mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-23 00:43:28 +00:00
Code Issues Releases Activity

Update to 2.8.0. [1]

Browse Source 
Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2]
Convert to OptionsNG, rename patches to standard form. [1]

Notified by:	swills@ [2]
Obtained from:	gnome team repo [1]
Security:	843a4641-9816-11e2-9c51-080027019be0
This commit is contained in:
Koop Mast 2013-03-29 14:08:46 +00:00
parent 52248ad25e
commit be6202887a
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=315540
14 changed files with 479 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
security/vuxml/vuln.xml
View File

@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="843a4641-9816-11e2-9c51-080027019be0">
<topic>libxml2 -- cpu consumption Dos</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.8.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kurt Seifried reports:</p>
<blockquote cite="http://seclists.org/oss-sec/2013/q1/391">
<p>libxml2 is affected by the expansion of internal entities
(which can be used to consume resources) and external entities
(which can cause a denial of service against other services,
be used to port scan, etc.)..</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-0338</cvename>
<cvename>CVE-2013-0339</cvename>
<url>http://seclists.org/oss-sec/2013/q1/391</url>
<url>https://security-tracker.debian.org/tracker/CVE-2013-0338</url>
<url>https://security-tracker.debian.org/tracker/CVE-2013-0339</url>
</references>
<dates>
<discovery>2013-02-21</discovery>
<entry>2013-03-29</entry>
</dates>
</vuln>
<vuln vid="daf0a339-9850-11e2-879e-d43d7e0c7c02">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>

48
textproc/libxml2/Makefile
View File

@ -3,17 +3,11 @@
# Whom: Yukihiro Nakai <Nakai@technologist.com>
#
# $FreeBSD$
#
# WITHOUT_SCHEMA disable XML schema support
# WITHOUT_THREADS disable threads support
# WITH_MEM_DEBUG enable memory debugging (DEVELOPERS ONLY!)
# WITH_XMLLINT_HIST enable history for xmllint
# WITH_THREAD_ALLOC enable per-thread memory (DEVELOPERS ONLY!)
#
# $MCom: ports/textproc/libxml2/Makefile,v 1.15 2012/11/26 19:55:23 kwm Exp $
PORTNAME= libxml2
PORTVERSION= 2.7.8
PORTREVISION?= 5
PORTVERSION= 2.8.0
PORTREVISION?= 0
CATEGORIES?= textproc gnome
MASTER_SITES= ftp://xmlsoft.org/libxml2/ \
ftp://gd.tuwien.ac.at/pub/libxml/
@ -27,46 +21,52 @@ COMMENT?= XML parser library for GNOME
USE_CSTD= gnu89
USE_GMAKE= yes
MAKE_JOBS_SAFE= yes
USE_ICONV= yes
GNU_CONFIGURE= yes
USE_GNOME?= gnomehack pkgconfig
USES= pathfix
USE_GNOME?= pkgconfig
USE_LDCONFIG= yes
CONFIGURE_ARGS?=--with-html-dir=${PREFIX}/share/doc \
CONFIGURE_ARGS?=--with-iconv=${LOCALBASE} \
--with-html-dir=${PREFIX}/share/doc \
--with-html-subdir=${PORTNAME} \
--without-python
CPPFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
.if !defined(WITHOUT_ICONV)
USE_ICONV= yes
CONFIGURE_ARGS+=--with-iconv=${LOCALBASE}
.else
CONFIGURE_ARGS+=--with-iconv=no
.endif
.if !defined(MASTERDIR)
MAN1= xml2-config.1 xmllint.1 xmlcatalog.1
MAN3= libxml.3
.endif
.if defined(WITHOUT_SCHEMA)
OPTIONS_DEFINE= SCHEMA THREADS MEM_DEBUG XMLLINT_HIST THREAD_ALLOC
OPTIONS_DEFAULT=SCHEMA THREADS
SCHEMA_DESC= XML schema support
THREADS_DESC= Threads support
MEM_DEBUG_DESC= Memory debugging (DEVELOPERS ONLY!)
XMLLINT_HIST_DESC= History for xmllint
THREAD_ALLOC_DESc= Per-thread memory (DEVELOPERS ONLY!)
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MSCHEMA}
CONFIGURE_ARGS+= --without-schemas
.endif
.if defined(WITHOUT_THREADS)
.if ${PORT_OPTIONS:MTHREADS}
CONFIGURE_ARGS+= --without-threads
.endif
.if defined(WITH_MEM_DEBUG)
.if ${PORT_OPTIONS:MMEM_DEBUG}
CONFIGURE_ARGS+= --with-mem-debug
.endif
.if defined(WITH_XMLLINT_HIST)
.if ${PORT_OPTIONS:MXMLLINT_HIST}
CONFIGURE_ARGS+= --with-history
.endif
.if defined(WITH_THREAD_ALLOC)
.if ${PORT_OPTIONS:MTHREAD_ALLOC}
CONFIGURE_ARGS+= --with-thread-alloc
.endif
.endif # !defined(MASTERDIR)
post-patch:
.for d in . doc doc/devhelp doc/examples

