Commit graph

234 commits

Author SHA1 Message Date
gutteridge
dc13532f15 libxml2: update to 2.9.14, includes security fixes
v2.9.14: May 02 2022:
   - Security:
  [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
  Fix potential double-free in xmlXPtrStringRangeFunction
  Fix memory leak in xmlFindCharEncodingHandler
  Normalize XPath strings in-place
  Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
    (David Kilzer)
  Fix leak of xmlElementContent (David Kilzer)

   - Bug fixes:
  Fix parsing of subtracted regex character classes
  Fix recursion check in xinclude.c
  Reset last error in xmlCleanupGlobals
  Fix certain combinations of regex range quantifiers
  Fix range quantifier on subregex

   - Improvements:
  Fix recovery from invalid HTML start tags

   - Build system, portability:
  Define LFS macros before including system headers
  Initialize XPath floating-point globals
  configure: check for icu DEFS (James Hilliard)
  configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
  CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
  Fix build with older Python versions
  Fix --without-valid build
2022-05-06 00:55:54 +00:00
adam
f5e35d538b revbump for textproc/icu update 2022-04-18 19:09:40 +00:00
kim
0031aae61c textproc/libxml2: Update to 2.9.13
NEWS:

v2.9.13: Feb 19 2022:
   - Security:
  [CVE-2022-23308] Use-after-free of ID and IDREF attributes
  (Thanks to Shinji Sato for the report)
  Use-after-free in xmlXIncludeCopyRange (David Kilzer)
  Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
  Fix memory leak in xmlXPathCompNodeTest
  Fix null pointer deref in xmlStringGetNodeList
  Fix several memory leaks found by Coverity (David King)

   - Fixed regressions:
  Fix regression in RelaxNG pattern matching
  Properly handle nested documents in xmlFreeNode
  Fix regression with PEs in external DTD
  Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi)
  Revert "Make schema validation fail with multiple top-level elements"
  Fix regression when parsing invalid HTML tags in push mode
  Fix regression parsing public IDs literals in HTML
  Fix buffering in xmlOutputBufferWrite
  Fix whitespace when serializing empty HTML documents
  Fix XPath recursion limit
  Fix regression in xmlNodeDumpOutputInternal
  Work around lxml API abuse

   - Bug fixes:
  Fix xmlSetTreeDoc with entity references
  Fix double counting of CRLF in comments
  Make sure to grow input buffer in xmlParseMisc
  Don't ignore xmllint options after "-"
  Don't normalize namespace URIs in XPointer xmlns() scheme
  Fix handling of XSD with empty namespace
  Also register HTML document nodes
  Make xmllint return an error if arguments are missing
  Fix handling of ctxt->base in xmlXPtrEvalXPtrPart
  Fix xmllint --maxmem
  Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber)
  Move current position before possible calling of ctxt->sax->characters (Yulin Li)
  Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer)
  Patch to forbid epsilon-reduction of final states (Arne Becker)
  Avoid segfault at exit when using custom memory functions (Mike Dalessio)

   - Tests, code quality, fuzzing:
  Remove .travis.yml
  Make xmlFuzzReadString return a zero size in error case
  Fix unused function warning in testapi.c
  Update NewsML DTD in test suite
  Add more checks for malloc failures in xmllint.c
  Avoid potential integer overflow in xmlstring.c
  Run CI tests with UBSan implicit-conversion checks
  Fix casting of line numbers in SAX2.c
  Fix integer conversion warnings in hash.c
  Add explicit casts in runtest.c
  Fix integer conversion warning in xmlIconvWrapper
  Add suffix to unsigned constant in xmlmemory.c
  Add explicit casts in testchar.c
  Fix integer conversion warnings in xmlstring.c
  Add explicit cast in xmlURIUnescapeString
  Remove unused variable in xmlCharEncOutFunc (David King)

   - Build system, portability:
  Remove xmlwin32version.h
  Fix fuzzer test with VPATH build
  Support custom prefix when installing Python module
  Remove Makefile.win
  Remove CVS and SVN-related code
  Port python 3.x module to Windows and improve distutils (Chun-wei Fan)
  Correctly install the HTML examples into their subdirectory (Mattia Rizzolo)
  Refactor the settings of $docdir (Mattia Rizzolo)
  Remove unused configure checks (Ben Boeckel)
  python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James)
  Fix check for libtool in autogen.sh
  Use version in configure.ac for CMake (Timothy Lyanguzov)
  Add CMake alias targets for embedded projects (Markus Rickert)

   - Documentation:
  Remove SVN keyword anchors
  Rework README
  Remove README.cvs-commits
  Remove old ChangeLog
  Update hyperlinks
  Remove README.docs
  Remove MAINTAINERS
  Remove xmltutorial.pdf
  Upload documentation to GitLab pages
  Document how to escape XML_CATALOG_FILES
  Fix libxml2.doap
  Update URL for libxml++ C++ binding (Kjell Ahlstedt)
  Generate devhelp2 index file (Emmanuele Bassi)
  Mention XML_CATALOG_FILES is space-separated (Jan Tojnar)
  Add documentaiton for xmllint exit code 10 (Rainer Canavan)
  Fix some validation errors in the FAQ (David King)
  Add instructions on how to use CMake to compile libxml (Markus Rickert)
2022-03-12 07:33:22 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
nia
a643c936b3 textproc: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip
2021-10-26 11:21:28 +00:00
nia
e05b375eba textproc: Remove SHA1 hashes for distfiles 2021-10-07 15:00:34 +00:00
tnn
e3120fce27 libxml2: don't show non-existent -I/usr/include in "xml2-config --cflags"
Check that the iconv include directory actually exists before adding it
to xml2-config. This fixes build of lang/llvm on Darwin. Bump PKGREVISION.
2021-07-21 13:55:07 +00:00
gutteridge
70515eef23 py-libxml2: work around a problem in error handling
Restore part of a patch lost in the last libxml2 update which is still
relevant. Reapplying it fixes segfaults caused by itstool, e.g., when
building editors/pluma, which is PR pkg/56229 from Andrius V.

