cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- update to libxml-2.8.0

Browse Source 
tested on amd64, sparc64, mips64el and powerpc.
ok aja@
This commit is contained in:
jasper 2012-09-30 12:22:05 +00:00
parent 3924fbe591
commit 82fea34cab
15 changed files with 40 additions and 818 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
textproc/libxml/Makefile
View File

@ -1,21 +1,19 @@
# $OpenBSD: Makefile,v 1.145 2012/08/05 00:16:50 naddy Exp $
# $OpenBSD: Makefile,v 1.146 2012/09/30 12:22:05 jasper Exp $
COMMENT-main= XML parsing library
COMMENT-python= Python bindings for libxml
VERSION= 2.7.8
VERSION= 2.8.0
DISTNAME= libxml2-${VERSION}
PKGNAME-main= libxml-${VERSION}
REVISION-main = 6
REVISION-python = 3
PKGNAME-python= py-libxml-${VERSION}
SHARED_LIBS= xml2 13.0
SHARED_LIBS += xml2 14.0 # 10.0
CATEGORIES= textproc
MASTER_SITES= http://fr.rpmfind.net/pub/libxml/ \
http://gd.tuwien.ac.at/pub/libxml/ \
MASTER_SITES= http://gd.tuwien.ac.at/pub/libxml/ \
ftp://xmlsoft.org/libxml/
HOMEPAGE= http://xmlsoft.org/
HOMEPAGE= http://xmlsoft.org/
# BSD-like
PERMIT_PACKAGE_CDROM= Yes
@ -28,13 +26,13 @@ WANTLIB= m z
MODULES= converters/libiconv
USE_LIBTOOL= Yes
CONFIGURE_STYLE= autoconf
AUTOCONF_VERSION= 2.68 # should be 2.66
CONFIGURE_ARGS+= ${CONFIGURE_SHARED}
CONFIGURE_ARGS+= --enable-static
CONFIGURE_ARGS+= --with-html-dir="${PREFIX}/share/doc"
CONFIGURE_ARGS+= --with-html-subdir="libxml2/html"
CONFIGURE_ARGS+= --with-iconv="${DEPBASE}"
CONFIGURE_STYLE= gnu
CONFIGURE_ARGS+= ${CONFIGURE_SHARED} \
--enable-static \
--with-html-dir="${PREFIX}/share/doc" \
--with-html-subdir="libxml2/html" \
--with-iconv="${DEPBASE}" \
--without-threads
# only used to fetch data during regression test
CONFIGURE_ENV= WGET=/usr/bin/ftp
@ -43,7 +41,7 @@ FLAVOR?=
MULTI_PACKAGES= -main -python
WANTLIB-main= ${WANTLIB} c
WANTLIB-main= ${WANTLIB} c pthread util
RUN_DEPENDS-main=
NOT_FOR_ARCHS-python = ${NO_SHARED_ARCHS}
@ -51,18 +49,16 @@ NOT_FOR_ARCHS-python = ${NO_SHARED_ARCHS}
.if ${BUILD_PACKAGES:M-python}
MODULES+= lang/python
LIB_DEPENDS-python= textproc/libxml,-main \
LIB_DEPENDS-python= textproc/libxml,-main=${VERSION} \
${MODPY_LIB_DEPENDS} \
${MODLIBICONV_LIB_DEPENDS}
WANTLIB-python= m z util xml2>=11 ${MODPY_WANTLIB} ${MODLIBICONV_WANTLIB}
WANTLIB-python= pthread m z util xml2>=11 ${MODPY_WANTLIB} ${MODLIBICONV_WANTLIB}
FAKE_FLAGS= EXAMPLE_DIR=${PREFIX}/share/examples/libxml2/
CONFIGURE_ARGS+= --with-python
.else
CONFIGURE_ARGS+= --without-python
.endif
CONFIGURE_ARGS+= --without-threads
REGRESS_DEPENDS= devel/gmake
post-configure:

7
textproc/libxml/distinfo
View File

@ -1,5 +1,2 @@
MD5 (libxml2-2.7.8.tar.gz) = gSemXow7CIVgkwmbUlmchg==
RMD160 (libxml2-2.7.8.tar.gz) = MHCWIs/j4hdec9ZwG34Zolq1rEc=
SHA1 (libxml2-2.7.8.tar.gz) = hZ3VNe27hRzBW2R0DuBlUaehfUA=
SHA256 (libxml2-2.7.8.tar.gz) = zaI7yevSZHTKjz1n59HEofHnEGNktpDYIuAJ/cPEF+w=
SIZE (libxml2-2.7.8.tar.gz) = 4881808
SHA256 (libxml2-2.8.0.tar.gz) = 8uLQ4yJoUZPRr/7IOyHcBdWZ4XpzBte5DelbtbmsYio=
SIZE (libxml2-2.8.0.tar.gz) = 4915203

