New release to fix a number of CVE's.

CVE-2015-1819 is also listed in the release notes of 2.9.3 but that issue was fixed in a previous commit and documented in another vuxml entry. MFH: 2015Q4 Security: e5423caf-8fb8-11e5-918c-bcaec565249c
author: Koop Mast <kwm@FreeBSD.org> 2015-11-20 20:45:25 +0000
committer: Koop Mast <kwm@FreeBSD.org> 2015-11-20 20:45:25 +0000
commit: ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895 (patch)
tree: 33f9f6a5624e6a020918a3f5bac6fe835d992b0d /textproc
parent: dc7551db2998381590c3d95092cee810ee003397 (diff)
download: ports-ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895.tar.gz
ports-ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895.zip
8 files changed, 12 insertions, 229 deletions
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 4101afeb8bc6..8b8ff20fcb8d 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	libxml2
-PORTVERSION=	2.9.2
-PORTREVISION?=	3
+PORTVERSION=	2.9.3
+PORTREVISION?=	0
 CATEGORIES?=	textproc gnome
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/ \
@@ -22,6 +22,7 @@ USE_LDCONFIG=	yes
 CONFIGURE_ARGS?=--with-iconv=${ICONV_PREFIX} \
 		--with-html-dir=${PREFIX}/share/doc \
 		--with-html-subdir=${PORTNAME} \
+		--without-icu \
 		--with-lzma=/usr \
 		--without-python
 INSTALL_TARGET=	install-strip
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 558213a33db5..5c869deb65bb 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,2 +1,2 @@
-SHA256 (gnome2/libxml2-2.9.2.tar.gz) = 5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc
-SIZE (gnome2/libxml2-2.9.2.tar.gz) = 5444991
+SHA256 (gnome2/libxml2-2.9.3.tar.gz) = 4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d
+SIZE (gnome2/libxml2-2.9.3.tar.gz) = 5477112
diff --git a/textproc/libxml2/files/patch-CVE-2015-1819 b/textproc/libxml2/files/patch-CVE-2015-1819
deleted file mode 100644
index a8f1c9995536..000000000000
--- a/textproc/libxml2/files/patch-CVE-2015-1819
+++ /dev/null
@@ -1,171 +0,0 @@
-From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 14 Apr 2015 17:41:48 +0800
-Subject: CVE-2015-1819 Enforce the reader to run in constant memory
-
-One of the operation on the reader could resolve entities
-leading to the classic expansion issue. Make sure the
-buffer used for xmlreader operation is bounded.
-Introduce a new allocation type for the buffers for this effect.
-
-diff --git a/buf.c b/buf.c
-index 6efc7b6..07922ff 100644
---- buf.c
-+++ buf.c
-@@ -27,6 +27,7 @@
- #include <libxml/tree.h>
- #include <libxml/globals.h>
- #include <libxml/tree.h>
-+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
- #include "buf.h"
- 
- #define WITH_BUFFER_COMPAT
-@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
-     if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
-         (scheme == XML_BUFFER_ALLOC_EXACT) ||
-         (scheme == XML_BUFFER_ALLOC_HYBRID) ||
--        (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
-+        (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
-+	(scheme == XML_BUFFER_ALLOC_BOUNDED)) {
- 	buf->alloc = scheme;
-         if (buf->buffer)
-             buf->buffer->alloc = scheme;
-@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
-     size = buf->use + len + 100;
- #endif
- 
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
-+	    (buf->size >= XML_MAX_TEXT_LENGTH)) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+	if (size >= XML_MAX_TEXT_LENGTH)
-+	    size = XML_MAX_TEXT_LENGTH;
-+    }
-     if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
-         size_t start_buf = buf->content - buf->contentIO;
- 
-@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
-     CHECK_COMPAT(buf)
- 
-     if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
-+    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+        /*
-+	 * Used to provide parsing limits
-+	 */
-+        if (size >= XML_MAX_TEXT_LENGTH) {
-+	    xmlBufMemoryError(buf, "buffer error: text too long\n");
-+	    return(0);
-+	}
-+    }
- 
-     /* Don't resize if we don't have to */
-     if (size < buf->size)
-@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
- 
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
-     }
-     needSize = buf->use + len + 2;
-     if (needSize > buf->size){
-+	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+	    /*
-+	     * Used to provide parsing limits
-+	     */
-+	    if (needSize >= XML_MAX_TEXT_LENGTH) {
