diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8a1c681e7aa5..3a0bd202d06d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file. --> + + libxml2 -- cpu consumption Dos + + + libxml2 + 2.8.0 + + + + +

Kurt Seifried reports:

+
+

libxml2 is affected by the expansion of internal entities + (which can be used to consume resources) and external entities + (which can cause a denial of service against other services, + be used to port scan, etc.)..

+
+ +
+ + CVE-2013-0338 + CVE-2013-0339 + http://seclists.org/oss-sec/2013/q1/391 + https://security-tracker.debian.org/tracker/CVE-2013-0338 + https://security-tracker.debian.org/tracker/CVE-2013-0339 + + + 2013-02-21 + 2013-03-29 + +
+ asterisk -- multiple vulnerabilities diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 72659672cec9..ac16eb3ac07d 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -3,17 +3,11 @@ # Whom: Yukihiro Nakai # # $FreeBSD$ -# -# WITHOUT_SCHEMA disable XML schema support -# WITHOUT_THREADS disable threads support -# WITH_MEM_DEBUG enable memory debugging (DEVELOPERS ONLY!) -# WITH_XMLLINT_HIST enable history for xmllint -# WITH_THREAD_ALLOC enable per-thread memory (DEVELOPERS ONLY!) -# +# $MCom: ports/textproc/libxml2/Makefile,v 1.15 2012/11/26 19:55:23 kwm Exp $ PORTNAME= libxml2 -PORTVERSION= 2.7.8 -PORTREVISION?= 5 +PORTVERSION= 2.8.0 +PORTREVISION?= 0 CATEGORIES?= textproc gnome MASTER_SITES= ftp://xmlsoft.org/libxml2/ \ ftp://gd.tuwien.ac.at/pub/libxml/ @@ -27,46 +21,52 @@ COMMENT?= XML parser library for GNOME USE_CSTD= gnu89 USE_GMAKE= yes MAKE_JOBS_SAFE= yes +USE_ICONV= yes GNU_CONFIGURE= yes -USE_GNOME?= gnomehack pkgconfig +USES= pathfix +USE_GNOME?= pkgconfig USE_LDCONFIG= yes -CONFIGURE_ARGS?=--with-html-dir=${PREFIX}/share/doc \ +CONFIGURE_ARGS?=--with-iconv=${LOCALBASE} \ + --with-html-dir=${PREFIX}/share/doc \ --with-html-subdir=${PORTNAME} \ --without-python CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -.if !defined(WITHOUT_ICONV) -USE_ICONV= yes -CONFIGURE_ARGS+=--with-iconv=${LOCALBASE} -.else -CONFIGURE_ARGS+=--with-iconv=no -.endif - .if !defined(MASTERDIR) MAN1= xml2-config.1 xmllint.1 xmlcatalog.1 MAN3= libxml.3 -.endif -.if defined(WITHOUT_SCHEMA) +OPTIONS_DEFINE= SCHEMA THREADS MEM_DEBUG XMLLINT_HIST THREAD_ALLOC +OPTIONS_DEFAULT=SCHEMA THREADS +SCHEMA_DESC= XML schema support +THREADS_DESC= Threads support +MEM_DEBUG_DESC= Memory debugging (DEVELOPERS ONLY!) +XMLLINT_HIST_DESC= History for xmllint +THREAD_ALLOC_DESc= Per-thread memory (DEVELOPERS ONLY!) + +.include + +.if ${PORT_OPTIONS:MSCHEMA} CONFIGURE_ARGS+= --without-schemas .endif -.if defined(WITHOUT_THREADS) +.if ${PORT_OPTIONS:MTHREADS} CONFIGURE_ARGS+= --without-threads .endif -.if defined(WITH_MEM_DEBUG) +.if ${PORT_OPTIONS:MMEM_DEBUG} CONFIGURE_ARGS+= --with-mem-debug .endif -.if defined(WITH_XMLLINT_HIST) +.if ${PORT_OPTIONS:MXMLLINT_HIST} CONFIGURE_ARGS+= --with-history .endif -.if defined(WITH_THREAD_ALLOC) +.if ${PORT_OPTIONS:MTHREAD_ALLOC} CONFIGURE_ARGS+= --with-thread-alloc .endif +.endif # !defined(MASTERDIR) post-patch: .for d in . doc doc/devhelp doc/examples diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 41f22cc4ce6d..19079f76515d 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,2 +1,2 @@ -SHA256 (gnome2/libxml2-2.7.8.tar.gz) = cda23bc9ebd26474ca8f3d67e7d1c4a1f1e7106364b690d822e009fdc3c417ec -SIZE (gnome2/libxml2-2.7.8.tar.gz) = 4881808 +SHA256 (gnome2/libxml2-2.8.0.tar.gz) = f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a +SIZE (gnome2/libxml2-2.8.0.tar.gz) = 4915203 diff --git a/textproc/libxml2/files/patch-aa b/textproc/libxml2/files/patch-Makefile.in similarity index 68% rename from textproc/libxml2/files/patch-aa