12
textproc/libxml/patches/patch-Makefile_in
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-Makefile_in,v 1.1 2011/07/08 09:52:50 jasper Exp $
--- Makefile.in.orig Thu Nov 4 18:28:16 2010
+++ Makefile.in Fri Jul 8 11:50:23 2011
@@ -713,7 +713,7 @@ pkgconfig_DATA = libxml-2.0.pc
$OpenBSD: patch-Makefile_in,v 1.2 2012/09/30 12:22:05 jasper Exp $
--- Makefile.in.orig Wed May 23 10:56:32 2012
+++ Makefile.in Thu Sep 27 10:04:34 2012
@@ -735,7 +735,7 @@ pkgconfig_DATA = libxml-2.0.pc
# Install the tests program sources as examples
#
BASE_DIR = $(datadir)/doc
@ -10,7 +10,7 @@ $OpenBSD: patch-Makefile_in,v 1.1 2011/07/08 09:52:50 jasper Exp $
EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples
#
@@ -1712,7 +1712,7 @@ testapi.c: $(srcdir)/gentest.py
@@ -1738,7 +1738,7 @@ testapi.c: $(srcdir)/gentest.py
#testOOM_LDADD= $(LDADDS)
runtests:
@ -19,7 +19,7 @@ $OpenBSD: patch-Makefile_in,v 1.1 2011/07/08 09:52:50 jasper Exp $
@(if [ "@PYTHON_SUBDIR@" != "" ] ; then cd python ; \
$(MAKE) MAKEFLAGS+=--silent tests ; fi)
@@ -2217,6 +2217,7 @@ SVGtests : xmllint$(EXEEXT)
@@ -2243,6 +2243,7 @@ SVGtests : xmllint$(EXEEXT)
grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0";\
else \
echo Testing $$name ; \

15
textproc/libxml/patches/patch-configure_in
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-configure_in,v 1.1 2012/02/23 09:39:00 sthen Exp $
CVE-2012-0841
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
--- configure.in.orig Thu Nov 4 17:01:19 2010
+++ configure.in Wed Feb 22 19:02:10 2012
@@ -475,6 +475,7 @@ AC_CHECK_FUNCS(strdup strndup strerror)
AC_CHECK_FUNCS(finite isnand fp_class class fpclass)
AC_CHECK_FUNCS(strftime localtime gettimeofday ftime)
AC_CHECK_FUNCS(stat _stat signal)
+AC_CHECK_FUNCS(rand srand time)
dnl Checking the standard string functions availability
AC_CHECK_FUNCS(printf sprintf fprintf snprintf vfprintf vsprintf vsnprintf sscanf,,

