From 80208fb578cf92cc308906660ca6d7860c6b2a1f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 9 Mar 2018 16:53:27 +0000 Subject: gentoo resync : 09.03.2018 --- dev-libs/libxml2/Manifest | 9 +- .../files/libxml2-2.9.2-disable-tests.patch | 68 ------ .../files/libxml2-2.9.4-CVE-2016-4658.patch | 249 --------------------- .../files/libxml2-2.9.4-CVE-2016-5131.patch | 174 -------------- .../libxml2/files/libxml2-2.9.4-nullptrderef.patch | 50 ----- .../files/libxml2-2.9.4-nullptrderef2.patch | 57 ----- dev-libs/libxml2/libxml2-2.9.4-r1.ebuild | 220 ------------------ dev-libs/libxml2/libxml2-2.9.7.ebuild | 2 +- 8 files changed, 2 insertions(+), 827 deletions(-) delete mode 100644 dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch delete mode 100644 dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch delete mode 100644 dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch delete mode 100644 dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch delete mode 100644 dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch delete mode 100644 dev-libs/libxml2/libxml2-2.9.4-r1.ebuild (limited to 'dev-libs/libxml2') diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest index 7522a9443573..d9c550a3c141 100644 --- a/dev-libs/libxml2/Manifest +++ b/dev-libs/libxml2/Manifest @@ -1,18 +1,11 @@ AUX libxml2-2.7.1-catalog_path.patch 2225 BLAKE2B 9a9c5836e5227e51de05d1e19c27b828c3c082c671d9b9bfb30afbe971fca580fb87cd86560e2ed431b4dc1495585c62f01da0f36e401d4dbdc4d8be2269cca5 SHA512 bcad080ee84c926c75df8baa47937bdfcfa207235263249f4025e64cbb5ac9be883e1ac4dc1ee55944116da2f84ced27b7cae781aa855579796f3f53a54aacb1 AUX libxml2-2.8.0_rc1-winnt.patch 2392 BLAKE2B a350e5b77595319b70e0b124b4abe2922a639258fe9bf73cf060891170c124ea5ee17b9183d04f67e69786d373789fc76fddae1fd5ee004fb24fa8dfceeea930 SHA512 e78d010c82f18386b4f0ff84497585755b43416563bccd11f8e4dbf0153ca8842934fe05dce6c2373d8360574a2165795a78ea991682aed9610000d2bfcb0164 -AUX libxml2-2.9.2-disable-tests.patch 2121 BLAKE2B 37525dfe53c7d62a6a3ae924457956e6eae6bf3d7040268d21264936065d115a94457d6a779436b2b02866d46e7c2be9c4d0c1bf4bdae349e8af591f9bbde840 SHA512 d713672407e0b45bd0bfa4f2521aa8f0fb9f4c3eeb7eeebd527f87b5bfbabf3a3c9cbc8d2284852e857dd3810bd50b8b84ad812da0efb8cdb831656da4861628 AUX libxml2-2.9.2-python-ABIFLAG.patch 728 BLAKE2B d81b042b5000717d5aa88ac4cebf78749f5a4ef661c227537171c5695d97a16ca75c790c8b540e3481a54dc2d935112b46e0a23509c887e16e3f2886c08f1d69 SHA512 2f801329ad4e13dc70450d41f7659a510fe429b3aa9b66859fed25c4e3d95381d6f253f3a60a54002a16999296d3bd2adaca5e4cca92186492bfc7de3ac84426 -AUX libxml2-2.9.4-CVE-2016-4658.patch 7318 BLAKE2B c1a011fbe68d2825b1fb3d9b029596e99fc8e4fe9176aa2a01cd6a4944da5d9893f9091905827f4bed66169dff57d4bb158492ea6c419dd1f29f068655f0b1d5 SHA512 7dc42ad219397a6be0b4e50c61d1aa4b44e06b4c0af5f1a63996fa257e6831c624729428ea66ef02118a81ca8360b07f923ad436870364de1081f8a3505d94fc -AUX libxml2-2.9.4-CVE-2016-5131.patch 5038 BLAKE2B 25d2f612d9e103f39d749fad03d8399a6a222f2c8b55f186d4543d4b51fe74bea580886633be898d2e366fa776ebb007eca9c5c1d3fad5ee0387fd18e984c2bb SHA512 c92cda9851fdf8af6cb21aa80f39b474cddef8c749298f5b51f76f871160ac9749fdaac3fa406cc0c75a666f7627983fce0e90fb2919f3a8c778e1148583be33 -AUX libxml2-2.9.4-nullptrderef.patch 1577 BLAKE2B 49200d8569d65c44d8cc644d445591803d0199c1e1c3c4f8c18b8f0660aafd14e7d94fe6743413b6c041b26aea9be4e77b5c4e451bf51ca77295d050b0287a66 SHA512 4882c75fd13807a842b57771242a3dc10ac9db36f10b7f2b3e96f7e4d1a59127779f73a5062305d80719053d94f6044a0ffd51447fb77fca393738fd1635bfc0 -AUX libxml2-2.9.4-nullptrderef2.patch 1785 BLAKE2B 0a4ef54d7a61c5cbbc3fc308e06e41347a9c840411acf13b5471a2aaa74a6801c6f01ff455230076154cd51c47f42102368bade10ab9625075673803a9c78411 SHA512 406379a787c1bd45f1b3c128c94182250e4200d5a577ae15dab574ce590857124bda896fd677bce1950658a1ff7b4ea6fc95b52a9ea31daf47ab5c66e03460d5 -DIST libxml2-2.9.4.tar.gz 5374830 BLAKE2B eb0df2310a7a92084475ccd9bf538cc1c85861b2a8c766e91267b671c18eae3113016abd7bb198b6a239230cb2b9b908b9618fec11d36db10fd5cf6eac03ad3f SHA512 f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 