4
textproc/libxml2/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (gnome2/libxml2-2.7.8.tar.gz) = cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec
SIZE (gnome2/libxml2-2.7.8.tar.gz) = 4881808
SHA256 (gnome2/libxml2-2.8.0.tar.gz) = f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a
SIZE (gnome2/libxml2-2.8.0.tar.gz) = 4915203

35
textproc/libxml2/files/patch-aa → textproc/libxml2/files/patch-Makefile.in
View File

@ -1,17 +1,17 @@
$FreeBSD$
--- Makefile.in.orig 2012-08-16 19:47:20.000000000 +0200
+++ Makefile.in 2012-08-16 19:47:48.000000000 +0200
@@ -564,7 +564,7 @@ top_build_prefix = @top_build_prefix@
--- Makefile.in.orig 2012-08-16 19:38:10.000000000 +0200
+++ Makefile.in 2012-08-16 19:39:09.000000000 +0200
@@ -586,7 +586,7 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@
+SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@
DIST_SUBDIRS = include . doc example python xstc
INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@
INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ @LZMA_CFLAGS@
bin_SCRIPTS = xml2-config
@@ -574,7 +574,7 @@ libxml2_la_LIBADD = @THREAD_LIBS@ @Z_LIB
@@ -596,7 +596,7 @@
@USE_VERSION_SCRIPT_TRUE@LIBXML2_VERSION_SCRIPT = $(VERSION_SCRIPT_FLAGS)$(srcdir)/libxml2.syms
libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ \
$(LIBXML2_VERSION_SCRIPT) \
@ -20,7 +20,7 @@
@MODULE_PLATFORM_LIBS@
@WITH_TRIO_SOURCES_FALSE@libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \
@@ -690,7 +690,7 @@ runxmlconf_LDFLAGS =
@@ -712,7 +712,7 @@
runxmlconf_DEPENDENCIES = $(DEPS)
runxmlconf_LDADD = $(LDADDS)
CLEANFILES = xml2Conf.sh *.gcda *.gcno
@ -29,7 +29,7 @@
confexec_DATA = xml2Conf.sh
CVS_EXTRA_DIST =
EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \
@@ -713,8 +713,8 @@ pkgconfig_DATA = libxml-2.0.pc
@@ -735,8 +735,8 @@
# Install the tests program sources as examples
#
BASE_DIR = $(datadir)/doc
@ -40,16 +40,16 @@
#
# Coverage support, largely borrowed from libvirt
@@ -1069,7 +1069,7 @@ distclean-compile:
@@ -1094,7 +1094,7 @@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@@ -1548,7 +1548,7 @@ distcleancheck: distclean
@@ -1574,7 +1574,7 @@
exit 1; } >&2
check-am: all-am
check: check-recursive
@ -58,3 +58,12 @@
config.h
install-binPROGRAMS: install-libLTLIBRARIES
@@ -1634,7 +1634,7 @@
info-am:
-install-data-am: install-data-local install-m4dataDATA install-man \
+install-data-am: install-m4dataDATA install-man \
install-pkgconfigDATA
install-dvi: install-dvi-recursive