rename to textproc/libxml2/files/patch-Makefile.in index b5f110bd8368..df4c9761dc52 100644 --- a/textproc/libxml2/files/patch-aa +++ b/textproc/libxml2/files/patch-Makefile.in @@ -1,17 +1,17 @@ $FreeBSD$ ---- Makefile.in.orig 2012-08-16 19:47:20.000000000 +0200 -+++ Makefile.in 2012-08-16 19:47:48.000000000 +0200 -@@ -564,7 +564,7 @@ top_build_prefix = @top_build_prefix@ +--- Makefile.in.orig 2012-08-16 19:38:10.000000000 +0200 ++++ Makefile.in 2012-08-16 19:39:09.000000000 +0200 +@@ -586,7 +586,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@ +SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@ DIST_SUBDIRS = include . doc example python xstc - INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ + INCLUDES = -I$(top_builddir)/include -I@srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ @LZMA_CFLAGS@ bin_SCRIPTS = xml2-config -@@ -574,7 +574,7 @@ libxml2_la_LIBADD = @THREAD_LIBS@ @Z_LIB +@@ -596,7 +596,7 @@ @USE_VERSION_SCRIPT_TRUE@LIBXML2_VERSION_SCRIPT = $(VERSION_SCRIPT_FLAGS)$(srcdir)/libxml2.syms libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ \ $(LIBXML2_VERSION_SCRIPT) \ @@ -20,7 +20,7 @@ @MODULE_PLATFORM_LIBS@ @WITH_TRIO_SOURCES_FALSE@libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \ -@@ -690,7 +690,7 @@ runxmlconf_LDFLAGS = +@@ -712,7 +712,7 @@ runxmlconf_DEPENDENCIES = $(DEPS) runxmlconf_LDADD = $(LDADDS) CLEANFILES = xml2Conf.sh *.gcda *.gcno @@ -29,7 +29,7 @@ confexec_DATA = xml2Conf.sh CVS_EXTRA_DIST = EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \ -@@ -713,8 +713,8 @@ pkgconfig_DATA = libxml-2.0.pc +@@ -735,8 +735,8 @@ # Install the tests program sources as examples # BASE_DIR = $(datadir)/doc @@ -40,16 +40,16 @@ # # Coverage support, largely borrowed from libvirt -@@ -1069,7 +1069,7 @@ distclean-compile: +@@ -1094,7 +1094,7 @@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< - @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -fPIC -DPIC -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< + @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo + @am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@@ -1548,7 +1548,7 @@ distcleancheck: distclean +@@ -1574,7 +1574,7 @@ exit 1; } >&2 check-am: all-am check: check-recursive @@ -58,3 +58,12 @@ config.h install-binPROGRAMS: install-libLTLIBRARIES +@@ -1634,7 +1634,7 @@ + + info-am: + +-install-data-am: install-data-local install-m4dataDATA install-man \ ++install-data-am: install-m4dataDATA install-man \ + install-pkgconfigDATA + + install-dvi: install-dvi-recursive diff --git a/textproc/libxml2/files/patch-config.h.in b/textproc/libxml2/files/patch-config.h.in index e86bbf40ec89..419a2c5de8ab 100644 --- a/textproc/libxml2/files/patch-config.h.in +++ b/textproc/libxml2/files/patch-config.h.in @@ -1,11 +1,11 @@ ---- config.h.in.orig Sun Nov 3 16:55:05 2002 -+++ config.h.in Tue Nov 19 00:06:05 2002 -@@ -1,4 +1,8 @@ +--- config.h.in.orig 2012-05-23 10:56:31.000000000 +0200 ++++ config.h.in 2012-07-23 09:34:22.000000000 +0200 +@@ -1,5 +1,8 @@ /* config.h.in. Generated from configure.in by autoheader. */ -+ + +/* XXX */ +#define HAVE_VFSCANF + - #undef PACKAGE - #undef VERSION - #undef HAVE_LIBZ + /* Define to 1 if you have the header file. */ + #undef HAVE_ANSIDECL_H + diff --git a/textproc/libxml2/files/patch-configure b/textproc/libxml2/files/patch-configure index 9187f174fd50..e930a1da75eb 100644 --- a/textproc/libxml2/files/patch-configure +++ b/textproc/libxml2/files/patch-configure @@ -1,15 +1,6 @@ ---- configure.orig 2010-11-27 15:40:06.000000000 +0100 -+++ configure 2010-11-27 15:40:06.000000000 +0100 -@@ -11414,7 +11414,7 @@ else - esac - fi - -- if test -z "$VERSION_SCRIPT_FLAGS"; then -+ if test -n "$VERSION_SCRIPT_FLAGS"; then - USE_VERSION_SCRIPT_TRUE= - USE_VERSION_SCRIPT_FALSE='#' - else -@@ -13501,11 +13501,12 @@ fi +--- configure.orig 2012-08-04 11:48:19.000000000 +0200 ++++ configure 2012-08-04 11:50:50.000000000 +0200 +@@ -14228,11 +14228,12 @@ fi fi if test "$PYTHON_VERSION" != "" then @@ -23,7 +14,7 @@ else if test -r $prefix/include/python$PYTHON_VERSION/Python.h then -@@ -13901,6 +13902,8 @@ fi +@@ -14635,6 +14636,8 @@ fi fi fi ;; diff --git a/textproc/libxml2/files/patch-include_libxml_parser.h b/textproc/libxml2/files/patch-include_libxml_parser.h new file mode 100644 index 000000000000..03632be45452 --- /dev/null +++ b/textproc/libxml2/files/patch-include_libxml_parser.h @@ -0,0 +1,10 @@ +--- include/libxml/parser.h.orig 2012-05-15 03:09:43.000000000 +0000 ++++ include/libxml/parser.h 2013-03-13 09:42:57.000000000 +0000 +@@ -310,6 +310,7 @@ + xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ + + int input_id; /* we need to label inputs */ ++ unsigned long sizeentcopy; /* volume of entity copy */ + }; + + /** diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c index d44616c8f1eb..1316d921d0f5 100644 --- a/textproc/libxml2/files/patch-parser.c +++ b/textproc/libxml2/files/patch-parser.c @@ -1,25 +1,343 @@ -Commit doesn't mention it but this fixes CVE-2011-3919 -From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Fri, 16 Dec 2011 10:53:35 +0000 -Subject: Fix an allocation error when copying entities - ---- -(limited to 'parser.c') - -diff --git a/parser.c b/parser.c -index 4e5dcb9..c55e41d 100644 ---- parser.c -+++ parser.c -@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, +--- parser.c.orig 2013-03-13 09:36:07.000000000 +0000 ++++ parser.c 2013-03-13 09:35:54.000000000 +0000 +@@ -40,6 +40,7 @@ + #endif + + #include ++#include + #include + #include + #include +@@ -117,16 +118,33 @@ + * parser option. + */ + static int +-xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size, +- xmlEntityPtr ent) ++xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, ++ xmlEntityPtr ent, size_t replacement) + { +- unsigned long consumed = 0; ++ size_t consumed = 0; + + if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) + return (0); + if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) + return (1); +- if (size != 0) { ++ if (replacement != 0) { ++ if (replacement < XML_MAX_TEXT_LENGTH) ++ return(0); ++ ++ /* ++ * If the volume of entity copy reaches 10 times the ++ * amount of parsed data and over the large text threshold ++ * then that's very likely to be an abuse. ++ */ ++ if (ctxt->input != NULL) { ++ consumed = ctxt->input->consumed + ++ (ctxt->input->cur - ctxt->input->base); ++ } ++ consumed += ctxt->sizeentities; ++ ++ if (replacement < XML_PARSER_NON_LINEAR * consumed) ++ return(0); ++ } else if (size != 0) { + /* + * Do the check based on the replacement size of the entity + */ +@@ -172,7 +190,6 @@ + */ + return (0); + } +- + xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); + return (1); + } +@@ -2589,15 +2606,17 @@ + + /* + * Macro used to grow the current buffer. ++ * buffer##_size is expected to be a size_t ++ * mem_error: is expected to handle memory allocation failures + */ + #define growBuffer(buffer, n) { \ + xmlChar *tmp; \ +- buffer##_size *= 2; \ +- buffer##_size += n; \ +- tmp = (xmlChar *) \ +- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \ ++ size_t new_size = buffer##_size * 2 + n; \ ++ if (new_size < buffer##_size) goto mem_error; \ ++ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \ + if (tmp == NULL) goto mem_error; \ + buffer = tmp; \ ++ buffer##_size = new_size; \ + } + + /** +@@ -2623,14 +2642,14 @@ + xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + int what, xmlChar end, xmlChar end2, xmlChar end3) { + xmlChar *buffer = NULL; +- int buffer_size = 0; ++ size_t buffer_size = 0; ++ size_t nbchars = 0; + + xmlChar *current = NULL; + xmlChar *rep = NULL; + const xmlChar *last; + xmlEntityPtr ent; + int c,l; +- int nbchars = 0; + + if ((ctxt == NULL) || (str == NULL) || (len < 0)) + return(NULL); +@@ -2647,7 +2666,7 @@ + * allocate a translation buffer. + */ + buffer_size = XML_PARSER_BIG_BUFFER_SIZE; +- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar)); ++ buffer = (xmlChar *) xmlMallocAtomic(buffer_size); + if (buffer == NULL) goto mem_error; + + /* +@@ -2667,7 +2686,7 @@ + if (val != 0) { + COPY_BUF(0,buffer,nbchars,val); + } +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) { +@@ -2685,7 +2704,7 @@ + (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { + if (ent->content != NULL) { + COPY_BUF(0,buffer,nbchars,ent->content[0]); +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } else { +@@ -2702,9 +2721,8 @@ + current = rep; + while (*current != 0) { /* non input consuming loop */ + buffer[nbchars++] = *current++; +- if (nbchars > +- buffer_size - XML_PARSER_BUFFER_SIZE) { +- if (xmlParserEntityCheck(ctxt, nbchars, ent)) ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) + goto int_error; + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } +@@ -2717,7 +2735,7 @@ + const xmlChar *cur = ent->name; buffer[nbchars++] = '&'; - if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { -- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); -+ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); +- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { ++ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) - buffer[nbchars++] = *cur++; --- -cgit v0.9.0.2 +@@ -2745,9 +2763,8 @@ + current = rep; + while (*current != 0) { /* non input consuming loop */ + buffer[nbchars++] = *current++; +- if (nbchars > +- buffer_size - XML_PARSER_BUFFER_SIZE) { +- if (xmlParserEntityCheck(ctxt, nbchars, ent)) ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) + goto int_error; + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } +@@ -2759,8 +2776,8 @@ + } else { + COPY_BUF(l,buffer,nbchars,c); + str += l; +- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { ++ growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + } + } + if (str < last) +@@ -3764,8 +3781,8 @@ + xmlChar limit = 0; + xmlChar *buf = NULL; + xmlChar *rep = NULL; +- int len = 0; +- int buf_size = 0; ++ size_t len = 0; ++ size_t buf_size = 0; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3787,7 +3804,7 @@ + * allocate a translation buffer. + */ + buf_size = XML_PARSER_BUFFER_SIZE; +- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar)); ++ buf = (xmlChar *) xmlMallocAtomic(buf_size); + if (buf == NULL) goto mem_error; + + /* +@@ -3804,7 +3821,7 @@ + + if (val == '&') { + if (ctxt->replaceEntities) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + buf[len++] = '&'; +@@ -3813,7 +3830,7 @@ + * The reparsing will be done in xmlStringGetNodeList() + * called by the attribute() function in SAX.c + */ +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + buf[len++] = '&'; +@@ -3823,7 +3840,7 @@ + buf[len++] = ';'; + } + } else if (val != 0) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + len += xmlCopyChar(0, &buf[len], val); +@@ -3835,7 +3852,7 @@ + ctxt->nbentities += ent->owner; + if ((ent != NULL) && + (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + if ((ctxt->replaceEntities == 0) && +@@ -3863,7 +3880,7 @@ + current++; + } else + buf[len++] = *current++; +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3871,7 +3888,7 @@ + rep = NULL; + } + } else { +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + if (ent->content != NULL) +@@ -3899,7 +3916,7 @@ + * Just output the reference + */ + buf[len++] = '&'; +- while (len > buf_size - i - 10) { ++ while (len + i + 10 > buf_size) { + growBuffer(buf, i + 10); + } + for (;i > 0;i--) +@@ -3912,7 +3929,7 @@ + if ((len != 0) || (!normalize)) { + if ((!normalize) || (!in_space)) { + COPY_BUF(l,buf,len,0x20); +- while (len > buf_size - 10) { ++ while (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3921,7 +3938,7 @@ + } else { + in_space = 0; + COPY_BUF(l,buf,len,c); +- if (len > buf_size - 10) { ++ if (len + 10 > buf_size) { + growBuffer(buf, 10); + } + } +@@ -3931,7 +3948,7 @@ + c = CUR_CHAR(l); + } + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { +@@ -3946,7 +3963,18 @@ + } + } else + NEXT; +- if (attlen != NULL) *attlen = len; ++ ++ /* ++ * There we potentially risk an overflow, don't allow attribute value of ++ * lenght more than INT_MAX it is a very reasonnable assumption ! ++ */ ++ if (len >= INT_MAX) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue lenght too long\n"); ++ goto mem_error; ++ } ++ ++ if (attlen != NULL) *attlen = (int) len; + return(buf); + + mem_error: +@@ -6964,7 +6992,7 @@ + xmlFreeNodeList(list); + return; + } +- if (xmlParserEntityCheck(ctxt, 0, ent)) { ++ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { + xmlFreeNodeList(list); + return; + } +@@ -7124,6 +7152,13 @@ + xmlNodePtr nw = NULL, cur, firstChild = NULL; + + /* ++ * We are copying here, make sure there is no abuse ++ */ ++ ctxt->sizeentcopy += ent->length; ++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) ++ return; ++ ++ /* + * when operating on a reader, the entities definitions + * are always owning the entities subtree. + if (ctxt->parseMode == XML_PARSE_READER) +@@ -7163,6 +7198,14 @@ + } else if (list == NULL) { + xmlNodePtr nw = NULL, cur, next, last, + firstChild = NULL; ++ ++ /* ++ * We are copying here, make sure there is no abuse ++ */ ++ ctxt->sizeentcopy += ent->length; ++ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) ++ return; ++ + /* + * Copy the entity child list and make it the new + * entity child list. The goal is to make sure any +@@ -14343,6 +14386,7 @@ + ctxt->catalogs = NULL; + ctxt->nbentities = 0; + ctxt->sizeentities = 0; ++ ctxt->sizeentcopy = 0; + xmlInitNodeInfoSeq(&ctxt->node_seq); + + if (ctxt->attsDefault != NULL) { diff --git a/textproc/libxml2/files/patch-parserInternals.c b/textproc/libxml2/files/patch-parserInternals.c new file mode 100644 index 000000000000..ac0123de03c2 --- /dev/null +++ b/textproc/libxml2/files/patch-parserInternals.c @@ -0,0 +1,11 @@ +--- parserInternals.c.orig 2012-05-15 03:16:38.000000000 +0000 ++++ parserInternals.c 2013-03-13 09:35:54.000000000 +0000 +@@ -1761,6 +1761,8 @@ + ctxt->charset = XML_CHAR_ENCODING_UTF8; + ctxt->catalogs = NULL; + ctxt->nbentities = 0; ++ ctxt->sizeentities = 0; ++ ctxt->sizeentcopy = 0; + ctxt->input_id = 1; + xmlInitNodeInfoSeq(&ctxt->node_seq); + return(0); diff --git a/textproc/libxml2/files/patch-python::Makefile.in b/textproc/libxml2/files/patch-python::Makefile.in deleted file mode 100644 index 37a01dce1d23..000000000000 --- a/textproc/libxml2/files/patch-python::Makefile.in +++ /dev/null @@ -1,20 +0,0 @@ ---- python/Makefile.in.orig 2008-05-23 22:39:11.000000000 -0500 -+++ python/Makefile.in 2008-05-23 22:40:42.000000000 -0500 -@@ -322,7 +322,7 @@ - -I$(top_builddir)/include \ - -I$(top_builddir)/$(subdir) - --docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) -+docsdir = $(datadir)/doc/py-libxml2 - # libxml2class.txt is generated - dist_docs_DATA = TODO - EXTRA_DIST = \ -@@ -335,7 +335,7 @@ - - libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version - @WITH_PYTHON_TRUE@mylibs = \ --@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la -+@WITH_PYTHON_TRUE@ -lxml2 - - @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la - @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = libxml.c types.c diff --git a/textproc/libxml2/files/patch-python_Makefile.in b/textproc/libxml2/files/patch-python_Makefile.in new file mode 100644 index 000000000000..56427195122a --- /dev/null +++ b/textproc/libxml2/files/patch-python_Makefile.in @@ -0,0 +1,26 @@ +--- python/Makefile.in.orig 2012-08-04 12:00:53.000000000 +0200 ++++ python/Makefile.in 2012-08-04 12:02:59.000000000 +0200 +@@ -395,7 +395,7 @@ + -I$(top_builddir)/include \ + -I$(top_builddir)/$(subdir) + +-docsdir = $(datadir)/doc/libxml2-python-$(LIBXML_VERSION) ++docsdir = $(datadir)/doc/py-libxml2 + # libxml2class.txt is generated + dist_docs_DATA = TODO + EXTRA_DIST = \ +@@ -408,12 +408,12 @@ + + libxml2mod_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -module -avoid-version + @WITH_PYTHON_TRUE@mylibs = \ +-@WITH_PYTHON_TRUE@ $(top_builddir)/libxml2.la ++@WITH_PYTHON_TRUE@ -lxml2 + + @WITH_PYTHON_TRUE@python_LTLIBRARIES = libxml2mod.la + @WITH_PYTHON_TRUE@libxml2mod_la_SOURCES = $(srcdir)/libxml.c $(srcdir)/types.c + @WITH_PYTHON_TRUE@nodist_libxml2mod_la_SOURCES = libxml2-py.c +-@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ -lpython$(PYTHON_VERSION) ++@WITH_PYTHON_TRUE@libxml2mod_la_LIBADD = $(mylibs) @CYGWIN_EXTRA_PYTHON_LIBADD@ @WIN32_EXTRA_PYTHON_LIBADD@ @PYTHON_LIBS@ + @WITH_PYTHON_TRUE@python_DATA = \ + @WITH_PYTHON_TRUE@ libxml2.py + diff --git a/textproc/libxml2/files/patch-python::tests::Makefile.in b/textproc/libxml2/files/patch-python_tests_Makefile.in similarity index 100% rename from textproc/libxml2/files/patch-python::tests::Makefile.in rename to textproc/libxml2/files/patch-python_tests_Makefile.in diff --git a/textproc/libxml2/files/patch-xpointer.c b/textproc/libxml2/files/patch-xpointer.c deleted file mode 100644 index 877ea2a7d920..000000000000 --- a/textproc/libxml2/files/patch-xpointer.c +++ /dev/null @@ -1,41 +0,0 @@ -From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001 -From: Jüri Aedla -Date: Mon, 07 May 2012 07:06:56 +0000 -Subject: Fix an off by one pointer access - -getting out of the range of memory allocated for xpointer decoding -CVE-2011-3102 - ---- -diff --git a/xpointer.c b/xpointer.c -index 37afa3a..0b463dd 100644 ---- xpointer.c -+++ xpointer.c -@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) { - NEXT; - break; - } -- *cur++ = CUR; - } else if (CUR == '(') { - level++; -- *cur++ = CUR; - } else if (CUR == '^') { -- NEXT; -- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) { -- *cur++ = CUR; -- } else { -- *cur++ = '^'; -- *cur++ = CUR; -- } -- } else { -- *cur++ = CUR; -+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) { -+ NEXT; -+ } - } -+ *cur++ = CUR; - NEXT; - } - *cur = 0; --- -cgit v0.9.0.2 diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile index 29c6aa62c811..cd715806d4c4 100644 --- a/textproc/py-libxml2/Makefile +++ b/textproc/py-libxml2/Makefile @@ -1,11 +1,7 @@ -# New ports collection makefile for: py-libxml2 -# Date created: 30 Jun 2004 -# Whom: Alexander Nedotsukov -# +# Created by: Alexander Nedotsukov # $FreeBSD$ -# -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= textproc gnome python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -18,7 +14,7 @@ INSTALL_WRKSRC= ${BUILD_WRKSRC} DESCR= ${.CURDIR}/pkg-descr PLIST= ${.CURDIR}/pkg-plist -USE_GNOME= gnomehack libxml2 +USE_GNOME+= libxml2 USE_PYTHON= yes CPPFLAGS+= `${PYTHON_VERSION}-config --cflags` LDFLAGS+= `${PYTHON_VERSION}-config --libs`