DIST libxml2-2.9.6.tar.gz 5469624 BLAKE2B cb8fc74044876b2ddf9742a4a84d685ce6cd1e41a991ee79fd70a9175c54d2a9a3d3a2c3229a4ce177fcd4e30b0cee08c7cf3a36fef68b179db0ce521fbbf3b0 SHA512 5ef80f895374bd5dd3bcd5f00c715795f026bf45d998f8f762c0cdb739b8755e01de40cf853d98a3826eacef95c4adebe4777db11020e8d98d0bda921f55a0ed DIST libxml2-2.9.7.tar.gz 5467389 BLAKE2B e15082fb87fb41a7aab6f39120b1d1bbd0325af8009bb3b74c69a98bf7347a39f59055762df157dcf223a79ac84f17535cb40af0a9a461ee3d2c1d55f4832e1b SHA512 da06cb7c5032ef4b7c8e902fabb9d2c74634c42c161be07a7c66a00d53a68029f89b0d4de32a6b9d4ff338c2d1d9c4e53aefb9cf50cb1c2d6c6b06b442ef42d5 DIST xmlts20080827.tar.gz 638940 BLAKE2B c5aab959c6e0698acd5b9be82b48a8ac26f4d01cc03f9acfff20d344f97f4711fc6d4a524ae70457147e8e30c72e27b6726829e1dd21896286aa974ed60774e7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d DIST xsts-2002-01-16.tar.gz 6894439 BLAKE2B 1e9ec63d2c104655e64249e07440a04d862fcbcd4d4e19745d81b34994319b510a531c9d6df1491fae1e90b5d0764f0f1a827251ca8df5d613178b0eab01ef25 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288 DIST xsts-2004-01-14.tar.gz 2761085 BLAKE2B 41545995fb3a65d053257c376c07d45ffd1041a433bfbdb46d4dd87a5afb60c18c8629a3d988323f9e7a1d709775b5a7e5930276a7121c0725a22705c0976e36 SHA512 32854388d7e720ad67156baf50bf2bae7bd878ca3e35fd7e44e57cad3f434f69d56bbbedd61509f8a1faf01c9eae74a078df8fe130780b182c05c05cb1c39ebe -EBUILD libxml2-2.9.4-r1.ebuild 6633 BLAKE2B 50f83c85bfafdbb20cd5831ad5152b2aaebcbdd8151a0aa796f6ca533f77dcb0ca3b892133ad111e9f9e55113dd47be6ea081220c10632968a186a5ff3bb4a9d SHA512 a125ae03d58a0ca08c4493e22b50d337fcb5ff9c015d6051adb3aac78d71e2bdf6e1bc0e2138675365af224dd147a6de1c88880da42f715ae6c04f913edf5a9b EBUILD libxml2-2.9.6.ebuild 6366 BLAKE2B 30e0fc36c5ef4383cc69af26fdd8a087e058485cae8e51d4fa66ef01b0b0a635137710931396121c7dca8141e272a5dda8f5328023b4aa74f7b76b40f2348e45 SHA512 01e661ff5ce990d43f45d5ed1b0d5090f1de474bc009daa00bd43c8487b3348016a0e81fbd14f02cdcdaa395199aef9aba335682edb2ac6e03f07c3f085201c4 -EBUILD libxml2-2.9.7.ebuild 6362 BLAKE2B 0b7ebcc644281801d770b842841a03c0a6238cfcfd387a09f30f28298b2afc576a3bc8a98939be59316cfcda68b085a3193f407e126137ceab15179f23c5c192 SHA512 a15c677092945f1b749556f74edd4682cf36c3dfdca141ac6e870a22c71c28707f7fa284562eb3be76b6ca90a16f7b939c8658ae6f869cade4913e45c9233ec1 +EBUILD libxml2-2.9.7.ebuild 6356 BLAKE2B bf60dd87b841961457f53421436f45243fafecf90cef57d3305b3096e14f27b024db81ebd0cb8f9361278085df8048ae0b065c082df90afb53d4c43c289cd0a2 SHA512 917b2b85cfccc5aefc392a28ee562fbe977d8e62bdc942a49b9d7ac9eadb8d3477694cec2c7180f48412c337c5a3721f5e96599b99cf2701e74140b2f1ad0792 MISC metadata.xml 347 BLAKE2B 0593bb4362c2ed60dbe07c41872832992f9b993a4c155cddf82ce362f1ddd4c8eb9fa00e5b4457e9a24b22b697d92ef55dde231918fa0e6bdac0a736fce37f66 SHA512 6a094316da6ea1fb160b539788923a2dc01d7ef6304f924f628a438714663a51c8d1adaa97800516a64055a8adf6999ae2899b5a976db680967dcc298e22444d diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch deleted file mode 100644 index a231269b4b8a..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch +++ /dev/null @@ -1,68 +0,0 @@ -do not build test programs as we don't install them - ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,7 +10,7 @@ - - AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS) - --noinst_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \ -+check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \ - testThreads testC14N testAutomata testRegexp \ - testReader testapi testModule runtest runsuite testchar \ - testdict runxmlconf testrecurse testlimits -@@ -170,7 +170,7 @@ - testModule_DEPENDENCIES = $(DEPS) - testModule_LDADD= $(LDADDS) - --noinst_LTLIBRARIES = testdso.la -+check_LTLIBRARIES = testdso.la - testdso_la_SOURCES = testdso.c - testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir) - -@@ -202,7 +202,7 @@ runxmlconf_LDADD= $(LDADDS) - #testOOM_DEPENDENCIES = $(DEPS) - #testOOM_LDADD= $(LDADDS) - --runtests: -+runtests: $(check_PROGRAMS) - [ -d test ] || $(LN_S) $(srcdir)/test . - [ -d result ] || $(LN_S) $(srcdir)/result . - $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT) ---- a/doc/examples/Makefile.am -+++ b/doc/examples/Makefile.am -@@ -13,7 +13,7 @@ - rebuild: examples.xml index.html - .PHONY: rebuild - --examples.xml: index.py $(noinst_PROGRAMS:=.c) -+examples.xml: index.py $(check_PROGRAMS:=.c) - cd $(srcdir) && $(PYTHON) index.py - $(MAKE) Makefile - -@@ -49,7 +49,7 @@ - xpath1.res \ - xpath2.res - --noinst_PROGRAMS = \ -+check_PROGRAMS = \ - io1 \ - io2 \ - parse1 \ -@@ -99,7 +99,7 @@ - valgrind: - $(MAKE) CHECKER='valgrind' tests - --tests: $(noinst_PROGRAMS) -+tests: $(check_PROGRAMS) - test -f Makefile.am || test -f test1.xml || $(LN_S) $(srcdir)/test?.xml . - @(echo '## examples regression tests') - @(echo > .memdump) ---- a/example/Makefile.am -+++ b/example/Makefile.am -@@ -1,4 +1,4 @@ --noinst_PROGRAMS = gjobread -+check_PROGRAMS = gjobread - - AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/include - AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch deleted file mode 100644 index 2ef22ce7a0d1..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch +++ /dev/null @@ -1,249 +0,0 @@ -From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Tue, 28 Jun 2016 18:34:52 +0200 -Subject: Disallow namespace nodes in XPointer ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Found with afl-fuzz. - -Fixes CVE-2016-4658. ---- - xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- - 1 file changed, 56 insertions(+), 93 deletions(-) - -diff --git a/xpointer.c b/xpointer.c -index a7b03fb..694d120 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } --- -cgit v0.12 - diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch deleted file mode 100644 index 9ce3fb9d8717..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d..f19193e 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b146383..884b106 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841..5a01b1b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c510..d74174a 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -cgit v0.12 - diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch deleted file mode 100644 index d2a9c3e2add5..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sun, 26 Jun 2016 12:38:28 +0200 -Subject: Fix more NULL pointer derefs in xpointer.c - -Found with afl-fuzz. ---- - xpointer.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/xpointer.c b/xpointer.c -index 694d120..e643ee9 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - /* - * Empty set ... - */ -- if (end->nodesetval->nodeNr <= 0) -+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0)) - return(NULL); - endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; - endIndex = -1; -@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) { - */ - xmlNodeSetPtr set; - set = tmp->nodesetval; -- if ((set->nodeNr != 1) || -+ if ((set == NULL) || (set->nodeNr != 1) || - (set->nodeTab[0] != (xmlNodePtr) ctx->doc)) - stack++; - } else -@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) { - xmlXPathFreeObject(set); - XP_ERROR(XPATH_MEMORY_ERROR); - } -- for (i = 0;i < oldset->locNr;i++) { -- xmlXPtrLocationSetAdd(newset, -- xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ if (oldset != NULL) { -+ for (i = 0;i < oldset->locNr;i++) { -+ xmlXPtrLocationSetAdd(newset, -+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i])); -+ } - } - - /* --- -cgit v0.12 - diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch deleted file mode 100644 index 2484f76e7b0b..