14
textproc/libxml2/files/patch-config.h.in
View File

@ -1,11 +1,11 @@
--- config.h.in.orig Sun Nov 3 16:55:05 2002
+++ config.h.in Tue Nov 19 00:06:05 2002
@@ -1,4 +1,8 @@
--- config.h.in.orig 2012-05-23 10:56:31.000000000 +0200
+++ config.h.in 2012-07-23 09:34:22.000000000 +0200
@@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.in by autoheader. */
+
+/* XXX */
+#define HAVE_VFSCANF
+
#undef PACKAGE
#undef VERSION
#undef HAVE_LIBZ
/* Define to 1 if you have the <ansidecl.h> header file. */
#undef HAVE_ANSIDECL_H

17
textproc/libxml2/files/patch-configure
View File

@ -1,15 +1,6 @@
--- configure.orig 2010-11-27 15:40:06.000000000 +0100
+++ configure 2010-11-27 15:40:06.000000000 +0100
@@ -11414,7 +11414,7 @@ else
esac
fi
- if test -z "$VERSION_SCRIPT_FLAGS"; then
+ if test -n "$VERSION_SCRIPT_FLAGS"; then
USE_VERSION_SCRIPT_TRUE=
USE_VERSION_SCRIPT_FALSE='#'
else
@@ -13501,11 +13501,12 @@ fi
--- configure.orig 2012-08-04 11:48:19.000000000 +0200
+++ configure 2012-08-04 11:50:50.000000000 +0200
@@ -14228,11 +14228,12 @@ fi
fi
if test "$PYTHON_VERSION" != ""
then
@ -23,7 +14,7 @@
else
if test -r $prefix/include/python$PYTHON_VERSION/Python.h
then
@@ -13901,6 +13902,8 @@ fi
@@ -14635,6 +14636,8 @@ fi
fi
fi
;;

10
textproc/libxml2/files/patch-include_libxml_parser.h Normal file
View File

@ -0,0 +1,10 @@
--- include/libxml/parser.h.orig 2012-05-15 03:09:43.000000000 +0000
+++ include/libxml/parser.h 2013-03-13 09:42:57.000000000 +0000
@@ -310,6 +310,7 @@
xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */
int input_id; /* we need to label inputs */
+ unsigned long sizeentcopy; /* volume of entity copy */
};
/**