176
textproc/libxml/patches/patch-dict_c
View File

@ -1,176 +0,0 @@
$OpenBSD: patch-dict_c,v 1.1 2012/02/23 09:39:00 sthen Exp $
CVE-2012-0841
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
--- dict.c.orig Tue Oct 12 07:25:31 2010
+++ dict.c Wed Feb 22 19:02:10 2012
@@ -2,7 +2,7 @@
* dict.c: dictionary of reusable strings, just used to avoid allocation
* and freeing operations.
*
- * Copyright (C) 2003 Daniel Veillard.
+ * Copyright (C) 2003-2012 Daniel Veillard.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -19,6 +19,28 @@
#define IN_LIBXML
#include "libxml.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+/*
+ * Following http://www.ocert.org/advisories/ocert-2011-003.html
+ * it seems that having hash randomization might be a good idea
+ * when using XML with untrusted data
+ * Note1: that it works correctly only if compiled with WITH_BIG_KEY
+ * which is the default.
+ * Note2: the fast function used for a small dict won't protect very
+ * well but since the attack is based on growing a very big hash
+ * list we will use the BigKey algo as soon as the hash size grows
+ * over MIN_DICT_SIZE so this actually works
+ */
+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME)
+#define DICT_RANDOMIZATION
+#endif
+
#include <string.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
@@ -44,23 +66,23 @@ typedef unsigned __int32 uint32_t;
#define WITH_BIG_KEY
#ifdef WITH_BIG_KEY
-#define xmlDictComputeKey(dict, name, len) \
- (((dict)->size == MIN_DICT_SIZE) ? \
- xmlDictComputeFastKey(name, len) : \
- xmlDictComputeBigKey(name, len))
+#define xmlDictComputeKey(dict, name, len) \
+ (((dict)->size == MIN_DICT_SIZE) ? \
+ xmlDictComputeFastKey(name, len, (dict)->seed) : \
+ xmlDictComputeBigKey(name, len, (dict)->seed))
-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
- (((prefix) == NULL) ? \
- (xmlDictComputeKey(dict, name, len)) : \
- (((dict)->size == MIN_DICT_SIZE) ? \
- xmlDictComputeFastQKey(prefix, plen, name, len) : \
- xmlDictComputeBigQKey(prefix, plen, name, len)))
+#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
+ (((prefix) == NULL) ? \
+ (xmlDictComputeKey(dict, name, len)) : \
+ (((dict)->size == MIN_DICT_SIZE) ? \
+ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed) : \
+ xmlDictComputeBigQKey(prefix, plen, name, len, (dict)->seed)))
#else /* !WITH_BIG_KEY */
-#define xmlDictComputeKey(dict, name, len) \
- xmlDictComputeFastKey(name, len)
-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
- xmlDictComputeFastQKey(prefix, plen, name, len)
+#define xmlDictComputeKey(dict, name, len) \
+ xmlDictComputeFastKey(name, len, (dict)->seed)
+#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
+ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed)
#endif /* WITH_BIG_KEY */
/*
@@ -98,6 +120,8 @@ struct _xmlDict {
xmlDictStringsPtr strings;
struct _xmlDict *subdict;
+ /* used for randomization */
+ int seed;
};
/*
@@ -125,6 +149,9 @@ static int xmlInitializeDict(void) {
if ((xmlDictMutex = xmlNewRMutex()) == NULL)
return(0);
+#ifdef DICT_RANDOMIZATION
+ srand(time(NULL));
+#endif
xmlDictInitialized = 1;
return(1);
}
@@ -277,13 +304,13 @@ found_pool:
*/
static uint32_t
-xmlDictComputeBigKey(const xmlChar* data, int namelen) {
+xmlDictComputeBigKey(const xmlChar* data, int namelen, int seed) {
uint32_t hash;
int i;
if (namelen <= 0 || data == NULL) return(0);
- hash = 0;
+ hash = seed;
for (i = 0;i < namelen; i++) {
hash += data[i];
@@ -310,12 +337,12 @@ xmlDictComputeBigKey(const xmlChar* data, int namelen)
*/
static unsigned long
xmlDictComputeBigQKey(const xmlChar *prefix, int plen,
- const xmlChar *name, int len)
+ const xmlChar *name, int len, int seed)
{
uint32_t hash;
int i;
- hash = 0;
+ hash = seed;
for (i = 0;i < plen; i++) {
hash += prefix[i];
@@ -346,8 +373,8 @@ xmlDictComputeBigQKey(const xmlChar *prefix, int plen,
* for low hash table fill.
*/
static unsigned long
-xmlDictComputeFastKey(const xmlChar *name, int namelen) {
- unsigned long value = 0L;
+xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+ unsigned long value = seed;
if (name == NULL) return(0);
value = *name;
@@ -381,9 +408,9 @@ xmlDictComputeFastKey(const xmlChar *name, int namelen
*/
static unsigned long
xmlDictComputeFastQKey(const xmlChar *prefix, int plen,
- const xmlChar *name, int len)
+ const xmlChar *name, int len, int seed)
{
- unsigned long value = 0L;
+ unsigned long value = (unsigned long) seed;
if (plen == 0)
value += 30 * (unsigned long) ':';
@@ -460,6 +487,11 @@ xmlDictCreate(void) {
dict->subdict = NULL;
if (dict->dict) {
memset(dict->dict, 0, MIN_DICT_SIZE * sizeof(xmlDictEntry));
+#ifdef DICT_RANDOMIZATION
+ dict->seed = rand();
+#else
+ dict->seed = 0;
+#endif
return(dict);
}
xmlFree(dict);
@@ -486,6 +518,7 @@ xmlDictCreateSub(xmlDictPtr sub) {
#ifdef DICT_DEBUG_PATTERNS
fprintf(stderr, "R");
#endif
+ dict->seed = sub->seed;
dict->subdict = sub;
xmlDictReference(dict->subdict);
}

27
textproc/libxml/patches/patch-encoding_c
View File

@ -1,27 +0,0 @@
$OpenBSD: patch-encoding_c,v 1.1 2012/01/23 10:17:49 ajacoutot Exp $
From 69f04562f75212bfcabecd190ea8b06ace28ece2 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 19 Aug 2011 03:05:04 +0000
Subject: Fix an off by one error in encoding
--- encoding.c.orig Thu Nov 4 17:40:06 2010
+++ encoding.c Mon Jan 23 08:06:05 2012
@@ -1928,7 +1928,7 @@ xmlCharEncFirstLineInt(xmlCharEncodingHandler *handler
if (in == NULL) return(-1);
/* calculate space available */
- written = out->size - out->use;
+ written = out->size - out->use - 1; /* count '\0' */
toconv = in->use;
/*
* echo '<?xml version="1.0" encoding="UCS4"?>' | wc -c => 38
@@ -2059,7 +2059,7 @@ xmlCharEncInFunc(xmlCharEncodingHandler * handler, xml
toconv = in->use;
if (toconv == 0)
return (0);
- written = out->size - out->use;
+ written = out->size - out->use -1; /* count '\0' */
if (toconv * 2 >= written) {
xmlBufferGrow(out, out->size + toconv * 2);
written = out->size - out->use - 1;