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch +++ /dev/null @@ -1,57 +0,0 @@ -From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sat, 25 Jun 2016 12:35:50 +0200 -Subject: Fix NULL pointer deref in XPointer range-to - -- Check for errors after evaluating first operand. -- Add sanity check for empty stack. - -Found with afl-fuzz. ---- - result/XPath/xptr/viderror | 4 ++++ - test/XPath/xptr/viderror | 1 + - xpath.c | 7 ++++++- - 3 files changed, 11 insertions(+), 1 deletion(-) - create mode 100644 result/XPath/xptr/viderror - create mode 100644 test/XPath/xptr/viderror - -diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror -new file mode 100644 -index 0000000..d589882 ---- /dev/null -+++ b/result/XPath/xptr/viderror -@@ -0,0 +1,4 @@ -+ -+======================== -+Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) -+Object is empty (NULL) -diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror -new file mode 100644 -index 0000000..da8c53b ---- /dev/null -+++ b/test/XPath/xptr/viderror -@@ -0,0 +1 @@ -+xpointer(non-existing-fn()/range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index 113bce6..751665b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - xmlNodeSetPtr oldset; - int i, j; - -- if (op->ch1 != -1) -+ if (op->ch1 != -1) { - total += - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); -+ CHECK_ERROR0; -+ } -+ if (ctxt->value == NULL) { -+ XP_ERROR0(XPATH_INVALID_OPERAND); -+ } - if (op->ch2 == -1) - return (total); - --- -cgit v0.12 - diff --git a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild deleted file mode 100644 index 8df1fd22c8ee..000000000000 --- a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild +++ /dev/null @@ -1,220 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) -PYTHON_REQ_USE="xml" - -inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal - -DESCRIPTION="Version 2 of the library to manipulate XML files" -HOMEPAGE="http://www.xmlsoft.org/" - -LICENSE="MIT" -SLOT="2" -KEYWORDS="arm64 m68k s390 sh" -IUSE="debug examples icu ipv6 lzma python readline static-libs test" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" -XSTS_NAME_1="xmlschema2002-01-16" -XSTS_NAME_2="xmlschema2004-01-14" -XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" -XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" -XMLCONF_TARBALL="xmlts20080827.tar.gz" - -SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz - test? ( - ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} - ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} - http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )" - -RDEPEND=" - >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] - icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:= ) -" -DEPEND="${RDEPEND} - dev-util/gtk-doc-am - virtual/pkgconfig - hppa? ( >=sys-devel/binutils-2.15.92.0.2 ) -" - -S="${WORKDIR}/${PN}-${PV%_rc*}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/xml2-config -) - -src_unpack() { - # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR, - # as they are needed as tarballs in ${S}/xstc instead and not unpacked - unpack ${P/_rc/-rc}.tar.gz - cd "${S}" || die - - if use test; then - cp "${DISTDIR}/${XSTS_TARBALL_1}" \ - "${DISTDIR}/${XSTS_TARBALL_2}" \ - "${S}"/xstc/ \ - || die "Failed to install test tarballs" - unpack ${XMLCONF_TARBALL} - fi -} - -src_prepare() { - default - - DOCS=( AUTHORS ChangeLog NEWS README* TODO* ) - - # Patches needed for prefix support - eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch - - eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c - - # Fix build for Windows platform - # https://bugzilla.gnome.org/show_bug.cgi?id=760456 - eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch - - # Disable programs that we don't actually install. - # https://bugzilla.gnome.org/show_bug.cgi?id=760457 - eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch - - # Fix python detection, bug #567066 - # https://bugzilla.gnome.org/show_bug.cgi?id=760458 - eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch - - # Apply latest round of security patches wrt bugs - # 589816, 597112, 597114, 597116. This will be included - # in the next upstream release - eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch - eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch - eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch - eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch - - # Avoid final linking arguments for python modules - if [[ ${CHOST} == *-darwin* ]] ; then - sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die - fi - - # Please do