diff options
| author | Koop Mast <kwm@FreeBSD.org> | 2014-05-13 20:32:00 +0000 |
|---|---|---|
| committer | Koop Mast <kwm@FreeBSD.org> | 2014-05-13 20:32:00 +0000 |
| commit | 607eebc44b493d9a5325cbbc6e4f310408e9fc37 (patch) | |
| tree | af5d54de867e1999ce3c9a27fc7b84393b692520 /textproc/libxml2 | |
| parent | 8c30535693f76b75884fe7a3f37980252601f194 (diff) | |
| download | ports-607eebc44b493d9a5325cbbc6e4f310408e9fc37.tar.gz ports-607eebc44b493d9a5325cbbc6e4f310408e9fc37.zip | |
Update to libxml2 2.9.1 [1]
This version fixes CVE-2013-2877.
Add upstream patch for CVE-2014-0191.
CVE's Reported by: Akinori MUSHA <knu@iDaemons.org>
Obtained from: GNOME dev repo [1], libxml2 upstream [2]
MFH: 2014Q2
Notes
Notes:
svn path=/head/; revision=353989
Diffstat (limited to 'textproc/libxml2')
| -rw-r--r-- | textproc/libxml2/Makefile | 40 | ||||
| -rw-r--r-- | textproc/libxml2/distinfo | 4 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-Makefile.in | 53 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-configure | 20 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-doc_devhelp_Makefile.in | 11 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-encoding.c | 21 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-include_libxml_parser.h | 10 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-parser.c | 377 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-parserInternals.c | 11 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-python_Makefile.in | 36 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-python_drv-libxml2.py | 46 | ||||
| -rw-r--r-- | textproc/libxml2/files/patch-python_setup.py.in | 142 | ||||
| -rw-r--r-- | textproc/libxml2/pkg-plist | 2 |
13 files changed, 271 insertions, 502 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 07f771486d43..df4b033ca591 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,10 +1,10 @@ # Created by: Yukihiro Nakai <Nakai@technologist.com> # $FreeBSD$ -# $MCom: ports/textproc/libxml2/Makefile,v 1.15 2012/11/26 19:55:23 kwm Exp $ +# $MCom: ports/trunk/textproc/libxml2/Makefile 19578 2014-04-25 21:50:30Z kwm $ PORTNAME= libxml2 -PORTVERSION= 2.8.0 -PORTREVISION?= 5 +PORTVERSION= 2.9.1 +PORTREVISION?= 0 CATEGORIES?= textproc gnome MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ http://xmlsoft.org/sources/ \ @@ -15,23 +15,24 @@ MAINTAINER?= gnome@FreeBSD.org COMMENT?= XML parser library for GNOME .if !defined(REFERENCE_PORT) -USE_CSTD= gnu89 + GNU_CONFIGURE= yes -USES= gmake iconv libtool:keepla pathfix pkgconfig +USES= gmake iconv libtool:keepla pathfix pkgconfig shebangfix USE_LDCONFIG= yes -CONFIGURE_ARGS?=--with-iconv=${ICONV_PREFIX} \ +CONFIGURE_ARGS?=--with-iconv=${ICONVBASE} \ --with-html-dir=${PREFIX}/share/doc \ --with-html-subdir=${PORTNAME} \ --with-lzma=/usr \ --without-python +INSTALL_TARGET= install-strip +SHEBANG_FILES= *.py */*.py */*/*.py -LIBVERSION= ${PORTVERSION} -PLIST_SUB+= LIBVERSION=${LIBVERSION} +PLIST_SUB+= LIBVERSION=${PORTVERSION} .if !defined(MASTERDIR) + OPTIONS_DEFINE= SCHEMA THREADS MEM_DEBUG XMLLINT_HIST THREAD_ALLOC OPTIONS_DEFAULT=SCHEMA THREADS - SCHEMA_DESC= XML schema support SCHEMA_CONFIGURE_WITH= schemas THREADS_DESC= Threads support @@ -42,31 +43,20 @@ XMLLINT_HIST_DESC= History for xmllint XMLLINT_HIST_CONFIGURE_WITH= history THREAD_ALLOC_DESC= Per-thread memory (DEVELOPERS ONLY!) THREAD_ALLOC_CONFIGURE_WITH= thread-alloc + .endif # !defined(MASTERDIR) post-patch: .for d in . doc doc/devhelp doc/examples @${REINPLACE_CMD} -e '/^install-data-am:/ s|install-data-local||' \ - ${WRKSRC}/${d}/Makefile.in + ${WRKSRC}/${d}/Makefile.in .endfor .for f in catalog.c xmlcatalog.c xmllint.c doc/xmllint.1 @${REINPLACE_CMD} -e \ - 's|/etc/xml/catalog|${LOCALBASE}/share/xml/catalog|g; \ - s|/etc/sgml/catalog|${LOCALBASE}/share/sgml/catalog|g' \ - ${WRKSRC}/${f} + 's|/etc/xml/catalog|${LOCALBASE}/share/xml/catalog|g; \ + s|/etc/sgml/catalog|${LOCALBASE}/share/sgml/catalog|g' \ + ${WRKSRC}/${f} .endfor -# manual patch because WITH_FBSD10_FIX break the python bindings - ${FIND} ${WRKSRC} -type f -name configure \ - -exec ${SH} -c " \ - mtime=\$$(date -r \$$(stat -f '%m' \$$0) '+%Y%m%d%H%M.