-+		xmlBufMemoryError(buf, "buffer error: text too long\n");
-+		return(-1);
-+	    }
-+	}
-         if (!xmlBufResize(buf, needSize)){
- 	    xmlBufMemoryError(buf, "growing buffer");
-             return XML_ERR_NO_MEMORY;
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index 2f90717..4a9b3bc 100644
---- include/libxml/tree.h
-+++ include/libxml/tree.h
-@@ -76,7 +76,8 @@ typedef enum {
-     XML_BUFFER_ALLOC_EXACT,	/* grow only to the minimal size */
-     XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
-     XML_BUFFER_ALLOC_IO,	/* special allocation scheme used for I/O */
--    XML_BUFFER_ALLOC_HYBRID	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_HYBRID,	/* exact up to a threshold, and doubleit thereafter */
-+    XML_BUFFER_ALLOC_BOUNDED	/* limit the upper size of the buffer */
- } xmlBufferAllocationScheme;
- 
- /**
-diff --git a/xmlreader.c b/xmlreader.c
-index f19e123..471e7e2 100644
---- xmlreader.c
-+++ xmlreader.c
-@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
- 		"xmlNewTextReader : malloc failed\n");
- 	return(NULL);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(ret->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (ret->sax == NULL) {
- 	xmlBufFree(ret->buffer);
-@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
- 	    return(((xmlNsPtr) node)->href);
-         case XML_ATTRIBUTE_NODE:{
- 	    xmlAttrPtr attr = (xmlAttrPtr) node;
-+	    const xmlChar *ret;
- 
- 	    if ((attr->children != NULL) &&
- 	        (attr->children->type == XML_TEXT_NODE) &&
-@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
-                                         "xmlTextReaderSetup : malloc failed\n");
-                         return (NULL);
-                     }
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-                 } else
-                     xmlBufEmpty(reader->buffer);
- 	        xmlBufGetNodeContent(reader->buffer, node);
--		return(xmlBufContent(reader->buffer));
-+		ret = xmlBufContent(reader->buffer);
-+		if (ret == NULL) {
-+		    /* error on the buffer best to reallocate */
-+		    xmlBufFree(reader->buffer);
-+		    reader->buffer = xmlBufCreateSize(100);
-+		    xmlBufSetAllocationScheme(reader->buffer,
-+		                              XML_BUFFER_ALLOC_BOUNDED);
-+		    ret = BAD_CAST "";
-+		}
-+		return(ret);
- 	    }
- 	    break;
- 	}
-@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
-                         "xmlTextReaderSetup : malloc failed\n");
-         return (-1);
-     }
-+    /* no operation on a reader should require a huge buffer */
-+    xmlBufSetAllocationScheme(reader->buffer,
-+			      XML_BUFFER_ALLOC_BOUNDED);
-     if (reader->sax == NULL)
- 	reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
-     if (reader->sax == NULL) {
--- 
-cgit v0.10.2
-
diff --git a/textproc/libxml2/files/patch-libxml-2.0-uninstalled.pc.in b/textproc/libxml2/files/patch-libxml-2.0-uninstalled.pc.in
index d8e7102df19a..b0726512ce04 100644
--- a/textproc/libxml2/files/patch-libxml-2.0-uninstalled.pc.in
+++ b/textproc/libxml2/files/patch-libxml-2.0-uninstalled.pc.in
@@ -1,9 +1,9 @@
---- libxml-2.0-uninstalled.pc.in.orig	2009-07-30 11:24:34.000000000 -0400
-+++ libxml-2.0-uninstalled.pc.in	2013-04-09 15:37:18.000000000 -0400
+--- libxml-2.0-uninstalled.pc.in.orig	2014-10-03 11:00:53.000000000 +0200
++++ libxml-2.0-uninstalled.pc.in	2015-07-31 13:26:13.641069000 +0200
 @@ -8,5 +8,5 @@
  Version: @VERSION@
  Description: libXML library version2.
  Requires:
--Libs: -L${libdir} -lxml2 @THREAD_LIBS@ @Z_LIBS@ @ICONV_LIBS@ @M_LIBS@ @LIBS@
+-Libs: -L${libdir} -lxml2 @ICU_LIBS@ @THREAD_LIBS@ @Z_LIBS@ @LZMA_LIBS@ @ICONV_LIBS@ @M_LIBS@ @LIBS@
 +Libs: -L${libdir} -lxml2 @THREAD_LIBS@ @Z_LIBS@ @LZMA_LIBS@ @ICONV_LIBS@ @M_LIBS@ @LIBS@
  Cflags: -I${includedir} @XML_INCLUDEDIR@ @XML_CFLAGS@
diff --git a/textproc/libxml2/files/patch-libxml-2.0.pc.in b/textproc/libxml2/files/patch-libxml-2.0.pc.in
index 37f94ce3d499..daaeeca0a1b7 100644
--- a/textproc/libxml2/files/patch-libxml-2.0.pc.in
+++ b/textproc/libxml2/files/patch-libxml-2.0.pc.in
@@ -1,9 +1,9 @@
---- libxml-2.0.pc.in.orig	2010-05-14 11:26:41.000000000 -0400
-+++ libxml-2.0.pc.in	2013-04-09 15:35:53.000000000 -0400
+--- libxml-2.0.pc.in.orig	2014-10-03 11:00:53.000000000 +0200
++++ libxml-2.0.pc.in	2015-07-31 13:26:13.647320000 +0200
 @@ -9,5 +9,5 @@
  Description: libXML library version2.