not remove, as else we get references to PORTAGE_TMPDIR - # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. - # We now need to run eautoreconf at the end to prevent maintainer mode. -# elibtoolize -# epunt_cxx # if we don't eautoreconf - - eautoreconf -} - -multilib_src_configure() { - # filter seemingly problematic CFLAGS (#26320) - filter-flags -fprefetch-loop-arrays -funroll-loops - - # USE zlib support breaks gnome2 - # (libgnomeprint for instance fails to compile with - # fresh install, and existing) - (22 Dec 2002). - - # The meaning of the 'debug' USE flag does not apply to the --with-debug - # switch (enabling the libxml2 debug module). See bug #100898. - - # --with-mem-debug causes unusual segmentation faults (bug #105120). - - libxml2_configure() { - ECONF_SOURCE="${S}" econf \ - --with-html-subdir=${PF}/html \ - $(use_with debug run-debug) \ - $(use_with icu) \ - $(use_with lzma) \ - $(use_enable ipv6) \ - $(use_enable static-libs static) \ - $(multilib_native_use_with readline) \ - $(multilib_native_use_with readline history) \ - "$@" - } - - libxml2_py_configure() { - mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist - run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130 - } - - libxml2_configure --without-python # build python bindings separately - - if multilib_is_native_abi && use python; then - python_foreach_impl libxml2_py_configure - fi -} - -multilib_src_compile() { - default - if multilib_is_native_abi && use python; then - local native_builddir=${BUILD_DIR} - python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all - fi -} - -multilib_src_test() { - default - multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test -} - -multilib_src_install() { - emake DESTDIR="${D}" \ - EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install - - if multilib_is_native_abi && use python; then - python_foreach_impl libxml2_py_emake \ - DESTDIR="${D}" \ - docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \ - exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \ - install - python_foreach_impl python_optimize - fi -} - -multilib_src_install_all() { - # on windows, xmllint is installed by interix libxml2 in parent prefix. - # this is the version to use. the native winnt version does not support - # symlinks, which makes repoman fail if the portage tree is linked in - # from another location (which is my default). -- mduft - if [[ ${CHOST} == *-winnt* ]]; then - rm -rf "${ED}"/usr/bin/xmllint - rm -rf "${ED}"/usr/bin/xmlcatalog - fi - - rm -rf "${ED}"/usr/share/doc/${P} - einstalldocs - - if ! use examples; then - rm -rf "${ED}"/usr/share/doc/${PF}/examples - rm -rf "${ED}"/usr/share/doc/${PF}/python/examples - fi - - prune_libtool_files --modules -} - -pkg_postinst() { - # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not - # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. - if [[ "${ROOT}" != "/" ]]; then - elog "Skipping XML catalog creation for stage building (bug #208887)." - else - # need an XML catalog, so no-one writes to a non-existent one - CATALOG="${EROOT}etc/xml/catalog" - - # we dont want to clobber an existing catalog though, - # only ensure that one is there - # - if [[ ! -e ${CATALOG} ]]; then - [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml" - "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}" - einfo "Created XML catalog in ${CATALOG}" - fi - fi -} - -libxml2_py_emake() { - pushd "${BUILD_DIR}/python" > /dev/null || die - emake "$@" - popd > /dev/null -} diff --git a/dev-libs/libxml2/libxml2-2.9.7.ebuild b/dev-libs/libxml2/libxml2-2.9.7.ebuild index 36fff5831f7e..3b180423071b 100644 --- a/dev-libs/libxml2/libxml2-2.9.7.ebuild +++ b/dev-libs/libxml2/libxml2-2.9.7.ebuild @@ -12,7 +12,7 @@ HOMEPAGE="http://www.xmlsoft.org/" LICENSE="MIT" SLOT="2" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 m68k ~mips ppc ~ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="debug examples icu ipv6 lzma python readline static-libs test" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" -- cgit v1.2.3