Quoting from wiz@'s original commit from Jan 9, 2019, which covers
everything else:

"In some cases, invalid UTF-8 strings were returned which caused
Python interpreter crashes. See

itstool/itstool#22

Use a variant of the patch that was used in Fedora.

Bump PKGREVISION."

Fedora is still carrying this patch as-is.

(Also, evidently distinfo was not regenerated properly after the last
update, so there's a diff applied to it unrelated to this change set.)
2021-06-12 17:02:51 +00:00
nia
b004516801 libxml2: update to 2.9.12
2.9.12:
"Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball."

2.9.11:
"Prompted by CVE-2021-3541, but this includes an awful lot of serious bug
fixes by Nick and others."
2021-05-23 19:31:47 +00:00
adam
9d0e79c401 revbump for textproc/icu 2021-04-21 11:40:12 +00:00
js
5d92f03ff4 textproc/(py-)libxml2: Fix compilation with Python 3.9 2020-11-08 23:31:44 +00:00
adam
fbbd3f4293 libxml2: Fix building with ICU 68.1 2020-11-05 17:45:55 +00:00
ryoon
4675ccbc79 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:06:42 +00:00
adam
6bd0c30da6 Revbump for icu 2020-06-02 08:22:31 +00:00
adam
2e34eabace libxml2: add icu option 2020-04-12 07:21:04 +00:00
kim
bd059721fc Apply upstream patch for CVE-2020-7595.
Apply upstream pull request for CVE-2019-20388.
2020-01-24 10:40:36 +00:00
wiz
30f1b4693f libxml2: update to 2.9.10.
This is a relatively large release, Nick fixed a number of bugs
and improved the code in many areas, among other things removing
some recursive behaviour of the code in various places. Includes
various portability fixes, documentation updates and cleanups:

Documentation:
- Fix a few more typos ("fonction") (Nick Wellnhofer)
- Large batch of typo fixes (Jared Yanovich)
- Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... (Jan Pokorný)
- Fix typo: xpath: simpli{ -> fi}ed (Jan Pokorný)
- Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump (Jan Pokorný)
- Fix comments in test code (zhouzhongyuan)
- fix comment in testReader.c (zhouzhongyuan)

Portability:
- Fix some release issues on Fedora 30 (Daniel Veillard)
- Fix exponent digits when running tests under old MSVC (Daniel Richard G)
- Work around buggy ceil() function on AIX (Daniel Richard G)
- Don't call printf with NULL string in runtest.c (Daniel Richard G)
- Switched from unsigned long to ptrdiff_t in parser.c (Stephen Chenney)
- timsort.h: support older GCCs (Jérôme Duval)
- Make configure.ac work with older pkg-config (Nick Wellnhofer)
- Stop defining _REENTRANT on some Win32 platforms (Nick Wellnhofer)
- Fix nanohttp.c on MinGW (Nick Wellnhofer)
- Fix Windows compiler warning in testC14N.c (Nick Wellnhofer)
- Merge testThreadsWin32.c into testThreads.c (Nick Wellnhofer)
- Fix Python bindings under Windows (Nick Wellnhofer)