  Requires:
  Libs: -L${libdir} -lxml2
--Libs.private: @THREAD_LIBS@ @Z_LIBS@ @ICONV_LIBS@ @M_LIBS@ @WIN32_EXTRA_LIBADD@ @LIBS@
+-Libs.private: @ICU_LIBS@ @THREAD_LIBS@ @Z_LIBS@ @LZMA_LIBS@ @ICONV_LIBS@ @M_LIBS@ @WIN32_EXTRA_LIBADD@ @LIBS@
 +Libs.private: @THREAD_LIBS@ @Z_LIBS@ @LZMA_LIBS@ @ICONV_LIBS@ @M_LIBS@ @WIN32_EXTRA_LIBADD@ @LIBS@
  Cflags: @XML_INCLUDEDIR@ @XML_CFLAGS@
diff --git a/textproc/libxml2/files/patch-parser.c b/textproc/libxml2/files/patch-parser.c
deleted file mode 100644
index fb841d5ca932..000000000000
--- a/textproc/libxml2/files/patch-parser.c
+++ /dev/null
@@ -1,45 +0,0 @@
-From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 23 Oct 2014 11:35:36 +0800
-Subject: Fix missing entities after CVE-2014-3660 fix
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=738805
-
-The fix for CVE-2014-3660 introduced a regression in some case
-where entity substitution is required and the entity is used
-first in anotther entity referenced from an attribute value
-
----
-
-From 0e6659ec960734b0b01aad196d4bdb4a3800b493 Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak@v3.sk>
-Date: Thu, 16 Oct 2014 19:10:59 +0200
-Subject: [PATCH] Revert "Missing initialization for the catalog module"
-
-It's not correct to always load the default catalog.
-https://bugzilla.redhat.com/show_bug.cgi?id=1153753
-
-This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
-
---- parser.c.orig	2014-10-29 14:28:43.755327730 +0100
-+++ parser.c	2014-10-29 14:28:55.287325756 +0100
-@@ -7235,7 +7235,8 @@
-      * far more secure as the parser will only process data coming from
-      * the document entity by default.
-      */
--    if ((ent->checked == 0) &&
-+    if (((ent->checked == 0) ||
-+         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
-         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
-          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
- 	unsigned long oldnbent = ctxt->nbentities;
-@@ -14830,9 +14831,6 @@
- #ifdef LIBXML_XPATH_ENABLED
- 	xmlXPathInit();
- #endif
--#ifdef LIBXML_CATALOG_ENABLED
--        xmlInitializeCatalog();
--#endif
- 	xmlParserInitialized = 1;
- #ifdef LIBXML_THREAD_ENABLED
-     }
diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile
index c8d413e1dc33..925244da1bfc 100644
--- a/textproc/py-libxml2/Makefile
+++ b/textproc/py-libxml2/Makefile
@@ -1,6 +1,5 @@
 # Created by: Alexander Nedotsukov <bland@FreeBSD.org>
 # $FreeBSD$
-#   $MCom: ports/trunk/textproc/py-libxml2/Makefile 18999 2014-02-04 18:55:27Z kwm $
 
 PORTREVISION=	0
 CATEGORIES=	textproc gnome python
diff --git a/textproc/py3-libxml2/Makefile b/textproc/py3-libxml2/Makefile
index ad5584348932..9032d35a8f23 100644
--- a/textproc/py3-libxml2/Makefile
+++ b/textproc/py3-libxml2/Makefile
@@ -1,8 +1,7 @@
 # Created by: Alexander Nedotsukov <bland@FreeBSD.org>
 # $FreeBSD$
-#   $MCom: ports/trunk/textproc/py3-libxml2/Makefile 19293 2014-03-24 20:46:10Z kwm $
 
-PORTREVISION=	1
+PORTREVISION=	0
 CATEGORIES=	textproc gnome python
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
author	Koop Mast <kwm@FreeBSD.org>	2015-11-20 20:45:25 +0000
committer	Koop Mast <kwm@FreeBSD.org>	2015-11-20 20:45:25 +0000
commit	ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895 (patch)
tree	33f9f6a5624e6a020918a3f5bac6fe835d992b0d /textproc
parent	dc7551db2998381590c3d95092cee810ee003397 (diff)
download	ports-ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895.tar.gz ports-ac9d521985e6bbd2fd68b9fa3c76213dc2b3f895.zip