = -1;
- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
+ int nargs ATTRIBUTE_UNUSED) {
+ XP_ERROR(XPATH_EXPR_ERROR);
}
/**