358
textproc/libxml2/files/patch-parser.c
View File

@ -1,25 +1,343 @@
Commit doesn't mention it but this fixes CVE-2011-3919
From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 16 Dec 2011 10:53:35 +0000
Subject: Fix an allocation error when copying entities
---
(limited to 'parser.c')
diff --git a/parser.c b/parser.c
index 4e5dcb9..c55e41d 100644
--- parser.c
+++ parser.c
@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
--- parser.c.orig 2013-03-13 09:36:07.000000000 +0000
+++ parser.c 2013-03-13 09:35:54.000000000 +0000
@@ -40,6 +40,7 @@
#endif
#include <stdlib.h>
+#include <limits.h>
#include <string.h>
#include <stdarg.h>
#include <libxml/xmlmemory.h>
@@ -117,16 +118,33 @@
* parser option.
*/
static int
-xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
- xmlEntityPtr ent)
+xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+ xmlEntityPtr ent, size_t replacement)
{
- unsigned long consumed = 0;
+ size_t consumed = 0;
if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
return (0);
if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
return (1);
- if (size != 0) {
+ if (replacement != 0) {
+ if (replacement < XML_MAX_TEXT_LENGTH)
+ return(0);
+
+ /*
+ * If the volume of entity copy reaches 10 times the
+ * amount of parsed data and over the large text threshold
+ * then that's very likely to be an abuse.
+ */
+ if (ctxt->input != NULL) {
+ consumed = ctxt->input->consumed +
+ (ctxt->input->cur - ctxt->input->base);
+ }
+ consumed += ctxt->sizeentities;
+
+ if (replacement < XML_PARSER_NON_LINEAR * consumed)
+ return(0);
+ } else if (size != 0) {
/*
* Do the check based on the replacement size of the entity
*/
@@ -172,7 +190,6 @@
*/
return (0);
}
-
xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
return (1);
}
@@ -2589,15 +2606,17 @@
/*
* Macro used to grow the current buffer.
+ * buffer##_size is expected to be a size_t
+ * mem_error: is expected to handle memory allocation failures
*/
#define growBuffer(buffer, n) { \
xmlChar *tmp; \
- buffer##_size *= 2; \
- buffer##_size += n; \
- tmp = (xmlChar *) \
- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
+ size_t new_size = buffer##_size * 2 + n; \
+ if (new_size < buffer##_size) goto mem_error; \
+ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
if (tmp == NULL) goto mem_error; \
buffer = tmp; \
+ buffer##_size = new_size; \
}
/**
@@ -2623,14 +2642,14 @@
xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
int what, xmlChar end, xmlChar end2, xmlChar end3) {
xmlChar *buffer = NULL;
- int buffer_size = 0;
+ size_t buffer_size = 0;
+ size_t nbchars = 0;
xmlChar *current = NULL;
xmlChar *rep = NULL;
const xmlChar *last;
xmlEntityPtr ent;
int c,l;
- int nbchars = 0;
if ((ctxt == NULL) || (str == NULL) || (len < 0))
return(NULL);
@@ -2647,7 +2666,7 @@
* allocate a translation buffer.
*/
buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
+ buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
if (buffer == NULL) goto mem_error;
/*
@@ -2667,7 +2686,7 @@
if (val != 0) {
COPY_BUF(0,buffer,nbchars,val);
}
- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
}
} else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
@@ -2685,7 +2704,7 @@
(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
if (ent->content != NULL) {
COPY_BUF(0,buffer,nbchars,ent->content[0]);
- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
}
} else {
@@ -2702,9 +2721,8 @@
current = rep;
while (*current != 0) { /* non input consuming loop */
buffer[nbchars++] = *current++;
- if (nbchars >
- buffer_size - XML_PARSER_BUFFER_SIZE) {
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
goto int_error;
growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
}
@@ -2717,7 +2735,7 @@
const xmlChar *cur = ent->name;
buffer[nbchars++] = '&';
if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
+ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
}
for (;i > 0;i--)
buffer[nbchars++] = *cur++;
--
cgit v0.9.0.2
@@ -2745,9 +2763,8 @@
current = rep;
while (*current != 0) { /* non input consuming loop */