Bug Fixes:
- Another fix for conditional sections at end of document (Nick Wellnhofer)
- Fix for conditional sections at end of document (Nick Wellnhofer)
- Make sure that Python tests exit with error code (Nick Wellnhofer)
- Audit memory error handling in xpath.c (Nick Wellnhofer)
- Fix error code in xmlTextWriterStartDocument (Nick Wellnhofer)
- Fix integer overflow when counting written bytes (Nick Wellnhofer)
- Fix uninitialized memory access in HTML parser (Nick Wellnhofer)
- Fix memory leak in xmlSchemaValAtomicType (Nick Wellnhofer)
- Disallow conditional sections in internal subset (Nick Wellnhofer)
- Fix use-after-free in xmlTextReaderFreeNodeList (Nick Wellnhofer)
- Fix Regextests (Nick Wellnhofer)
- Fix empty branch in regex (Nick Wellnhofer)
- Fix integer overflow in entity recursion check (Nick Wellnhofer)
- Don't read external entities or XIncludes from stdin (Nick Wellnhofer)
- Fix Schema determinism check of ##other namespaces (Nick Wellnhofer)
- Fix potential null deref in xmlSchemaIDCFillNodeTables (zhouzhongyuan)
- Fix potential memory leak in xmlBufBackToBuffer (Nick Wellnhofer)
- Fix error message when processing XIncludes with fallbacks (Nick Wellnhofer)
- Fix memory leak in xmlRegEpxFromParse (zhouzhongyuan)
- 14:00 is a valid timezone for xs:dateTime (Nick Wellnhofer)
- Fix memory leak in xmlParseBalancedChunkMemoryRecover (Zhipeng Xie)
- Fix potential null deref in xmlRelaxNGParsePatterns (Nick Wellnhofer)
- Misleading error message with xs:{min|max}Inclusive (bettermanzzy)
- Fix memory leak in xmlXIncludeLoadTxt (Wang Kirin)
- Partial fix for comparison of xs:durations (Nick Wellnhofer)
- Fix null deref in xmlreader buffer (zhouzhongyuan)
- Fix unability to RelaxNG-validate grammar with choice-based name class (Jan Pokorný)
- Fix unability to validate ambiguously constructed interleave for RelaxNG (Jan Pokorný)
- Fix possible null dereference in xmlXPathIdFunction (zhouzhongyuan)
- fix memory leak in xmlAllocOutputBuffer (zhouzhongyuan)
- Fix unsigned int overflow (Jens Eggerstedt)
- dict.h: gcc 2.95 doesn't allow multiple storage classes (Nick Wellnhofer)
- Fix another code path in xmlParseQName (Nick Wellnhofer)
- Make sure that xmlParseQName returns NULL in error case (Nick Wellnhofer)
- Fix build without reader but with pattern (Nick Wellnhofer)
- Fix memory leak in xmlAllocOutputBufferInternal error path (Nick Wellnhofer)
- Fix unsigned integer overflow (Nick Wellnhofer)
- Fix return value of xmlOutputBufferWrite (Nick Wellnhofer)
- Fix parser termination from "Double hyphen within comment" error (David Warring)
- Fix call stack overflow in xmlFreePattern (Nick Wellnhofer)
- Fix null deref in previous commit (Nick Wellnhofer)
- Fix memory leaks in xmlXPathParseNameComplex error paths (Nick Wellnhofer)
- Check for integer overflow in xmlXPtrEvalChildSeq (Nick Wellnhofer)
- Fix xmllint dump of XPath namespace nodes (Nick Wellnhofer)
- Fix float casts in xmlXPathSubstringFunction (Nick Wellnhofer)
- Fix null deref in xmlregexp error path (Nick Wellnhofer)
- Fix null pointer dereference in xmlTextReaderReadOuterXml (Nick Wellnhofer)
- Fix memory leaks in xmlParseStartTag2 error paths (Nick Wellnhofer)
- Fix memory leak in xmlSAX2StartElement (Nick Wellnhofer)
- Fix commit "Memory leak in xmlFreeID (xmlreader.c)" (Nick Wellnhofer)
- Fix NULL pointer deref in xmlTextReaderValidateEntity (Nick Wellnhofer)
- Memory leak in xmlFreeTextReader (Nick Wellnhofer)
- Memory leak in xmlFreeID (xmlreader.c) (Nick Wellnhofer)

Improvements:
- Run XML conformance tests under CI (Nick Wellnhofer)
- Update GitLab CI config (Nick Wellnhofer)
- Propagate memory errors in valuePush (Nick Wellnhofer)
- Propagate memory errors in xmlXPathCompExprAdd (Nick Wellnhofer)
- Make xmlFreeDocElementContent non-recursive (Nick Wellnhofer)
- Enable continuous integration via GitLab CI (Nick Wellnhofer)
- Avoid ignored attribute warnings under GCC (Nick Wellnhofer)
- Make xmlDumpElementContent non-recursive (Nick Wellnhofer)
- Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE (Nick Wellnhofer)
- Mark xmlExp* symbols as removed (Nick Wellnhofer)
- Make xmlParseConditionalSections non-recursive (Nick Wellnhofer)
- Adjust expected error in Python tests (Nick Wellnhofer)
- Make xmlTextReaderFreeNodeList non-recursive (Nick Wellnhofer)
- Make xmlFreeNodeList non-recursive (Nick Wellnhofer)
- Make xmlParseContent and xmlParseElement non-recursive (Nick Wellnhofer)
- Remove executable bit from non-executable files (Nick Wellnhofer)
- Fix expected output of test/schemas/any4 (Nick Wellnhofer)
- Optimize build instructions in README (zhouzhongyuan)
- xml2-config.in: Output CFLAGS and LIBS on the same line (Hugh McMaster)
- xml2-config: Add a --dynamic switch to print only shared libraries (Hugh McMaster)
- Annotate functions with __attribute__((no_sanitize)) (Nick Wellnhofer)
- Fix warnings when compiling without reader or push parser (Nick Wellnhofer)
- Remove unused member `doc` in xmlSaveCtxt (Nick Wellnhofer)
- Limit recursion depth in xmlXPathCompOpEvalPredicate (Nick Wellnhofer)
- Remove -Wno-array-bounds (Nick Wellnhofer)
- Remove unreachable code in xmlXPathCountFunction (Nick Wellnhofer)
- Improve XPath predicate and filter evaluation (Nick Wellnhofer)
- Limit recursion depth in xmlXPathOptimizeExpression (Nick Wellnhofer)
- Disable hash randomization when fuzzing (Nick Wellnhofer)
- Optional recursion limit when parsing XPath expressions (Nick Wellnhofer)
- Optional recursion limit when evaluating XPath expressions (Nick Wellnhofer)
- Use break statements in xmlXPathCompOpEval (Nick Wellnhofer)
- Optional XPath operation limit (Nick Wellnhofer)
- Fix compilation with --with-minimum (Nick Wellnhofer)
- Check XPath stack after calling functions (Nick Wellnhofer)
- Remove debug printf in xmlreader.c (Nick Wellnhofer)
- Always define LIBXML_THREAD_ENABLED when enabled (Michael Haubenwallner)
- Regenerate NEWS (Nick Wellnhofer)
- Change git repo URL (Nick Wellnhofer)
- Change bug tracker URL (Nick Wellnhofer)
- Remove outdated HTML file (Nick Wellnhofer)
- Fix unused function warning in testapi.c (Nick Wellnhofer)
- Add some generated test files to .gitignore (Nick Wellnhofer)
- Remove unneeded function pointer casts (Nick Wellnhofer)
- Fix -Wcast-function-type warnings (GCC 8) (Nick Wellnhofer)
- Fix -Wformat-truncation warnings (GCC 8) (Nick Wellnhofer)