94
textproc/libxml/patches/patch-hash_c
View File

@ -1,94 +0,0 @@
$OpenBSD: patch-hash_c,v 1.1 2012/02/23 09:39:00 sthen Exp $
CVE-2012-0841
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
--- hash.c.orig Tue Oct 12 07:25:32 2010
+++ hash.c Wed Feb 22 19:02:10 2012
@@ -3,7 +3,7 @@
*
* Reference: Your favorite introductory book on algorithms
*
- * Copyright (C) 2000 Bjorn Reese and Daniel Veillard.
+ * Copyright (C) 2000,2012 Bjorn Reese and Daniel Veillard.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -21,6 +21,22 @@
#include "libxml.h"
#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+/*
+ * Following http://www.ocert.org/advisories/ocert-2011-003.html
+ * it seems that having hash randomization might be a good idea
+ * when using XML with untrusted data
+ */
+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME)
+#define HASH_RANDOMIZATION
+#endif
+
#include <libxml/parser.h>
#include <libxml/hash.h>
#include <libxml/xmlmemory.h>
@@ -31,6 +47,10 @@
/* #define DEBUG_GROW */
+#ifdef HASH_RANDOMIZATION
+static int hash_initialized = 0;
+#endif
+
/*
* A single entry in the hash table
*/
@@ -53,6 +73,9 @@ struct _xmlHashTable {
int size;
int nbElems;
xmlDictPtr dict;
+#ifdef HASH_RANDOMIZATION
+ int random_seed;
+#endif
};
/*
@@ -65,6 +88,9 @@ xmlHashComputeKey(xmlHashTablePtr table, const xmlChar
unsigned long value = 0L;
char ch;
+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (name != NULL) {
value += 30 * (*name);
while ((ch = *name++) != 0) {
@@ -92,6 +118,9 @@ xmlHashComputeQKey(xmlHashTablePtr table,
unsigned long value = 0L;
char ch;
+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (prefix != NULL)
value += 30 * (*prefix);
else
@@ -156,6 +185,13 @@ xmlHashCreate(int size) {
table->table = xmlMalloc(size * sizeof(xmlHashEntry));
if (table->table) {
memset(table->table, 0, size * sizeof(xmlHashEntry));
+#ifdef HASH_RANDOMIZATION
+ if (!hash_initialized) {
+ srand(time(NULL));
+ hash_initialized = 1;
+ }
+ table->random_seed = rand();
+#endif
return(table);
}
xmlFree(table);

28
textproc/libxml/patches/patch-include_libxml_xpath_h
View File

@ -1,28 +0,0 @@
$OpenBSD: patch-include_libxml_xpath_h,v 1.1 2012/01/23 10:17:49 ajacoutot Exp $
From f5048b3e71fc30ad096970b8df6e7af073bae4cb Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 18 Aug 2011 09:10:13 +0000
Subject: Hardening of XPath evaluation
--- include/libxml/xpath.h.orig Tue Oct 12 08:25:32 2010
+++ include/libxml/xpath.h Mon Jan 23 08:15:53 2012
@@ -68,7 +68,8 @@ typedef enum {
XPATH_UNDEF_PREFIX_ERROR,
XPATH_ENCODING_ERROR,
XPATH_INVALID_CHAR_ERROR,
- XPATH_INVALID_CTXT
+ XPATH_INVALID_CTXT,
+ XPATH_STACK_ERROR
} xmlXPathError;
/*
@@ -380,6 +381,8 @@ struct _xmlXPathParserContext {
xmlXPathCompExprPtr comp; /* the precompiled expression */
int xptr; /* it this an XPointer expression */
xmlNodePtr ancestor; /* used for walking preceding axis */
+
+ int valueFrame; /* used to limit Pop on the stack */
};
/************************************************************************