buffer[nbchars++] = *current++;
- if (nbchars >
- buffer_size - XML_PARSER_BUFFER_SIZE) {
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
goto int_error;
growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
}
@@ -2759,8 +2776,8 @@
} else {
COPY_BUF(l,buffer,nbchars,c);
str += l;
- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
}
}
if (str < last)
@@ -3764,8 +3781,8 @@
xmlChar limit = 0;
xmlChar *buf = NULL;
xmlChar *rep = NULL;
- int len = 0;
- int buf_size = 0;
+ size_t len = 0;
+ size_t buf_size = 0;
int c, l, in_space = 0;
xmlChar *current = NULL;
xmlEntityPtr ent;
@@ -3787,7 +3804,7 @@
* allocate a translation buffer.
*/
buf_size = XML_PARSER_BUFFER_SIZE;
- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
+ buf = (xmlChar *) xmlMallocAtomic(buf_size);
if (buf == NULL) goto mem_error;
/*
@@ -3804,7 +3821,7 @@
if (val == '&') {
if (ctxt->replaceEntities) {
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
buf[len++] = '&';
@@ -3813,7 +3830,7 @@
* The reparsing will be done in xmlStringGetNodeList()
* called by the attribute() function in SAX.c
*/
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
buf[len++] = '&';
@@ -3823,7 +3840,7 @@
buf[len++] = ';';
}
} else if (val != 0) {
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
len += xmlCopyChar(0, &buf[len], val);
@@ -3835,7 +3852,7 @@
ctxt->nbentities += ent->owner;
if ((ent != NULL) &&
(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
if ((ctxt->replaceEntities == 0) &&
@@ -3863,7 +3880,7 @@
current++;
} else
buf[len++] = *current++;
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
}
@@ -3871,7 +3888,7 @@
rep = NULL;
}
} else {
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
if (ent->content != NULL)
@@ -3899,7 +3916,7 @@
* Just output the reference
*/
buf[len++] = '&';
- while (len > buf_size - i - 10) {
+ while (len + i + 10 > buf_size) {
growBuffer(buf, i + 10);
}
for (;i > 0;i--)
@@ -3912,7 +3929,7 @@
if ((len != 0) || (!normalize)) {
if ((!normalize) || (!in_space)) {
COPY_BUF(l,buf,len,0x20);
- while (len > buf_size - 10) {
+ while (len + 10 > buf_size) {
growBuffer(buf, 10);
}
}
@@ -3921,7 +3938,7 @@
} else {
in_space = 0;
COPY_BUF(l,buf,len,c);
- if (len > buf_size - 10) {
+ if (len + 10 > buf_size) {
growBuffer(buf, 10);
}
}
@@ -3931,7 +3948,7 @@
c = CUR_CHAR(l);
}
if ((in_space) && (normalize)) {
- while (buf[len - 1] == 0x20) len--;
+ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
}
buf[len] = 0;
if (RAW == '<') {
@@ -3946,7 +3963,18 @@
}
} else
NEXT;
- if (attlen != NULL) *attlen = len;
+
+ /*
+ * There we potentially risk an overflow, don't allow attribute value of
+ * lenght more than INT_MAX it is a very reasonnable assumption !
+ */
+ if (len >= INT_MAX) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue lenght too long\n");
+ goto mem_error;
+ }
+
+ if (attlen != NULL) *attlen = (int) len;
return(buf);
mem_error:
@@ -6964,7 +6992,7 @@
xmlFreeNodeList(list);
return;
}
- if (xmlParserEntityCheck(ctxt, 0, ent)) {
+ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
xmlFreeNodeList(list);
return;
}
@@ -7124,6 +7152,13 @@
xmlNodePtr nw = NULL, cur, firstChild = NULL;
/*
+ * We are copying here, make sure there is no abuse
+ */
+ ctxt->sizeentcopy += ent->length;
+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
+ return;
+
+ /*
* when operating on a reader, the entities definitions
* are always owning the entities subtree.
if (ctxt->parseMode == XML_PARSE_READER)
@@ -7163,6 +7198,14 @@
} else if (list == NULL) {
xmlNodePtr nw = NULL, cur, next, last,
firstChild = NULL;
+
+ /*
+ * We are copying here, make sure there is no abuse
+ */
+ ctxt->sizeentcopy += ent->length;
+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
+ return;
+
/*
* Copy the entity child list and make it the new
* entity child list. The goal is to make sure any
@@ -14343,6 +14386,7 @@
ctxt->catalogs = NULL;
ctxt->nbentities = 0;
ctxt->sizeentities = 0;
+ ctxt->sizeentcopy = 0;
xmlInitNodeInfoSeq(&ctxt->node_seq);
if (ctxt->attsDefault != NULL) {