Cleanups:
- Rebuild docs (Nick Wellnhofer)
- Disable xmlExp regex code (Nick Wellnhofer)
- Remove redundant code in xmlRelaxNGValidateState (Nick Wellnhofer)
- Remove redundant code in xmlXPathCompRelationalExpr (Nick Wellnhofer)

  Thanks Nick and all who helped contribute to this release!
2019-11-06 13:19:43 +00:00
rillig
768cd99f7f textproc: align variable assignments
pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
2019-11-04 21:43:32 +00:00
sevan
5a006b7b52 Avoid trying to disable warnings for array boundary checks on Darwin.
On legacy toolchains e.g Tiger, it results in a hard error as it's not recognised.
2019-07-03 16:54:32 +00:00
adam
8810eb6312 libxml2: updated to 2.9.9
v2.9.9:
Security:
CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression
CVE-2018-14404 Fix nullptr deref with XPath logic ops

Documentation:
reader: Fix documentation comment

Portability:
Fix MSVC build with lzma
Variables need 'extern' in static lib on Cygwin
Really declare dllexport/dllimport for Cygwin
Merge branch 'patch-2' into 'master'
Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir
Improve error message if pkg.m4 couldn't be found
NaN and Inf fixes for pre-C99 compilers

Bug Fixes:
Revert "Support xmlTextReaderNextSibling w/o preparsed doc"
Fix building relative URIs
Problem with data in interleave in RelaxNG validation
Fix memory leak in xmlSwitchInputEncodingInt error path
Set doc on element obtained from freeElems
Fix HTML serialization with UTF-8 encoding
Use actual doc in xmlTextReaderRead*Xml
Unlink node before freeing it in xmlSAX2StartElement
Check return value of nodePush in xmlSAX2StartElement
Free input buffer in xmlHaltParser
Reset HTML parser input pointers on encoding failure
Don't run icu_parse_test if EUC-JP is unsupported
Fix xmlSchemaValidCtxtPtr reuse memory leak
Fix xmlTextReaderNext with preparsed document
Remove stray character from comment
Remove a misleading line from xmlCharEncOutput
HTML noscript should not close p
Don't change context node in xmlXPathRoot
Stop using XPATH_OP_RESET
Revert "Change calls to xmlCharEncInput to set flush false"

Improvements:
Fix "Problem with data in interleave in RelaxNG validation"
cleanup: remove some unreachable code
add --relative to testURI
Remove redefined starts and defines inside include elements
Allow choice within choice in nameClass in RELAX NG
Look inside divs for starts and defines inside include
Add compile and libxml2-config.cmake to .gitignore
Stop using doc->charset outside parser code
Add newlines to 'xmllint --xpath' output
Don't include SAX.h from globals.h
Support xmlTextReaderNextSibling w/o preparsed doc
Don't instruct user to run make when autogen.sh failed
Run Travis ASan tests with "sudo: required"
Improve restoring of context size and position
Simplify and harden nodeset filtering
Avoid unnecessary backups of the context node
Fix inconsistency in xmlXPathIsInf
2019-01-09 19:09:02 +00:00
wiz
17a46be125 py-libxml2: work around a problem in error handling.
In some cases, invalid UTF-8 strings were returned which caused
python interpreter crashes. See

https://github.com/itstool/itstool/issues/22

Use a variant of the patch that was used in Fedora.

Bump PKGREVISION.
2019-01-09 13:40:50 +00:00
leot
dbff67847d libxml2: Add a patch from upstream to fix CVE-2017-8872
Patch provided by Attila Fülöp via PR pkg/53704, thanks!
2018-11-09 15:31:46 +00:00
leot
80179b24f0 libxml2: Backport upstream patch for CVE-2018-9251 and CVE-2018-14567 2018-10-13 09:05:42 +00:00
snj
6f7ef101e3 textproc/libxml2: Fix CVE-2018-14404.
Bump PKGREVISION.
2018-08-09 18:44:13 +00:00
tez
b6bffb7fa0 libxml2: Fix for CVE-2018-9251
from https://bugzilla.gnome.org/show_bug.cgi?id=794914
2018-06-20 18:22:45 +00:00
wiz
d25f15296e libxml2: remove unused patch 2018-03-24 07:07:11 +00:00
maya
159fa310a1 libxml2: fix compilation on Solaris 11.3
We use INFINITY which is available on C99 and later, so be explicit
that we compile C99 code.