63
textproc/libxml/patches/patch-parser_c
View File

@ -1,63 +0,0 @@
$OpenBSD: patch-parser_c,v 1.5 2012/01/23 10:17:49 ajacoutot Exp $
From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 16 Dec 2011 10:53:35 +0000
Subject: Fix an allocation error when copying entities
From 77404b8b69bc122d12231807abf1a837d121b551 Mon Sep 17 00:00:00 2001
From: Chris Evans <scarybeasts@gmail.com>
Date: Wed, 14 Dec 2011 08:18:25 +0000
Subject: Make sure the parser returns when getting a Stop order
--- parser.c.orig Mon Jan 23 08:11:49 2012
+++ parser.c Mon Jan 23 08:11:54 2012
@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
(ctxt->sax->processingInstruction != NULL))
ctxt->sax->processingInstruction(ctxt->userData,
target, NULL);
- ctxt->instate = state;
+ if (ctxt->instate != XML_PARSER_EOF)
+ ctxt->instate = state;
return;
}
buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
} else {
xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
}
- ctxt->instate = state;
+ if (ctxt->instate != XML_PARSER_EOF)
+ ctxt->instate = state;
}
}
@@ -9588,6 +9590,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
else
name = xmlParseStartTag(ctxt);
#endif /* LIBXML_SAX1_ENABLED */
+ if (ctxt->instate == XML_PARSER_EOF)
+ return;
if (name == NULL) {
spacePop(ctxt);
return;
@@ -10967,6 +10971,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int termina
else
name = xmlParseStartTag(ctxt);
#endif /* LIBXML_SAX1_ENABLED */
+ if (ctxt->instate == XML_PARSER_EOF)
+ goto done;
if (name == NULL) {
spacePop(ctxt);
ctxt->instate = XML_PARSER_EOF;
@@ -11153,7 +11159,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int termina
else
xmlParseEndTag1(ctxt, 0);
#endif /* LIBXML_SAX1_ENABLED */
- if (ctxt->nameNr == 0) {
+ if (ctxt->instate == XML_PARSER_EOF) {
+ /* Nothing */
+ } else if (ctxt->nameNr == 0) {
ctxt->instate = XML_PARSER_EPILOG;
} else {
ctxt->instate = XML_PARSER_CONTENT;

8
textproc/libxml/patches/patch-python_Makefile_in
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-python_Makefile_in,v 1.11 2010/11/15 09:54:11 jasper Exp $
--- python/Makefile.in.orig Thu Nov 4 18:28:16 2010
+++ python/Makefile.in Fri Nov 12 15:00:38 2010
@@ -839,7 +839,7 @@ info: info-recursive
$OpenBSD: patch-python_Makefile_in,v 1.12 2012/09/30 12:22:05 jasper Exp $
--- python/Makefile.in.orig Wed May 23 10:56:32 2012
+++ python/Makefile.in Thu Sep 27 10:04:34 2012
@@ -865,7 +865,7 @@ info: info-recursive
info-am:

10
textproc/libxml/patches/patch-python_tests_Makefile_in
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-python_tests_Makefile_in,v 1.10 2010/11/15 09:54:11 jasper Exp $
--- python/tests/Makefile.in.orig Thu Nov 4 18:28:16 2010
+++ python/tests/Makefile.in Fri Nov 12 15:00:38 2010
@@ -296,7 +296,7 @@ target_alias = @target_alias@
$OpenBSD: patch-python_tests_Makefile_in,v 1.11 2012/09/30 12:22:05 jasper Exp $
--- python/tests/Makefile.in.orig Wed May 23 10:56:32 2012
+++ python/tests/Makefile.in Thu Sep 27 10:04:34 2012
@@ -307,7 +307,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@ -10,7 +10,7 @@ $OpenBSD: patch-python_tests_Makefile_in,v 1.10 2010/11/15 09:54:11 jasper Exp $
dist_example_DATA = $(PYTESTS) $(XMLS)
PYTESTS = \
build.py \
@@ -333,7 +333,6 @@ PYTESTS = \
@@ -344,7 +344,6 @@ PYTESTS = \
readererr.py\
relaxng.py \
schema.py \