11
textproc/libxml2/files/patch-parserInternals.c Normal file
View File

@ -0,0 +1,11 @@
--- parserInternals.c.orig 2012-05-15 03:16:38.000000000 +0000
+++ parserInternals.c 2013-03-13 09:35:54.000000000 +0000
@@ -1761,6 +1761,8 @@
ctxt->charset = XML_CHAR_ENCODING_UTF8;
ctxt->catalogs = NULL;
ctxt->nbentities = 0;
+ ctxt->sizeentities = 0;
+ ctxt->sizeentcopy = 0;
ctxt->input_id = 1;
xmlInitNodeInfoSeq(&ctxt->node_seq);
return(0);

20
textproc/libxml2/files/patch-python::Makefile.in
View File

@ -1,20 +0,0 @@
--- python/Makefile.in.orig 2008-05-23 22:39:11.000000000 -0500
+++ python/Makefile.in 2008-05-23 22:40:42.000000000 -0500
@@ -322,7 +322,7 @@
-I$(top_builddir)/include \
-I$(top_builddir)/$(subdir)
-docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)
+docsdir = $(datadir)/doc/py-libxml2
# libxml2class.txt is generated
dist_docs_DATA = TODO
EXTRA_DIST = \
@@ -335,7 +335,7 @@
libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version
@WITH_PYTHON_TRUE@mylibs = \
-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la
+@WITH_PYTHON_TRUE@ -lxml2
@WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la
@WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = libxml.c types.c

26
textproc/libxml2/files/patch-python_Makefile.in Normal file
View File

@ -0,0 +1,26 @@
--- python/Makefile.in.orig 2012-08-04 12:00:53.000000000 +0200
+++ python/Makefile.in 2012-08-04 12:02:59.000000000 +0200
@@ -395,7 +395,7 @@
-I$(top_builddir)/include \
-I$(top_builddir)/$(subdir)
-docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION)
+docsdir = $(datadir)/doc/py-libxml2
# libxml2class.txt is generated
dist_docs_DATA = TODO
EXTRA_DIST = \
@@ -408,12 +408,12 @@
libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version
@WITH_PYTHON_TRUE@mylibs = \
-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la
+@WITH_PYTHON_TRUE@ -lxml2
@WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la
@WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = $(srcdir)/libxml.c $(srcdir)/types.c
@WITH_PYTHON_TRUE@nodist_libxml2mod_la_SOURCES = libxml2-py.c
-@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ -lpython$(PYTHON_VERSION)
+@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@
@WITH_PYTHON_TRUE@python_DATA = \
@WITH_PYTHON_TRUE@ libxml2.py

0
textproc/libxml2/files/patch-python::tests::Makefile.in → textproc/libxml2/files/patch-python_tests_Makefile.in
View File

41
textproc/libxml2/files/patch-xpointer.c
View File

@ -1,41 +0,0 @@
From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
From: Jüri Aedla <asd@ut.ee>
Date: Mon, 07 May 2012 07:06:56 +0000
Subject: Fix an off by one pointer access
getting out of the range of memory allocated for xpointer decoding
CVE-2011-3102
---
diff --git a/xpointer.c b/xpointer.c
index 37afa3a..0b463dd 100644
--- xpointer.c
+++ xpointer.c
@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) {
NEXT;
break;
}
- *cur++ = CUR;
} else if (CUR == '(') {
level++;
- *cur++ = CUR;
} else if (CUR == '^') {
- NEXT;
- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
- *cur++ = CUR;
- } else {
- *cur++ = '^';
- *cur++ = CUR;
- }
- } else {
- *cur++ = CUR;
+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
+ NEXT;
+ }
}
+ *cur++ = CUR;
NEXT;
}
*cur = 0;
--
cgit v0.9.0.2

10
textproc/py-libxml2/Makefile
View File

@ -1,11 +1,7 @@
# New ports collection makefile for: py-libxml2
# Date created: 30 Jun 2004
# Whom: Alexander Nedotsukov <bland@FreeBSD.org>
#
# Created by: Alexander Nedotsukov <bland@FreeBSD.org>
# $FreeBSD$
#
PORTREVISION= 2
PORTREVISION= 0
CATEGORIES= textproc gnome python
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@ -18,7 +14,7 @@ INSTALL_WRKSRC= ${BUILD_WRKSRC}
DESCR= ${.CURDIR}/pkg-descr
PLIST= ${.CURDIR}/pkg-plist
USE_GNOME= gnomehack libxml2
USE_GNOME+= libxml2
USE_PYTHON= yes
CPPFLAGS+= `${PYTHON_VERSION}-config --cflags`
LDFLAGS+= `${PYTHON_VERSION}-config --libs`