Also tested as compiling fine on netbsd-current.

Fixes PR pkg/53098
2018-03-14 10:49:00 +00:00
wiz
6ab088220e libxml2, py-libxml2: update to 2.9.8
Changes not found.
2018-03-11 17:49:53 +00:00
prlw1
acdf664a29 py-libxml2: in nodeWrap deal with name is None case
Should fix gtk-doc build with itstool 2.0.4:

Error: Could not merge translations:
'NoneType' object is not subscriptable
2017-11-08 22:51:54 +00:00
prlw1
bf1dfb6af3 libxml2: Update to 2.9.7
- Portability:
  Change preprocessor OS tests to __linux__ (Nick Wellnhofer)

- Bug Fixes:
  Fix XPath stack frame logic (Nick Wellnhofer),
  Report undefined XPath variable error message (Nick Wellnhofer),
  Fix regression with librsvg (Nick Wellnhofer),
  Handle more invalid entity values in recovery mode (Nick Wellnhofer),
  Fix structured validation errors (Nick Wellnhofer),
  Fix memory leak in LZMA decompressor (Nick Wellnhofer),
  Set memory limit for LZMA decompression (Nick Wellnhofer),
  Handle illegal entity values in recovery mode (Nick Wellnhofer),
  Fix debug dump of streaming XPath expressions (Nick Wellnhofer),
  Fix memory leak in nanoftp (Nick Wellnhofer),
  Fix memory leaks in SAX1 parser (Nick Wellnhofer)
2017-11-06 16:16:53 +00:00
prlw1
289f225635 py-libxml2: _PyVerify_fd no longer exists
https://bugzilla.gnome.org/show_bug.cgi?id=776815
2017-11-06 16:12:11 +00:00
prlw1
27de6b0c73 py-libxml2: remove patch-python_libxml__wrap.h - the cause of PR pkg/52690
$ python3.6
Python 3.6.3 (default, Oct 27 2017, 17:16:29)
[GCC 5.4.0] on netbsd8
Type "help", "copyright", "credits" or "license" for more information.
>>> import libxml2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/pkg/lib/python3.6/site-packages/libxml2.py", line 1, in <module>
    import libxml2mod
ImportError: /usr/pkg/lib/python3.6/site-packages/libxml2mod.so: Undefined PLT symbol "PyCObject_Check" (symnum = 488)
2017-11-06 16:01:59 +00:00
fhajny
49d097341b textproc/*libxml2: Move patches and distinfo files under the main package
since the distfile is just one anyway.
2017-10-31 13:15:44 +00:00
fhajny
69d7d78e64 Update textproc/libxml2 to 2.9.6.
Update Portability:
- Change preprocessor OS tests to __linux__