321
textproc/libxml/patches/patch-xpath_c
View File

@ -1,321 +0,0 @@
$OpenBSD: patch-xpath_c,v 1.4 2012/01/23 10:17:49 ajacoutot Exp $
From f5048b3e71fc30ad096970b8df6e7af073bae4cb Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 18 Aug 2011 09:10:13 +0000
Subject: Hardening of XPath evaluation
- Fix for CVE-2010-4494, Libxml2 XPath Double Free Vulnerability.
From upstream git: df83c17e5a2646bd923f75e5e507bc80d73c9722
- Fix for SA44711, Libxml2 XPath Nodeset Processing Vulnerability.
From upstream git: d7958b21e7f8c447a26bb2436f08402b2c308be4
- Fix for CVE-2011-2821, Libxml2 XSLT Double Free Vulnerabilitiy.
From upstream git: df83c17e5a2646bd923f75e5e507bc80d73c9722
- Fix for CVE-2011-2834, Libxml2 XSLT Double Free Vulnerabilitiy.
From upstream git: 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
--- xpath.c.orig Mon Jan 23 08:15:36 2012
+++ xpath.c Mon Jan 23 08:20:48 2012
@@ -252,6 +252,7 @@ static const char *xmlXPathErrorMessages[] = {
"Encoding error\n",
"Char out of XML range\n",
"Invalid or incomplete context\n",
+ "Stack usage errror\n",
"?? Unknown error ??\n" /* Must be last in the list! */
};
#define MAXERRNO ((int)(sizeof(xmlXPathErrorMessages) / \
@@ -2398,6 +2399,42 @@ xmlXPathCacheConvertNumber(xmlXPathContextPtr ctxt, xm
************************************************************************/
/**
+ * xmlXPathSetFrame:
+ * @ctxt: an XPath parser context
+ *
+ * Set the callee evaluation frame
+ *
+ * Returns the previous frame value to be restored once done
+ */
+static int
+xmlXPathSetFrame(xmlXPathParserContextPtr ctxt) {
+ int ret;
+
+ if (ctxt == NULL)
+ return(0);
+ ret = ctxt->valueFrame;
+ ctxt->valueFrame = ctxt->valueNr;
+ return(ret);
+}
+
+/**
+ * xmlXPathPopFrame:
+ * @ctxt: an XPath parser context
+ * @frame: the previous frame value
+ *
+ * Remove the callee evaluation frame
+ */
+static void
+xmlXPathPopFrame(xmlXPathParserContextPtr ctxt, int frame) {
+ if (ctxt == NULL)
+ return;
+ if (ctxt->valueNr < ctxt->valueFrame) {
+ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR);
+ }
+ ctxt->valueFrame = frame;
+}
+
+/**
* valuePop:
* @ctxt: an XPath evaluation context
*
@@ -2412,6 +2449,12 @@ valuePop(xmlXPathParserContextPtr ctxt)
if ((ctxt == NULL) || (ctxt->valueNr <= 0))
return (NULL);
+
+ if (ctxt->valueNr <= ctxt->valueFrame) {
+ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR);
+ return (NULL);
+ }
+
ctxt->valueNr--;
if (ctxt->valueNr > 0)
ctxt->value = ctxt->valueTab[ctxt->valueNr - 1];
@@ -2442,6 +2485,7 @@ valuePush(xmlXPathParserContextPtr ctxt, xmlXPathObjec
sizeof(ctxt->valueTab[0]));
if (tmp == NULL) {
xmlGenericError(xmlGenericErrorContext, "realloc failed !\n");
+ ctxt->error = XPATH_MEMORY_ERROR;
return (0);
}
ctxt->valueMax *= 2;
@@ -3522,13 +3566,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, xmlNodePtr nod
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
- cur->nodeMax *= 2;
- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "growing nodeset\n");
return;
}
+ cur->nodeMax *= 2;
cur->nodeTab = temp;
}
cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns);
@@ -3627,14 +3671,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr cur, xmlNodePtr
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
- cur->nodeMax *= 2;
- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax *
+ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 *
sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "growing nodeset\n");
return;
}
cur->nodeTab = temp;
+ cur->nodeMax *= 2;
}
if (val->type == XML_NAMESPACE_DECL) {
xmlNsPtr ns = (xmlNsPtr) val;
@@ -3738,14 +3782,14 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, xmlNodeSetPtr
} else if (val1->nodeNr == val1->nodeMax) {
xmlNodePtr *temp;
- val1->nodeMax *= 2;
- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax *
+ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 *
sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "merging nodeset\n");
return(NULL);
}
val1->nodeTab = temp;
+ val1->nodeMax *= 2;
}
if (n2->type == XML_NAMESPACE_DECL) {
xmlNsPtr ns = (xmlNsPtr) n2;
@@ -3907,14 +3951,14 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetPtr set1, xmlNo
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
- set1->nodeMax *= 2;
temp = (xmlNodePtr *) xmlRealloc(
- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr));
+ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "merging nodeset\n");
return(NULL);
}
set1->nodeTab = temp;
+ set1->nodeMax *= 2;
}
if (n2->type == XML_NAMESPACE_DECL) {
xmlNsPtr ns = (xmlNsPtr) n2;
@@ -3991,14 +4035,14 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlNodeSetPtr set1
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
- set1->nodeMax *= 2;
temp = (xmlNodePtr *) xmlRealloc(
- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr));
+ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr));
if (temp == NULL) {
xmlXPathErrMemory(NULL, "merging nodeset\n");
return(NULL);
}
set1->nodeTab = temp;
+ set1->nodeMax *= 2;
}
set1->nodeTab[set1->nodeNr++] = n2;
}
@@ -6154,6 +6198,7 @@ xmlXPathCompParserContext(xmlXPathCompExprPtr comp, xm
ret->valueNr = 0;
ret->valueMax = 10;
ret->value = NULL;
+ ret->valueFrame = 0;
ret->context = ctxt;
ret->comp = comp;
@@ -9296,6 +9341,7 @@ xmlXPathTranslateFunction(xmlXPathParserContextPtr ctx
if ( (ch & 0xc0) != 0xc0 ) {
xmlGenericError(xmlGenericErrorContext,
"xmlXPathTranslateFunction: Invalid UTF8 string\n");
+ /* not asserting an XPath error is probably better */
break;
}
/* then skip over remaining bytes for this char */
@@ -9303,6 +9349,7 @@ xmlXPathTranslateFunction(xmlXPathParserContextPtr ctx
if ( (*cptr++ & 0xc0) != 0x80 ) {
xmlGenericError(xmlGenericErrorContext,
"xmlXPathTranslateFunction: Invalid UTF8 string\n");
+ /* not asserting an XPath error is probably better */
break;
}
if (ch & 0x80) /* must have had error encountered */
@@ -11712,6 +11759,7 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserCo
xmlXPathObjectPtr contextObj = NULL, exprRes = NULL;
xmlNodePtr oldContextNode, contextNode = NULL;
xmlXPathContextPtr xpctxt = ctxt->context;
+ int frame;
#ifdef LIBXML_XPTR_ENABLED
/*
@@ -11731,6 +11779,8 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserCo
*/
exprOp = &ctxt->comp->steps[op->ch2];
for (i = 0; i < set->nodeNr; i++) {
+ xmlXPathObjectPtr tmp;
+
if (set->nodeTab[i] == NULL)
continue;
@@ -11758,18 +11808,25 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserCo
xmlXPathNodeSetAddUnique(contextObj->nodesetval,
contextNode);
+ frame = xmlXPathSetFrame(ctxt);
valuePush(ctxt, contextObj);
res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
+ tmp = valuePop(ctxt);
+ xmlXPathPopFrame(ctxt, frame);
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
- xmlXPathObjectPtr tmp;
- /* pop the result */
- tmp = valuePop(ctxt);
- xmlXPathReleaseObject(xpctxt, tmp);
- /* then pop off contextObj, which will be freed later */
- valuePop(ctxt);
+ while (tmp != contextObj) {
+ /*
+ * Free up the result
+ * then pop off contextObj, which will be freed later
+ */
+ xmlXPathReleaseObject(xpctxt, tmp);
+ tmp = valuePop(ctxt);
+ }
goto evaluation_error;
}
+ /* push the result back onto the stack */
+ valuePush(ctxt, tmp);
if (res)
pos++;
@@ -13357,6 +13414,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
xmlGenericError(xmlGenericErrorContext,
"xmlXPathCompOpEval: variable %s bound to undefined prefix %s\n",
(char *) op->value4, (char *)op->value5);
+ ctxt->error = XPATH_UNDEF_PREFIX_ERROR;
return (total);
}
val = xmlXPathVariableLookupNS(ctxt->context,
@@ -13373,7 +13431,9 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
xmlXPathFunction func;
const xmlChar *oldFunc, *oldFuncURI;
int i;
+ int frame;
+ frame = xmlXPathSetFrame(ctxt);
if (op->ch1 != -1)
total +=
xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
@@ -13381,15 +13441,18 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
xmlGenericError(xmlGenericErrorContext,
"xmlXPathCompOpEval: parameter error\n");
ctxt->error = XPATH_INVALID_OPERAND;
+ xmlXPathPopFrame(ctxt, frame);
return (total);
}
- for (i = 0; i < op->value; i++)
+ for (i = 0; i < op->value; i++) {
if (ctxt->valueTab[(ctxt->valueNr - 1) - i] == NULL) {
xmlGenericError(xmlGenericErrorContext,
"xmlXPathCompOpEval: parameter error\n");
ctxt->error = XPATH_INVALID_OPERAND;
+ xmlXPathPopFrame(ctxt, frame);
return (total);
}
+ }
if (op->cache != NULL)
XML_CAST_FPTR(func) = op->cache;
else {
@@ -13405,6 +13468,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
xmlGenericError(xmlGenericErrorContext,
"xmlXPathCompOpEval: function %s bound to undefined prefix %s\n",
(char *)op->value4, (char *)op->value5);
+ ctxt->error = XPATH_UNDEF_PREFIX_ERROR;
+ xmlXPathPopFrame(ctxt, frame);
return (total);
}
func = xmlXPathFunctionLookupNS(ctxt->context,
@@ -13426,6 +13491,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
func(ctxt, op->value);
ctxt->context->function = oldFunc;
ctxt->context->functionURI = oldFuncURI;
+ xmlXPathPopFrame(ctxt, frame);
return (total);
}
case XPATH_OP_ARG:
@@ -13982,6 +14048,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlX
}
xmlGenericError(xmlGenericErrorContext,
"XPath: unknown precompiled operation %d\n", op->op);
+ ctxt->error = XPATH_INVALID_OPERAND;
return (total);
}
@@ -14329,6 +14396,7 @@ xmlXPathRunEval(xmlXPathParserContextPtr ctxt, int toB
ctxt->valueNr = 0;
ctxt->valueMax = 10;
ctxt->value = NULL;
+ ctxt->valueFrame = 0;
}
#ifdef XPATH_STREAMING
if (ctxt->comp->stream) {

