FreeBSD Bugzilla – Attachment 225186 Details for
Bug 256094
textproc/libxml2: Add upstream patch to fix CVE-2021-3541
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file
textproc_libxml2.patch (text/plain), 11.78 KB, created by
Yasuhiro Kimura
on 2021-05-23 03:37:31 UTC
(
hide
)
Description:
Patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-05-23 03:37:31 UTC
Size:
11.78 KB
patch
obsolete
>From 454fbe62341fc0c70062e42003d7b20be833fc96 Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@utahime.org> >Date: Sun, 23 May 2021 12:10:43 +0900 >Subject: [PATCH] textproc/libxml2: Update to 2.9.12 > >Update to 2.9.12. > >Changes: https://gitlab.gnome.org/GNOME/libxml2/-/commits/v2.9.12 >Security: CVE-2021-3541 > >Bug #256093 describes vulnerability fixed with this update. So please >commit it together. >--- > textproc/libxml2/Makefile | 4 +- > textproc/libxml2/distinfo | 14 +-- > textproc/libxml2/files/patch-CVE-2019-20388 | 33 ------- > textproc/libxml2/files/patch-CVE-2020-24977 | 36 -------- > textproc/libxml2/files/patch-CVE-2020-7595 | 32 ------- > .../libxml2/files/patch-Python-39-support | 92 ------------------- > ...t-106757e8c1e26ad9b8c924c7f304074b79e082c5 | 39 -------- > 7 files changed, 5 insertions(+), 245 deletions(-) > delete mode 100644 textproc/libxml2/files/patch-CVE-2019-20388 > delete mode 100644 textproc/libxml2/files/patch-CVE-2020-24977 > delete mode 100644 textproc/libxml2/files/patch-CVE-2020-7595 > delete mode 100644 textproc/libxml2/files/patch-Python-39-support > delete mode 100644 textproc/libxml2/files/patch-git-106757e8c1e26ad9b8c924c7f304074b79e082c5 > >diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile >index 366bb9f46f5e..f98c0b50f5f5 100644 >--- a/textproc/libxml2/Makefile >+++ b/textproc/libxml2/Makefile >@@ -1,8 +1,8 @@ > # Created by: Yukihiro Nakai <Nakai@technologist.com> > > PORTNAME= libxml2 >-DISTVERSION= 2.9.10 >-PORTREVISION?= 3 >+DISTVERSION= 2.9.12 >+PORTREVISION?= 0 > CATEGORIES?= textproc gnome > MASTER_SITES= http://xmlsoft.org/sources/ > DIST_SUBDIR= gnome2 >diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo >index 58a42709307a..ae7b8a68c51a 100644 >--- a/textproc/libxml2/distinfo >+++ b/textproc/libxml2/distinfo >@@ -1,11 +1,3 @@ >-TIMESTAMP = 1602549798 >-SHA256 (gnome2/libxml2-2.9.10.tar.gz) = aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f >-SIZE (gnome2/libxml2-2.9.10.tar.gz) = 5624761 >-SHA256 (gnome2/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a.patch) = 8bab1a7fcc22a8f9a3f89648660bbca424196d82967e213bd27c1dcc9a9544a5 >-SIZE (gnome2/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a.patch) = 1015 >-SHA256 (gnome2/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch) = 4a1dca36e762a0e2affb0779918fbf1665a00d984ffbd3efa45d3d202f87ea8c >-SIZE (gnome2/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch) = 996 >-SHA256 (gnome2/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch) = 701048e726e2f3f7f2a71a7054030fc154b5edace72e23c5934ecd9ee09ad811 >-SIZE (gnome2/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch) = 1052 >-SHA256 (gnome2/edc7b6abb0c125eeb888748c334897f60aab0854.patch) = eac708cc0bcb19c59c63874e5518f9084b177c8a10981539d90ba41d9e8414a1 >-SIZE (gnome2/edc7b6abb0c125eeb888748c334897f60aab0854.patch) = 3019 >+TIMESTAMP = 1621737544 >+SHA256 (gnome2/libxml2-2.9.12.tar.gz) = c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92 >+SIZE (gnome2/libxml2-2.9.12.tar.gz) = 5681632 >diff --git a/textproc/libxml2/files/patch-CVE-2019-20388 b/textproc/libxml2/files/patch-CVE-2019-20388 >deleted file mode 100644 >index a049f2c6f019..000000000000 >--- a/textproc/libxml2/files/patch-CVE-2019-20388 >+++ /dev/null >@@ -1,33 +0,0 @@ >-From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 >-From: Zhipeng Xie <xiezhipeng1@huawei.com> >-Date: Tue, 20 Aug 2019 16:33:06 +0800 >-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream >- >-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun >-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble >-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize >-vctxt->xsiAssemble to 0 again which cause the alloced schema >-can not be freed anymore. >- >-Found with libFuzzer. >- >-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> >---- >- xmlschemas.c | 1 - >- 1 file changed, 1 deletion(-) >- >-diff --git a/xmlschemas.c b/xmlschemas.c >-index 301c8449..39d92182 100644 >---- xmlschemas.c >-+++ xmlschemas.c >-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { >- vctxt->nberrors = 0; >- vctxt->depth = -1; >- vctxt->skipDepth = -1; >-- vctxt->xsiAssemble = 0; >- vctxt->hasKeyrefs = 0; >- #ifdef ENABLE_IDC_NODE_TABLES_TEST >- vctxt->createIDCNodeTables = 1; >--- >-GitLab >- >diff --git a/textproc/libxml2/files/patch-CVE-2020-24977 b/textproc/libxml2/files/patch-CVE-2020-24977 >deleted file mode 100644 >index b3121d980864..000000000000 >--- a/textproc/libxml2/files/patch-CVE-2020-24977 >+++ /dev/null >@@ -1,36 +0,0 @@ >-From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 >-From: Nick Wellnhofer <wellnhofer@aevum.de> >-Date: Fri, 7 Aug 2020 21:54:27 +0200 >-Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' >- >-Make sure that truncated UTF-8 sequences don't cause an out-of-bounds >-array access. >- >-Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for >-the report. >- >-Fixes #178. >---- >- xmllint.c | 6 ++++++ >- 1 file changed, 6 insertions(+) >- >-diff --git a/xmllint.c b/xmllint.c >-index f6a8e463..c647486f 100644 >---- xmllint.c >-+++ xmllint.c >-@@ -528,6 +528,12 @@ static void >- xmlHTMLEncodeSend(void) { >- char *result; >- >-+ /* >-+ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might >-+ * end with a truncated UTF-8 sequence. This is a hack to at least avoid >-+ * an out-of-bounds read. >-+ */ >-+ memset(&buffer[sizeof(buffer)-4], 0, 4); >- result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); >- if (result) { >- xmlGenericError(xmlGenericErrorContext, "%s", result); >--- >-GitLab >- >diff --git a/textproc/libxml2/files/patch-CVE-2020-7595 b/textproc/libxml2/files/patch-CVE-2020-7595 >deleted file mode 100644 >index 5bcd916ade7f..000000000000 >--- a/textproc/libxml2/files/patch-CVE-2020-7595 >+++ /dev/null >@@ -1,32 +0,0 @@ >-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 >-From: Zhipeng Xie <xiezhipeng1@huawei.com> >-Date: Thu, 12 Dec 2019 17:30:55 +0800 >-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities >- >-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef >-return NULL which cause a infinite loop in xmlStringLenDecodeEntities >- >-Found with libFuzzer. >- >-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> >---- >- parser.c | 3 ++- >- 1 file changed, 2 insertions(+), 1 deletion(-) >- >-diff --git a/parser.c b/parser.c >-index d1c31963..a34bb6cd 100644 >---- parser.c >-+++ parser.c >-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, >- else >- c = 0; >- while ((c != 0) && (c != end) && /* non input consuming loop */ >-- (c != end2) && (c != end3)) { >-+ (c != end2) && (c != end3) && >-+ (ctxt->instate != XML_PARSER_EOF)) { >- >- if (c == 0) break; >- if ((c == '&') && (str[1] == '#')) { >--- >-GitLab >- >diff --git a/textproc/libxml2/files/patch-Python-39-support b/textproc/libxml2/files/patch-Python-39-support >deleted file mode 100644 >index 81f9e29b6ea7..000000000000 >--- a/textproc/libxml2/files/patch-Python-39-support >+++ /dev/null >@@ -1,92 +0,0 @@ >-From edc7b6abb0c125eeb888748c334897f60aab0854 Mon Sep 17 00:00:00 2001 >-From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz> >-Date: Fri, 28 Feb 2020 12:48:14 +0100 >-Subject: [PATCH] Parenthesize Py<type>_Check() in ifs >- >-In C, if expressions should be parenthesized. >-PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized >-expression before, but that's not API to rely on. >- >-Since Python 3.9.0a4 it needs to be parenthesized explicitly. >- >-Fixes https://gitlab.gnome.org/GNOME/libxml2/issues/149 >---- >- python/libxml.c | 4 ++-- >- python/types.c | 12 ++++++------ >- 2 files changed, 8 insertions(+), 8 deletions(-) >- >-diff --git a/python/libxml.c b/python/libxml.c >-index bc676c4e..81e709f3 100644 >---- python/libxml.c >-+++ python/libxml.c >-@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) { >- lenread = PyBytes_Size(ret); >- data = PyBytes_AsString(ret); >- #ifdef PyUnicode_Check >-- } else if PyUnicode_Check (ret) { >-+ } else if (PyUnicode_Check (ret)) { >- #if PY_VERSION_HEX >= 0x03030000 >- Py_ssize_t size; >- const char *tmp; >-@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char * buffer, int len) { >- lenread = PyBytes_Size(ret); >- data = PyBytes_AsString(ret); >- #ifdef PyUnicode_Check >-- } else if PyUnicode_Check (ret) { >-+ } else if (PyUnicode_Check (ret)) { >- #if PY_VERSION_HEX >= 0x03030000 >- Py_ssize_t size; >- const char *tmp; >-diff --git a/python/types.c b/python/types.c >-index c2bafeb1..ed284ec7 100644 >---- python/types.c >-+++ python/types.c >-@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) >- if (obj == NULL) { >- return (NULL); >- } >-- if PyFloat_Check (obj) { >-+ if (PyFloat_Check (obj)) { >- ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj)); >-- } else if PyLong_Check(obj) { >-+ } else if (PyLong_Check(obj)) { >- #ifdef PyLong_AS_LONG >- ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj)); >- #else >- ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj)); >- #endif >- #ifdef PyBool_Check >-- } else if PyBool_Check (obj) { >-+ } else if (PyBool_Check (obj)) { >- >- if (obj == Py_True) { >- ret = xmlXPathNewBoolean(1); >-@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) >- ret = xmlXPathNewBoolean(0); >- } >- #endif >-- } else if PyBytes_Check (obj) { >-+ } else if (PyBytes_Check (obj)) { >- xmlChar *str; >- >- str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj), >- PyBytes_GET_SIZE(obj)); >- ret = xmlXPathWrapString(str); >- #ifdef PyUnicode_Check >-- } else if PyUnicode_Check (obj) { >-+ } else if (PyUnicode_Check (obj)) { >- #if PY_VERSION_HEX >= 0x03030000 >- xmlChar *str; >- const char *tmp; >-@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj) >- ret = xmlXPathWrapString(str); >- #endif >- #endif >-- } else if PyList_Check (obj) { >-+ } else if (PyList_Check (obj)) { >- int i; >- PyObject *node; >- xmlNodePtr cur; >--- >-GitLab >- >diff --git a/textproc/libxml2/files/patch-git-106757e8c1e26ad9b8c924c7f304074b79e082c5 b/textproc/libxml2/files/patch-git-106757e8c1e26ad9b8c924c7f304074b79e082c5 >deleted file mode 100644 >index f4b1f8c56d0f..000000000000 >--- a/textproc/libxml2/files/patch-git-106757e8c1e26ad9b8c924c7f304074b79e082c5 >+++ /dev/null >@@ -1,39 +0,0 @@ >-commit 106757e8c1e26ad9b8c924c7f304074b79e082c5 >-Author: Daniel Cheng <dcheng@google.com> >-Date: Fri Apr 10 14:52:03 2020 -0700 >- >- Guard new calls to xmlValidatePopElement in xml_reader.c >- >- Closes #154. >- >-commit 386fb27654b93d9fb2880e03fb508d618a2e66f1 >-Author: Åukasz WojniÅowicz <lukasz.wojnilowicz@gmail.com> >-Date: Tue Apr 28 17:00:37 2020 +0200 >- >- Add LIBXML_VALID_ENABLED to xmlreader >- >- There are already LIBXML_VALID_ENABLED in this file to guard against >- "--without-valid" at "./configure" step, but here they were missing. >-diff --git xmlreader.c xmlreader.c >-index 687c8b3c..3fd9aa4c 100644 >---- xmlreader.c >-+++ xmlreader.c >-@@ -2260,14 +2260,18 @@ xmlFreeTextReader(xmlTextReaderPtr reader) { >- if (reader->ctxt != NULL) { >- if (reader->dict == reader->ctxt->dict) >- reader->dict = NULL; >-+#ifdef LIBXML_VALID_ENABLED >- if ((reader->ctxt->vctxt.vstateTab != NULL) && >- (reader->ctxt->vctxt.vstateMax > 0)){ >-+#ifdef LIBXML_REGEXP_ENABLED >- while (reader->ctxt->vctxt.vstateNr > 0) >- xmlValidatePopElement(&reader->ctxt->vctxt, NULL, NULL, NULL); >-+#endif /* LIBXML_REGEXP_ENABLED */ >- xmlFree(reader->ctxt->vctxt.vstateTab); >- reader->ctxt->vctxt.vstateTab = NULL; >- reader->ctxt->vctxt.vstateMax = 0; >- } >-+#endif /* LIBXML_VALID_ENABLED */ >- if (reader->ctxt->myDoc != NULL) { >- if (reader->preserve == 0) >- xmlTextReaderFreeDoc(reader, reader->ctxt->myDoc); >-- >2.31.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=225186">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256094
:
225186
|
225187