Bug Fixes:
- Fix XPath stack frame logic
- Report undefined XPath variable error message
- Fix regression with librsvg
- Handle more invalid entity values in recovery mode
- Fix structured validation errors
- Fix memory leak in LZMA decompressor
- Set memory limit for LZMA decompression
- Handle illegal entity values in recovery mode
- Fix debug dump of streaming XPath expressions
- Fix memory leak in nanoftp
- Fix memory leaks in SAX1 parser
2017-10-30 14:02:02 +00:00
wiz
686a1908db Updated libxml2 to 2.9.5.
2.9.5: Sep 04 2017
 • Reference Manual
 • Security:
   Detect infinite recursion in parameter entities
   (Nick Wellnhofer),
   Fix handling of parameter-entity references (Nick
   Wellnhofer),
   Disallow namespace nodes in XPointer ranges (Nick
   Wellnhofer),
   Fix XPointer paths beginning with range-to (Nick
   Wellnhofer)
 • Documentation:
   Documentation fixes (Nick Wellnhofer),
   Spelling and grammar fixes (Nick Wellnhofer)
 • Portability:
   Adding README.zOS to list of extra files for the
   release (Daniel Veillard),
   Description of work needed to compile on zOS
   (Stéphane Michaut),
   Porting libxml2 on zOS encoding of code (Stéphane
   Michaut),
   small changes for OS/400 (Patrick Monnerat),
   relaxng.c, xmlschemas.c: Fix build on pre-C99
   compilers (Chun-wei Fan)
 • Bug Fixes:
   Problem resolving relative URIs (Daniel
   Veillard),
   Fix unwanted warnings when switching encodings
   (Nick Wellnhofer),
   Fix signature of xmlSchemaAugmentImportedIDC
   (Daniel Veillard),
   Heap-buffer-overflow read of size 1 in
   xmlFAParsePosCharGroup (David Kilzer),
   Fix NULL pointer deref in xmlFAParseCharClassEsc
   (Nick Wellnhofer),
   Fix infinite loops with push parser in recovery
   mode (Nick Wellnhofer),
   Send xmllint usage error to stderr (Nick
   Wellnhofer),
   Fix NULL deref in xmlParseExternalEntityPrivate
   (Nick Wellnhofer),
   Make sure not to call IS_BLANK_CH when parsing
   the DTD (Nick Wellnhofer),
   Fix xmlHaltParser (Nick Wellnhofer),
   Fix pathological performance when outputting
   charrefs (Nick Wellnhofer),
   Fix invalid-source-encoding warnings in
   testWriter.c (Nick Wellnhofer),
   Fix duplicate SAX callbacks for entity content
   (David Kilzer),
   Treat URIs with scheme as absolute in C14N (Nick
   Wellnhofer),
   Fix copy-paste errors in error messages (Nick
   Wellnhofer),
   Fix sanity check in htmlParseNameComplex (Nick
   Wellnhofer),
   Fix potential infinite loop in
   xmlStringLenDecodeEntities (Nick Wellnhofer),
   Reset parser input pointers on encoding failure
   (Nick Wellnhofer),
   Fix memory leak in xmlParseEntityDecl error path
   (Nick Wellnhofer),
   Fix xmlBuildRelativeURI for URIs starting with '.
   /' (Nick Wellnhofer),
   Fix type confusion in xmlValidateOneNamespace
   (Nick Wellnhofer),
   Fix memory leak in xmlStringLenGetNodeList (Nick
   Wellnhofer),
   Fix NULL pointer deref in xmlDumpElementContent
   (Daniel Veillard),
   Fix memory leak in xmlBufAttrSerializeTxtContent
   (Nick Wellnhofer),
   Stop parser on unsupported encodings (Nick
   Wellnhofer),
   Check for integer overflow in memory debug code
   (Nick Wellnhofer),
   Fix buffer size checks in
   xmlSnprintfElementContent (Nick Wellnhofer),
   Avoid reparsing in xmlParseStartTag2 (Nick
   Wellnhofer),
   Fix undefined behavior in
   xmlRegExecPushStringInternal (Nick Wellnhofer),
   Check XPath exponents for overflow (Nick
   Wellnhofer),
   Check for overflow in
   xmlXPathIsPositionalPredicate (Nick Wellnhofer),
   Fix spurious error message (Nick Wellnhofer),
   Fix memory leak in xmlCanonicPath (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathCompareNodeSetValue
   (Nick Wellnhofer),
   Fix memory leak in pattern error path (Nick
   Wellnhofer),
   Fix memory leak in parser error path (Nick
   Wellnhofer),
   Fix memory leaks in XPointer error paths (Nick
   Wellnhofer),
   Fix memory leak in xmlXPathNodeSetMergeAndClear
   (Nick Wellnhofer),
   Fix memory leak in XPath filter optimizations
   (Nick Wellnhofer),
   Fix memory leaks in XPath error paths (Nick
   Wellnhofer),
   Do not leak the new CData node if adding fails
   (David Tardon),
   Prevent unwanted external entity reference (Neel
   Mehta),
   Increase buffer space for port in HTTP redirect
   support (Daniel Veillard),
   Fix more NULL pointer derefs in xpointer.c (Nick
   Wellnhofer),
   Avoid function/data pointer conversion in xpath.c
   (Nick Wellnhofer),
   Fix format string warnings (Nick Wellnhofer),
   Disallow namespace nodes in XPointer points (Nick
   Wellnhofer),
   Fix comparison with root node in xmlXPathCmpNodes
   (Nick Wellnhofer),
   Fix attribute decoding during XML schema
   validation (Alex Henrie),
   Fix NULL pointer deref in XPointer range-to (Nick
   Wellnhofer)
 • Improvements:
   Updating the spec file to reflect Fedora 24
   (Daniel Veillard),
   Add const in five places to move 1 KiB to .rdata
   (Bruce Dawson),
   Fix missing part of comment for function
   xmlXPathEvalExpression() (Daniel Veillard),
   Get rid of "blanks wrapper" for parameter
   entities (Nick Wellnhofer),
   Simplify handling of parameter entity references
   (Nick Wellnhofer),
   Deduplicate code in encoding.c (Nick Wellnhofer),
   Make HTML parser functions take const pointers
   (Nick Wellnhofer),
   Build test programs only when needed (Nick
   Wellnhofer),
   Fix doc/examples/index.py (Nick Wellnhofer),
   Fix compiler warnings in threads.c (Nick
   Wellnhofer),
   Fix empty-body warning in nanohttp.c (Nick
   Wellnhofer),
   Fix cast-align warnings (Nick Wellnhofer),
   Fix unused-parameter warnings (Nick Wellnhofer),
   Rework entity boundary checks (Nick Wellnhofer),
   Don't switch encoding for internal parameter
   entities (Nick Wellnhofer),
   Merge duplicate code paths handling PE references
   (Nick Wellnhofer),
   Test SAX2 callbacks with entity substitution
   (Nick Wellnhofer),
   Support catalog and threads tests under
   --without-sax1 (Nick Wellnhofer),
   Misc fixes for 'make tests' (Nick Wellnhofer),
   Initialize keepBlanks in HTML parser (Nick
   Wellnhofer),
   Add test cases for bug 758518 (David Kilzer),
   Fix compiler warning in htmlParseElementInternal
   (Nick Wellnhofer),
   Remove useless check in xmlParseAttributeListDecl
   (Nick Wellnhofer),
   Allow zero sized memory input buffers (Nick
   Wellnhofer),
   Add TODO comment in xmlSwitchEncoding (Nick
   Wellnhofer),
   Check for integer overflow in
   xmlXPathFormatNumber (Nick Wellnhofer),
   Make Travis print UBSan stacktraces (Nick
   Wellnhofer),
   Add .travis.yml (Nick Wellnhofer),
   Fix expected error output in Python tests (Nick
   Wellnhofer),
   Simplify control flow in xmlParseStartTag2 (Nick
   Wellnhofer),
   Disable LeakSanitizer when running API tests
   (Nick Wellnhofer),
   Avoid out-of-bound array access in API tests
   (Nick Wellnhofer),
   Avoid spurious UBSan errors in parser.c (Nick
   Wellnhofer),
   Parse small XPath numbers more accurately (Nick
   Wellnhofer),
   Rework XPath rounding functions (Nick
   Wellnhofer),
   Fix white space in test output (Nick Wellnhofer),
   Fix axis traversal from attribute and namespace
   nodes (Nick Wellnhofer),
   Check for trailing characters in XPath
   expressions earlier (Nick Wellnhofer),
   Rework final handling of XPath results (Nick
   Wellnhofer),
   Make xmlXPathEvalExpression call xmlXPathEval
   (Nick Wellnhofer),
   Remove unused variables (Nick Wellnhofer),
   Don't print generic error messages in XPath tests
   (Nick Wellnhofer)
 • Cleanups:
   Fix a couple of misleading indentation errors
   (Daniel Veillard),
   Remove unnecessary calls to xmlPopInput (Nick
   Wellnhofer)
2017-09-10 20:49:20 +00:00
tez
41aa471248 xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74