48
textproc/libxml/patches/patch-xpointer_c
View File

@ -1,48 +0,0 @@
$OpenBSD: patch-xpointer_c,v 1.2 2012/05/18 13:25:46 jasper Exp $
From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
From: Jüri Aedla <asd@ut.ee>
Date: Mon, 07 May 2012 07:06:56 +0000
Subject: Fix an off by one pointer access
From f5048b3e71fc30ad096970b8df6e7af073bae4cb Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 18 Aug 2011 09:10:13 +0000
Subject: Hardening of XPath evaluation
--- xpointer.c.orig Fri May 18 15:16:18 2012
+++ xpointer.c Fri May 18 15:16:15 2012
@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xml
NEXT;
break;
}
- *cur++ = CUR;
} else if (CUR == '(') {
level++;
- *cur++ = CUR;
} else if (CUR == '^') {
- NEXT;
- if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
- *cur++ = CUR;
- } else {
- *cur++ = '^';
- *cur++ = CUR;
- }
- } else {
- *cur++ = CUR;
+ if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
+ NEXT;
+ }
}
+ *cur++ = CUR;
NEXT;
}
*cur = 0;
@@ -1269,6 +1262,7 @@ xmlXPtrEvalXPointer(xmlXPathParserContextPtr ctxt) {
ctxt->valueNr = 0;
ctxt->valueMax = 10;
ctxt->value = NULL;
+ ctxt->valueFrame = 0;
}
SKIP_BLANKS;
if (CUR == '/') {

10
textproc/libxml/patches/patch-xstc_Makefile_in
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-xstc_Makefile_in,v 1.4 2010/11/15 09:54:11 jasper Exp $
--- xstc/Makefile.in.orig Thu Nov 4 18:28:16 2010
+++ xstc/Makefile.in Fri Nov 12 15:00:38 2010
@@ -501,7 +501,7 @@ $(TESTDIRS) Tests/Metadata/$(NISTTESTDEF_2) Tests/Meta
$OpenBSD: patch-xstc_Makefile_in,v 1.5 2012/09/30 12:22:05 jasper Exp $
--- xstc/Makefile.in.orig Wed May 23 10:56:32 2012
+++ xstc/Makefile.in Thu Sep 27 10:04:34 2012
@@ -512,7 +512,7 @@ $(TESTDIRS) Tests/Metadata/$(NISTTESTDEF_2) Tests/Meta
else echo "Dont' know how to fetch $(TARBALLURL_2)" ; fi ; fi ; fi)
-@(if [ -f $(TARBALL_2) ] ; then \
echo -n "extracting test data (NIST)..." ; \
@ -10,7 +10,7 @@ $OpenBSD: patch-xstc_Makefile_in,v 1.4 2010/11/15 09:54:11 jasper Exp $
echo "done" ; \
fi)
-@(if [ ! -f $(TARBALL) ] ; then \
@@ -513,7 +513,7 @@ $(TESTDIRS) Tests/Metadata/$(NISTTESTDEF_2) Tests/Meta
@@ -524,7 +524,7 @@ $(TESTDIRS) Tests/Metadata/$(NISTTESTDEF_2) Tests/Meta
else echo "Dont' know how to fetch $(TARBALLURL)" ; fi ; fi ; fi)
-@(if [ -f $(TARBALL) ] ; then \
echo -n "extracting test data (Sun, Microsoft)..." ; \

3
textproc/libxml/pkg/PLIST-main
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-main,v 1.6 2009/10/11 10:39:42 steven Exp $
@comment $OpenBSD: PLIST-main,v 1.7 2012/09/30 12:22:05 jasper Exp $
@pkgpath textproc/libxml
%%SHARED%%
bin/xml2-config
@ -130,6 +130,7 @@ share/doc/libxml2/html/html/libxml-xmlwriter.html
share/doc/libxml2/html/html/libxml-xpath.html
share/doc/libxml2/html/html/libxml-xpathInternals.html
share/doc/libxml2/html/html/libxml-xpointer.html
share/doc/libxml2/html/html/libxml-xzlib.html
share/doc/libxml2/html/html/right.png
share/doc/libxml2/html/html/up.png
share/doc/libxml2/html/libxml.gif