%S'); \ - ${SED} -i '.batman' -e 's|freebsd1\*)|freebsd1.\*)|g' \ - -e 's|freebsd\[123\]\*)|freebsd[123].*)|g' \$$0; \ - touch -mt \$$mtime \$$0" {} \; || /usr/bin/true - -.if !defined(MASTERDIR) -post-install: - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libxml2.so.${LIBVERSION} -.endif # !defined(MASTERDIR) .include <bsd.port.mk> diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 19079f76515d..608b41ab7182 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,2 +1,2 @@ -SHA256 (gnome2/libxml2-2.8.0.tar.gz) = f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a -SIZE (gnome2/libxml2-2.8.0.tar.gz) = 4915203 +SHA256 (gnome2/libxml2-2.9.1.tar.gz) = fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb +SIZE (gnome2/libxml2-2.9.1.tar.gz) = 5172503 diff --git a/textproc/libxml2/files/patch-Makefile.in b/textproc/libxml2/files/patch-Makefile.in index 932138ebe2f9..f1d4208f6715 100644 --- a/textproc/libxml2/files/patch-Makefile.in +++ b/textproc/libxml2/files/patch-Makefile.in @@ -1,60 +1,29 @@ - $FreeBSD$ - ---- Makefile.in.orig 2012-08-16 19:38:10.000000000 +0200 -+++ Makefile.in 2012-08-16 19:39:09.000000000 +0200 -@@ -586,7 +586,7 @@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ - ACLOCAL_AMFLAGS = -I m4 --SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@ -+SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@ - DIST_SUBDIRS = include . doc example python xstc - INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ @LZMA_CFLAGS@ - bin_SCRIPTS = xml2-config -@@ -712,7 +712,7 @@ - runxmlconf_DEPENDENCIES = $(DEPS) - runxmlconf_LDADD = $(LDADDS) - CLEANFILES = xml2Conf.sh *.gcda *.gcno --confexecdir = $(libdir) -+confexecdir = $(sysconfdir) - confexec_DATA = xml2Conf.sh - CVS_EXTRA_DIST = - EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \ -@@ -735,8 +735,8 @@ - # Install the tests program sources as examples - # - BASE_DIR = $(datadir)/doc --DOC_MODULE = libxml2-$(VERSION) --EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples -+DOC_MODULE = libxml2 -+EXAMPLES_DIR = $(datadir)/examples/libxml2 - - # - # Coverage support, largely borrowed from libvirt -@@ -1094,7 +1094,7 @@ - @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +--- Makefile.in.orig 2013-11-24 09:26:25.000000000 +0100 ++++ Makefile.in 2013-11-24 09:26:37.000000000 +0100 +@@ -1130,7 +1130,7 @@ + @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo - @am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@@ -1574,7 +1574,7 @@ - exit 1; } >&2 + @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@@ -1635,7 +1635,7 @@ check-am: all-am - check: check-recursive + check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \ +all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \ config.h install-binPROGRAMS: install-libLTLIBRARIES -@@ -1634,7 +1634,7 @@ +@@ -1703,7 +1703,7 @@ info-am: -install-data-am: install-data-local install-m4dataDATA install-man \ -+install-data-am: install-m4dataDATA install-man \ ++install-data-am: install-m4dataDATA install-man \ install-pkgconfigDATA install-dvi: install-dvi-recursive diff --git a/textproc/libxml2/files/patch-configure b/textproc/libxml2/files/patch-configure index e930a1da75eb..4105c2da4bcf 100644 --- a/textproc/libxml2/files/patch-configure +++ b/textproc/libxml2/files/patch-configure @@ -1,20 +1,6 @@ ---- configure.orig 2012-08-04 11:48:19.000000000 +0200 -+++ configure 2012-08-04 11:50:50.000000000 +0200 -@@ -14228,11 +14228,12 @@ fi - fi - if test "$PYTHON_VERSION" != "" - then -+ with_python=`$PYTHON -c "import sys; print sys.exec_prefix"` - if test -r $with_python/include/python$PYTHON_VERSION/Python.h -a \ - -d $with_python/lib/python$PYTHON_VERSION/site-packages - then - PYTHON_INCLUDES=$with_python/include/python$PYTHON_VERSION -- PYTHON_SITE_PACKAGES=$libdir/python$PYTHON_VERSION/site-packages -+ PYTHON_SITE_PACKAGES=$with_python/lib/python$PYTHON_VERSION/site-packages - else - if test -r $prefix/include/python$PYTHON_VERSION/Python.h - then -@@ -14635,6 +14636,8 @@ fi +--- configure.orig 2013-11-24 09:41:13.000000000 +0100 ++++ configure 2013-11-24 09:41:55.000000000 +0100 +@@ -14499,6 +14499,8 @@ fi fi ;; diff --git a/textproc/libxml2/files/patch-doc_devhelp_Makefile.in b/textproc/libxml2/files/patch-doc_devhelp_Makefile.in deleted file mode 100644 index d7581357d0b9..000000000000 --- a/textproc/libxml2/files/patch-doc_devhelp_Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- doc/devhelp/Makefile.in.orig 2008-01-22 15:49:34.000000000 -0500 -+++ doc/devhelp/Makefile.in 2008-01-22 15:49:58.000000000 -0500 -@@ -259,7 +259,7 @@ sysconfdir = @sysconfdir@ - target_alias = @target_alias@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ --DEVHELP_DIR = $(datadir)/gtk-doc/html/libxml2 -+DEVHELP_DIR = $(datadir)/doc/libxml2/html - HTML_FILES = index.html general.html $(HTML_MODULES) - HTML_MODULES = \ - libxml2-c14n.html \ diff --git a/textproc/libxml2/files/patch-encoding.c b/textproc/libxml2/files/patch-encoding.c deleted file mode 100644 index c044357a2d27..000000000000 --- a/textproc/libxml2/files/patch-encoding.c +++ /dev/null @@ -1,21 +0,0 @@ ---- encoding.c.orig 2012-05-08 22:55:13.000000000 +0900 -+++ encoding.c 2013-11-22 04:59:54.000000000 +0900 -@@ -1789,13 +1789,18 @@ - const char *icv_in = (const char *) in; - char *icv_out = (char *) out; - int ret; -+ int one; - -+ one = 1; - if ((out == NULL) || (outlen == NULL) || (inlen == NULL) || (in == NULL)) { - if (outlen != NULL) *outlen = 0; - return(-1); - } - icv_inlen = *inlen; - icv_outlen = *outlen; -+#ifdef ICONV_SET_ILSEQ_INVALID -+ iconvctl(cd, ICONV_SET_ILSEQ_INVALID, &one); -+#endif - ret = iconv(cd, (ICONV_CONST char **) &icv_in, &icv_inlen, &icv_out, &icv_outlen); - *inlen -= icv_inlen; - *outlen -= icv_outlen; diff --git a/textproc/libxml2/files/patch-include_libxml_parser.h b/textproc/libxml2/files/patch-include_libxml_parser.h deleted file mode 100644 index 03632be45452..000000000000 --- a/textproc/libxml2/files/patch-include_libxml_parser.h +++ /dev/null @@ -1,10 +0,0 @@ ---- include/libxml/parser.h.orig 2012-05-15 03:09:43.000000000 +0000 -+++ include/libxml/parser.h 2013-03-13 09:42:57.000000000 +0000 -@@ -310,6 +310,7 @@ - xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ - - int input_id; /* we need to label inputs */ -+ unsigned long sizeentcopy; /* volume of entity copy */ - }; - - /** diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c index 1316d921d0f5..bcb56d02f8e4 100644 --- a/textproc/libxml2/files/patch-parser.c +++ b/textproc/libxml2/files/patch-parser.c @@ -1,343 +1,38 @@ +CVE-2014-0191 ---- parser.c.orig 2013-03-13 09:36:07.000000000 +0000 -+++ parser.c 2013-03-13 09:35:54.000000000 +0000 -@@ -40,6 +40,7 @@ - #endif - - #include <stdlib.h> -+#include <limits.h> - #include <string.h> - #include <stdarg.h> - #include <libxml/xmlmemory.h> -@@ -117,16 +118,33 @@ - * parser option. - */ - static int --xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size, -- xmlEntityPtr ent) -+xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, -+ xmlEntityPtr ent, size_t replacement) - { -- unsigned long consumed = 0; -+ size_t consumed = 0; - - if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) - return (0); - if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) - return (1); -- if (size != 0) { -+ if (replacement != 0) { -+ if (replacement < XML_MAX_TEXT_LENGTH) -+ return(0); -+ -+ /* -+ * If the volume of entity copy reaches 10 times the -+ * amount of parsed data and over the large text threshold -+ * then that's very likely to be an abuse. -+ */ -+ if (ctxt->input != NULL) { -+ consumed = ctxt->input->consumed + -+ (ctxt->input->cur - ctxt->input->base); -+ } -+ consumed += ctxt->sizeentities; -+ -+ if (replacement < XML_PARSER_NON_LINEAR * consumed) -+ return(0); -+ } else if (size != 0) { - /* - * Do the check based on the replacement size of the entity - */ -@@ -172,7 +190,6 @@ - */ - return (0); - } -- - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); - return (1); - } -@@ -2589,15 +2606,17 @@ - - /* - * Macro used to grow the current buffer. -+ * buffer##_size is expected to be a size_t -+ * mem_error: is expected to handle memory allocation failures - */ - #define growBuffer(buffer, n) { \ - xmlChar *tmp; \ -- buffer##_size *= 2; \ -- buffer##_size += n; \ -- tmp = (xmlChar *) \ -- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \ -+ size_t new_size = buffer##_size * 2 + n; \ -+ if (new_size < buffer##_size) goto mem_error; \ -+ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \ - if (tmp == NULL) goto mem_error; \ - buffer = tmp; \ -+ buffer##_size = new_size; \ - } - - /** -@@ -2623,14 +2642,14 @@ - xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - int what, xmlChar end, xmlChar end2, xmlChar end3) { - xmlChar *buffer = NULL; -- int buffer_size = 0; -+ size_t buffer_size = 0; -+ size_t nbchars = 0; - - xmlChar *current = NULL; - xmlChar *rep = NULL; - const xmlChar *last; - xmlEntityPtr ent; - int c,l; -- int nbchars = 0; - - if ((ctxt == NULL) || (str == NULL) || (len < 0)) - return(NULL); -@@ -2647,7 +2666,7 @@ - * allocate a translation buffer. - */ - buffer_size = XML_PARSER_BIG_BUFFER_SIZE; -- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar)); -+ buffer = (xmlChar *) xmlMallocAtomic(buffer_size); - if (buffer == NULL) goto mem_error; - - /* -@@ -2667,7 +2686,7 @@ - if (val != 0) { - COPY_BUF(0,buffer,nbchars,val); - } -- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { -+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } - } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) { -@@ -2685,7 +2704,7 @@ - (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { - if (ent->content != NULL) { - COPY_BUF(0,buffer,nbchars,ent->content[0]); -- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { -+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } - } else { -@@ -2702,9 +2721,8 @@ - current = rep; - while (*current != 0) { /* non input consuming loop */ - buffer[nbchars++] = *current++; -- if (nbchars > -- buffer_size - XML_PARSER_BUFFER_SIZE) { -- if (xmlParserEntityCheck(ctxt, nbchars, ent)) -+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { -+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) - goto int_error; - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } -@@ -2717,7 +2735,7 @@ - const xmlChar *cur = ent->name; - - buffer[nbchars++] = '&'; -- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { -+ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) { - growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); - } - for (;i > 0;i--) -@@ -2745,9 +2763,8 @@ - current = rep; - while (*current != 0) { /* non input consuming loop */ - buffer[nbchars++] = *current++; -- if (nbchars > -- buffer_size - XML_PARSER_BUFFER_SIZE) { -- if (xmlParserEntityCheck(ctxt, nbchars, ent)) -+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { -+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) - goto int_error; - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } -@@ -2759,8 +2776,8 @@ - } else { - COPY_BUF(l,buffer,nbchars,c); - str += l; -- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { -- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); -+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { -+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } - } - if (str < last) -@@ -3764,8 +3781,8 @@ - xmlChar limit = 0; - xmlChar *buf = NULL; - xmlChar *rep = NULL; -- int len = 0; -- int buf_size = 0; -+ size_t len = 0; -+ size_t buf_size = 0; - int c, l, in_space = 0; - xmlChar *current = NULL; - xmlEntityPtr ent; -@@ -3787,7 +3804,7 @@ - * allocate a translation buffer. - */ - buf_size = XML_PARSER_BUFFER_SIZE; -- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar)); -+ buf = (xmlChar *) xmlMallocAtomic(buf_size); - if (buf == NULL) goto mem_error; - - /* -@@ -3804,7 +3821,7 @@ - - if (val == '&') { - if (ctxt->replaceEntities) { -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - buf[len++] = '&'; -@@ -3813,7 +3830,7 @@ - * The reparsing will be done in xmlStringGetNodeList() - * called by the attribute() function in SAX.c - */ -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - buf[len++] = '&'; -@@ -3823,7 +3840,7 @@ - buf[len++] = ';'; - } - } else if (val != 0) { -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - len += xmlCopyChar(0, &buf[len], val); -@@ -3835,7 +3852,7 @@ - ctxt->nbentities += ent->owner; - if ((ent != NULL) && - (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - if ((ctxt->replaceEntities == 0) && -@@ -3863,7 +3880,7 @@ - current++; - } else - buf[len++] = *current++; -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - } -@@ -3871,7 +3888,7 @@ - rep = NULL; - } - } else { -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - if (ent->content != NULL) -@@ -3899,7 +3916,7 @@ - * Just output the reference - */ - buf[len++] = '&'; -- while (len > buf_size - i - 10) { -+ while (len + i + 10 > buf_size) { - growBuffer(buf, i + 10); - } - for (;i > 0;i--) -@@ -3912,7 +3929,7 @@ - if ((len != 0) || (!normalize)) { - if ((!normalize) || (!in_space)) { - COPY_BUF(l,buf,len,0x20); -- while (len > buf_size - 10) { -+ while (len + 10 > buf_size) { - growBuffer(buf, 10); - } - } -@@ -3921,7 +3938,7 @@ - } else { - in_space = 0; - COPY_BUF(l,buf,len,c); -- if (len > buf_size - 10) { -+ if (len + 10 > buf_size) { - growBuffer(buf, 10); - } - } -@@ -3931,7 +3948,7 @@ - c = CUR_CHAR(l); - } - if ((in_space) && (normalize)) { -- while (buf[len - 1] == 0x20) len--; -+ while ((len > 0) && (buf[len - 1] == 0x20)) len--; - } - buf[len] = 0; - if (RAW == '<') { -@@ -3946,7 +3963,18 @@ - } - } else - NEXT; -- if (attlen != NULL) *attlen = len; -+ -+ /* -+ * There we potentially risk an overflow, don't allow attribute value of -+ * lenght more than INT_MAX it is a very reasonnable assumption ! -+ */ -+ if (len >= INT_MAX) { -+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, -+ "AttValue lenght too long\n"); -+ goto mem_error; -+ } -+ -+ if (attlen != NULL) *attlen = (int) len; - return(buf); - - mem_error: -@@ -6964,7 +6992,7 @@ - xmlFreeNodeList(list); - return; - } -- if (xmlParserEntityCheck(ctxt, 0, ent)) { -+ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { - xmlFreeNodeList(list); - return; - } -@@ -7124,6 +7152,13 @@ - xmlNodePtr nw = NULL, cur, firstChild = NULL; - - /* -+ * We are copying here, make sure there is no abuse -+ */ -+ ctxt->sizeentcopy += ent->length; -+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) -+ return; -+ -+ /* - * when operating on a reader, the entities definitions - * are always owning the entities subtree. - if (ctxt->parseMode == XML_PARSE_READER) -@@ -7163,6 +7198,14 @@ - } else if (list == NULL) { - xmlNodePtr nw = NULL, cur, next, last, - firstChild = NULL; -+ -+ /* -+ * We are copying here, make sure there is no abuse -+ */ -+ ctxt->sizeentcopy += ent->length; -+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) -+ return; +From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Tue, 22 Apr 2014 15:30:56 +0800 +Subject: Do not fetch external parameter entities + +Unless explicitely asked for when validating or replacing entities +with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com> + +diff --git a/parser.c b/parser.c +index 9347ac9..c0dea05 100644 +--- parser.c ++++ parser.c +@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { + xmlCharEncoding enc; + + /* ++ * Note: external parsed entities will not be loaded, it is ++ * not required for a non-validating parser, unless the ++ * option of validating, or substituting entities were ++ * given. Doing so is far more secure as the parser will ++ * only process data coming from the document entity by ++ * default. ++ */ ++ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ++ ((ctxt->options & XML_PARSE_NOENT) == 0) && ++ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && ++ (ctxt->validate == 0)) ++ return; + - /* - * Copy the entity child list and make it the new - * entity child list. The goal is to make sure any -@@ -14343,6 +14386,7 @@ - ctxt->catalogs = NULL; - ctxt->nbentities = 0; - ctxt->sizeentities = 0; -+ ctxt->sizeentcopy = 0; - xmlInitNodeInfoSeq(&ctxt->node_seq); - - if (ctxt->attsDefault != NULL) { ++ /* + * handle the extra spaces added before and after + * c.f. http://www.w3.org/TR/REC-xml#as-PE + * this is done independently. +-- +cgit v0.10.1 + diff --git a/textproc/libxml2/files/patch-parserInternals.c b/textproc/libxml2/files/patch-parserInternals.c deleted file mode 100644 index ac0123de03c2..000000000000 --- a/textproc/libxml2/files/patch-parserInternals.c +++ /dev/null @@ -1,11 +0,0 @@ ---- parserInternals.c.orig 2012-05-15 03:16:38.000000000 +0000 -+++ parserInternals.c 2013-03-13 09:35:54.000000000 +0000 -@@ -1761,6 +1761,8 @@ - ctxt->charset = XML_CHAR_ENCODING_UTF8; - ctxt->catalogs = NULL; - ctxt->nbentities = 0; -+ ctxt->sizeentities = 0; -+ ctxt->sizeentcopy = 0; - ctxt->input_id = 1; - xmlInitNodeInfoSeq(&ctxt->node_seq); - return(0); diff --git a/textproc/libxml2/files/patch-python_Makefile.in b/textproc/libxml2/files/patch-python_Makefile.in index 56427195122a..6477ed68842b 100644 --- a/textproc/libxml2/files/patch-python_Makefile.in +++ b/textproc/libxml2/files/patch-python_Makefile.in @@ -1,26 +1,20 @@ ---- python/Makefile.in.orig 2012-08-04 12:00:53.000000000 +0200 -+++ python/Makefile.in 2012-08-04 12:02:59.000000000 +0200 -@@ -395,7 +395,7 @@ - -I$(top_builddir)/include \ - -I$(top_builddir)/$(subdir) +--- python/Makefile.in.orig 2013-11-24 08:47:04.000000000 +0100 ++++ python/Makefile.in 2013-11-24 08:51:02.000000000 +0100 +@@ -415,7 +415,7 @@ --docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) -+docsdir = $(datadir)/doc/py-libxml2 - # libxml2class.txt is generated + # Makefile for libxml2 python library + AUTOMAKE_OPTIONS = 1.4 foreign +-SUBDIRS = . tests ++SUBDIRS = . + docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) dist_docs_DATA = TODO EXTRA_DIST = \ -@@ -408,12 +408,12 @@ - - libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version - @WITH_PYTHON_TRUE@mylibs = \ --@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la -+@WITH_PYTHON_TRUE@ -lxml2 - +@@ -435,7 +435,7 @@ @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la - @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = $(srcdir)/libxml.c $(srcdir)/types.c - @WITH_PYTHON_TRUE@nodist_libxml2mod_la_SOURCES = libxml2-py.c --@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ -lpython$(PYTHON_VERSION) -+@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ - @WITH_PYTHON_TRUE@python_DATA = \ - @WITH_PYTHON_TRUE@ libxml2.py + @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = libxml.c libxml_wrap.h libxml2-py.h libxml2-py.c types.c + @WITH_PYTHON_TRUE@libxml2mod_la_LDFLAGS = $(CYGWIN_EXTRA_LDFLAGS) $(WIN32_EXTRA_LDFLAGS) -module -avoid-version \ +-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la $(CYGWIN_EXTRA_PYTHON_LIBADD) $(WIN32_EXTRA_PYTHON_LIBADD) $(PYTHON_LIBS) ++@WITH_PYTHON_TRUE@ -lxml2 $(CYGWIN_EXTRA_PYTHON_LIBADD) $(WIN32_EXTRA_PYTHON_LIBADD) $(PYTHON_LIBS) + @WITH_PYTHON_TRUE@BUILT_SOURCES = libxml2-export.c libxml2-py.h libxml2-py.c + @WITH_PYTHON_TRUE@dist_python_DATA = \ diff --git a/textproc/libxml2/files/patch-python_drv-libxml2.py b/textproc/libxml2/files/patch-python_drv-libxml2.py new file mode 100644 index 000000000000..fbcc9e6adf5a --- /dev/null +++ b/textproc/libxml2/files/patch-python_drv-libxml2.py @@ -0,0 +1,46 @@ +From 6c9c611beed57f001ca3ae6b964518d9c7336a69 Mon Sep 17 00:00:00 2001 +From: Alexandre Rostovtsev <tetromino@gentoo.org> +Date: Thu, 11 Jul 2013 03:00:54 +0000 +Subject: python: fix drv_libxml2.py for python3 compatibility + +https://bugzilla.gnome.org/show_bug.cgi?id=703979 +--- +diff --git a/python/drv_libxml2.py b/python/drv_libxml2.py +index e43fb1d..c9075e6 100644 +--- python/drv_libxml2.py ++++ python/drv_libxml2.py +@@ -34,12 +34,20 @@ TODO + + """ + +-__author__ = u"Stéphane Bidoul <sbi@skynet.be>" ++__author__ = "Stéphane Bidoul <sbi@skynet.be>" + __version__ = "0.3" + ++import sys + import codecs +-from types import StringType, UnicodeType +-StringTypes = (StringType,UnicodeType) ++ ++if sys.version < "3": ++ __author__ = codecs.unicode_escape_decode(__author__)[0] ++ ++ from types import StringType, UnicodeType ++ StringTypes = (StringType,UnicodeType) ++ ++else: ++ StringTypes = (str) + + from xml.sax._exceptions import * + from xml.sax import xmlreader, saxutils +@@ -65,7 +73,7 @@ def _d(s): + + try: + import libxml2 +-except ImportError, e: ++except ImportError as e: + raise SAXReaderNotAvailable("libxml2 not available: " \ + "import error was: %s" % e) + +-- +cgit v0.9.2 diff --git a/textproc/libxml2/files/patch-python_setup.py.in b/textproc/libxml2/files/patch-python_setup.py.in new file mode 100644 index 000000000000..72f7423a51f2 --- /dev/null +++ b/textproc/libxml2/files/patch-python_setup.py.in @@ -0,0 +1,142 @@ +--- python/setup.py.in.orig 2014-03-24 21:27:16.000000000 +0100 ++++ python/setup.py.in 2014-03-24 21:31:10.000000000 +0100 +@@ -67,7 +67,7 @@ + for dir in includes_dir: + if not missing(dir + "/libxml2/libxml/tree.h"): + xml_includes=dir + "/libxml2" +- break; ++ break; + + if xml_includes == "": + print("failed to find headers for libxml2: update includes_dir") +@@ -77,7 +77,7 @@ + for dir in includes_dir: + if not missing(dir + "/iconv.h"): + iconv_includes=dir +- break; ++ break; + + if iconv_includes == "": + print("failed to find headers for libiconv: update includes_dir") +@@ -90,22 +90,22 @@ + + xml_files = ["libxml2-api.xml", "libxml2-python-api.xml", + "libxml.c", "libxml.py", "libxml_wrap.h", "types.c", +- "xmlgenerator.py", "README", "TODO", "drv_libxml2.py"] ++ "xmlgenerator.py", "README", "TODO", "drv_libxml2.py"] + + xslt_files = ["libxslt-api.xml", "libxslt-python-api.xml", + "libxslt.c", "libxsl.py", "libxslt_wrap.h", +- "xsltgenerator.py"] ++ "xsltgenerator.py"] + + if missing("libxml2-py.c") or missing("libxml2.py"): + try: +- try: +- import xmlgenerator +- except: +- import generator ++ try: ++ import xmlgenerator ++ except: ++ import generator + except: +- print("failed to find and generate stubs for libxml2, aborting ...") +- print(sys.exc_info()[0], sys.exc_info()[1]) +- sys.exit(1) ++ print("failed to find and generate stubs for libxml2, aborting ...") ++ print(sys.exc_info()[0], sys.exc_info()[1]) ++ sys.exit(1) + + head = open("libxml.py", "r") + generated = open("libxml2class.py", "r") +@@ -116,7 +116,7 @@ + else: + result.write(line) + for line in generated.readlines(): +- result.write(line) ++ result.write(line) + head.close() + generated.close() + result.close() +@@ -126,39 +126,39 @@ + if missing("xsltgenerator.py") or missing("libxslt-api.xml"): + print("libxslt stub generator not found, libxslt not built") + else: +- try: +- import xsltgenerator +- except: +- print("failed to generate stubs for libxslt, aborting ...") +- print(sys.exc_info()[0], sys.exc_info()[1]) +- else: +- head = open("libxsl.py", "r") +- generated = open("libxsltclass.py", "r") +- result = open("libxslt.py", "w") +- for line in head.readlines(): ++ try: ++ import xsltgenerator ++ except: ++ print("failed to generate stubs for libxslt, aborting ...") ++ print(sys.exc_info()[0], sys.exc_info()[1]) ++ else: ++ head = open("libxsl.py", "r") ++ generated = open("libxsltclass.py", "r") ++ result = open("libxslt.py", "w") ++ for line in head.readlines(): + if WITHDLLS: + result.write(altImport(line)) + else: + result.write(line) +- for line in generated.readlines(): +- result.write(line) +- head.close() +- generated.close() +- result.close() +- with_xslt=1 ++ for line in generated.readlines(): ++ result.write(line) ++ head.close() ++ generated.close() ++ result.close() ++ with_xslt=1 + else: + with_xslt=1 + + if with_xslt == 1: + xslt_includes="" + for dir in includes_dir: +- if not missing(dir + "/libxslt/xsltconfig.h"): +- xslt_includes=dir + "/libxslt" +- break; ++ if not missing(dir + "/libxslt/xsltconfig.h"): ++ xslt_includes=dir + "/libxslt" ++ break; + + if xslt_includes == "": +- print("failed to find headers for libxslt: update includes_dir") +- with_xslt = 0 ++ print("failed to find headers for libxslt: update includes_dir") ++ with_xslt = 0 + + + descr = "libxml2 package" +@@ -198,7 +198,7 @@ + libraries=libs, define_macros=macros)] + if with_xslt == 1: + extens.append(Extension('libxsltmod', xslt_c_files, include_dirs=includes, +- library_dirs=libdirs, ++ library_dirs=libdirs, + libraries=libs, define_macros=macros)) + + if missing("MANIFEST"): +@@ -208,8 +208,8 @@ + for file in xml_files: + manifest.write(file + "\n") + if with_xslt == 1: +- for file in xslt_files: +- manifest.write(file + "\n") ++ for file in xslt_files: ++ manifest.write(file + "\n") + manifest.close() + + if WITHDLLS: diff --git a/textproc/libxml2/pkg-plist b/textproc/libxml2/pkg-plist index f3793da5a9bd..bff8e9c6a675 100644 --- a/textproc/libxml2/pkg-plist +++ b/textproc/libxml2/pkg-plist @@ -1,7 +1,6 @@ bin/xml2-config bin/xmlcatalog bin/xmllint -etc/xml2Conf.sh include/libxml2/libxml/DOCBparser.h include/libxml2/libxml/HTMLparser.h include/libxml2/libxml/HTMLtree.h @@ -54,6 +53,7 @@ lib/libxml2.la lib/libxml2.so lib/libxml2.so.2 lib/libxml2.so.%%LIBVERSION%% +lib/xml2Conf.sh libdata/pkgconfig/libxml-2.0.pc share/aclocal/libxml.m4 man/man1/xml2-config.1.gz |