There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.

Percent sign in DTD Names
=========================
This fixes bug 766956 initially reported by Wei Lei and independently by
Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
involved.

xmlParseNameComplex with XML_PARSE_OLD10
========================================
This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
Thanks to Marcel Böhme and Thuan Pham for the report.

Additional hardening
====================
A separate check was added in xmlParseNameComplex to validate the
buffer size.

From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
2017-06-21 00:23:23 +00:00
maya
ef90709bc9 libxml2: Apply upstream patch for CVE-2017-5969.
(Minor issue, only a denial-of-service when using recover mode)

bump PKGREVISION
2017-06-11 04:40:53 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
dholland
2bfcf2281b PKGREVISION shouldn't be in Makefile.common, even though the last two
bumps applied to both users.
2016-12-30 02:17:48 +00:00
sevan
b113b01f59 Patch for CVE-2016-4658 & CVE-2016-5131
Bump rev
2016-12-27 02:34:33 +00:00
sevan
4faf94dda8 Patch CVE-2016-9318 https://bugzilla.gnome.org/show_bug.cgi?id=772726
Bump rev.
2016-11-30 14:46:22 +00:00
wiz
06e2fcd1e9 Use standard format for 'used by' lines, since some tools make use of this. 2016-05-28 06:47:51 +00:00
pgoyette
508b5e276e Introduce a Makefile.common so we can share it with textproc/py-libxml2 2016-05-27 23:51:10 +00:00
he
a7e96690b5 Submit the typo part of configure upstream, note the bug-ID. 2016-05-25 07:16:36 +00:00
wiz
aa5ac4ab08 Add upstream bug report URLs (from he@). 2016-05-24 21:08:21 +00:00
he
f6eb8e7e5a Update libxml2 to 2.9.4.
Pkgsrc changes:
 * Add some casts to match types and format strings, plus
   fix value range of toupper() operation.
 * Merge patch-ag into the new patch-encoding.c.
 * Add comments to existing patches which lacked comments.

Upstream changes to libxml2-2.9.4: May 23 2016

Security:

   CVE-2016-3627 Avoid building recursive entities
   CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar
   CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs
   CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral
   	      	 and htmlParseSystemiteral
   CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey
   CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString
   CVE-2016-1838 Bug 758588: Heap-based buffer overread in
	      	 xmlParserPrintFileContextInternal
   CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
   CVE-2016-4483 Avoid an out of bound access when serializing
   		 malformed strings
   CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat
   CVE-2016-3705 Add missing increments of recursion depth counter to
   		 XML parser.
   CVE-2016-1762 Heap-based buffer overread in xmlNextChar

   More format string warnings with possible format string vulnerability
   Heap-based buffer-underreads due to xmlParseName
   Fix some format string warnings with possible format string vulnerability
   Unsigned addition may overflow in xmlMallocAtomicLoc()

Other bugfixes:

   Detect change of encoding when parsing HTML names
   Fix inappropriate fetch of entities content
   Correct the usage of LDFLAGS
   Revert the use of SAVE_LDFLAGS in configure.ac
   libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles
   Add more debugging info to runtest
   Implement "runtest -u" mode
   Integer signed/unsigned type mismatch in xmlParserInputGrow()
   Integer overflow parsing port number in URI
   Fix apibuild for a recently added constructv2.9.4-rc2
   Use pkg-config to locate zlib when possible
   Use pkg-config to locate ICU when possible
   Fix an error with regexp on nullable counted char transition
   Fix memory leak with XPath namespace nodes
   Fix namespace axis traversal
   Add a make rule to rebuild for ASAN
   Fix null pointer deref in docs with no root element
   Portability to non C99 compliant compilers
   dict.h: Move xmlDictPtr definition before includes to allow direct
     inclusion.
   Fix XSD validation of URIs with ampersands
   xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean
     "end of day" and should not cause an error. v2.9.4-rc1
   os400: tell about xmllint and xmlcatalog in README400.
   os400: properly process SGML add in XMLCATALOG command.
   os400: implement CL command XMLCATALOG.
   os400: compile and install program xmlcatalog (qshell-only).
   xmlcatalog: flush stdout before interactive shell input.
   os400: expand tabs in sources, strip trailing blanks.
   os400: implement CL command XMLLINT.
   os400: compile and install program xmllint (qshell-only).
   os400: initscript make_module(): Use options instead of
     positional parameters.
   xmllint: flush stdout before interactive shell input.
   os400: c14n.rpgle: allow *omit for nullable reference parameters.
   os400: use like() for double type.
   os400: use like() for int type.
   os400: use like() for unsigned int type.
   os400: use like() for enum types.
   Add xz to xml2-config --libs output
   Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression
   Fix namespace::node() XPath expression
   Fix OOB write in xmlXPathEmptyNodeSet
   Fix parsing of NCNames in XPath
   Fix OOB read with invalid UTF-8 in xmlUTF8Strsize
   Do normalize string-based datatype value in RelaxNG facet checking
   Fix typo: s{ ec -> cr }cipt
   Fix typos: dictio{ nn -> n }ar{y,ies}
   Fix typos: PATH_{ SEAPARATOR -> SEPARATOR }
   Correct a typo.
   Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix
     for "xmlSaveUri() incorrectly recomposes URIs with rootless paths"
   Bug 760861: REGRESSION (bf9c1dad): Missing results for
     test/schemas/regexp-char-ref_[01].xsd
   error.c: *input->cur == 0 does not mean no error
   Add missing RNG test files
   Bug 760190: configure.ac should be able to build --with-icu without
     icu-config tool
   Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus
     UTF-8 encoding error when multi-byte character in large CDATA
     section is split across buffer
   Bug 758572: ASAN crash in make check
   Bug 721158: Missing ICU string when doing --version on xmllint
   python 3: libxml2.c wrappers create Unicode str already
   win32\VC10\config.h and VS 2015
   Add autogen.sh to distrib
   Add configure maintainer mode
2016-05-24 12:00:08 +00:00
jperkin
36eaaf6066 Use OPSYSVARS. 2016-02-26 10:24:10 +00:00
wiz
b570169750 Update libxml2 to 2.9.3.
v2.9.3: Nov 20 2015

    Security:
    CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport),
    CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard),
    CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard),
    CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard),
    CVE-2015-5312 Another entity expansion issue (David Drysdale),
    CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale),
    CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard),
    CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard),
    CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard),
    CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard),
    CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard)
    CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard),
    CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard),
    Documentation:
    Correct spelling of "calling" (Alex Henrie),
    Fix a small error in xmllint --format description (Fabien Degomme),
    Avoid XSS on the search of xmlsoft.org (Daniel Veillard)
    Portability:
    threads: use forward declarations only for glibc (Michael Heimpold),
    Update Win32 configure.js to search for configure.ac (Daniel Veillard)
    Bug Fixes:
    Bug on creating new stream from entity (Daniel Veillard),
    Fix some loop issues embedding NEXT (Daniel Veillard),
    Do not print error context when there is none (Daniel Veillard),
    Avoid extra processing of MarkupDecl when EOF (Hugh Davenport),
    Fix parsing short unclosed comment uninitialized access (Daniel Veillard),
    Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta),
    Fix a bug in CData error handling in the push parser (Daniel Veillard),
    Fix a bug on name parsing at the end of current input buffer (Daniel Veillard),
    Fix the spurious ID already defined error (Daniel Veillard),
    Fix previous change to node sort order (Nick Wellnhofer),
    Fix a self assignment issue raised by clang (Scott Graham),
    Fail parsing early on if encoding conversion failed (Daniel Veillard),
    Do not process encoding values if the declaration if broken (Daniel Veillard),
    Silence clang's -Wunknown-attribute (Michael Catanzaro),
    xmlMemUsed is not thread-safe (Martin von Gagern),
    Fix support for except in nameclasses (Daniel Veillard),
    Fix order of root nodes (Nick Wellnhofer),
    Allow attributes on descendant-or-self axis (Nick Wellnhofer),
    Fix the fix to Windows locking (Steve Nairn),
    Fix timsort invariant loop re: Envisage article (Christopher Swenson),
    Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer),
    Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer),
    Remove various unused value assignments (Philip Withnall),
    Fix missing entities after CVE-2014-3660 fix (Daniel Veillard),
    Revert "Missing initialization for the catalog module" (Daniel Veillard)
    Improvements:
    Reuse xmlHaltParser() where it makes sense (Daniel Veillard),
    xmlStopParser reset errNo (Daniel Veillard),
    Reenable xz support by default (Daniel Veillard),
    Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard),
    Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance),
    Regression test for bug #695699 (Nick Wellnhofer),
    Add a couple of XPath tests (Nick Wellnhofer),
    Add Python 3 rpm subpackage (Tomas Radej),
    libxml2-config.cmake.in: update include directories (Samuel Martin),
    Adding example from bugs 738805 to regression tests (Daniel Veillard)
2015-11-22 23:49:03 +00:00
agc
2eddae48e5 Add SHA512 digests for distfiles for textproc category
Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:59:17 +00:00
he
1da8d6addb Apply the patch for arbitrary-memory-access vulnerability as reported
in https://bugzilla.gnome.org/show_bug.cgi?id=746048.
Bump PKGREVISION.
2015-07-03 18:55:46 +00:00