On Fri, Dec 30, 2016 at 03:32:47PM +0100, Alexander Bluhm wrote: > On Fri, Dec 30, 2016 at 12:54:59PM +0100, Simon Mages wrote: > > textproc/libxml is affected by those CVEs: > > CVE-2016-4658 > > CVE-2016-5131 > > > > Attached is a updated version of the port which includes the patches > > mentioned > > above. > > I have > - changed revision to 0, > - checked that patches contain the git commit > - added a link in the patches
The github repo is not the official one, just a mirror. => https://git.gnome.org/browse/libxml2/ > New diff inline > > ok? Other than the github->git.gnome.org thingy, OK for me but could you explicitely set the revision for each subpackage? (i.e. REVISION-main, REVISION-python). Thanks. > bluhm > > Index: Makefile > =================================================================== > RCS file: /data/mirror/openbsd/cvs/ports/textproc/libxml/Makefile,v > retrieving revision 1.167 > diff -u -p -r1.167 Makefile > --- Makefile 1 Sep 2016 21:56:59 -0000 1.167 > +++ Makefile 30 Dec 2016 13:44:37 -0000 > @@ -4,6 +4,7 @@ COMMENT-main= XML parsing library > COMMENT-python= Python bindings for libxml > > VERSION= 2.9.4 > +REVISION= 0 > DISTNAME= libxml2-${VERSION} > PKGNAME-main= libxml-${VERSION} > PKGNAME-python= py-libxml-${VERSION} > Index: patches/patch-result_XPath_xptr_vidbase > =================================================================== > RCS file: patches/patch-result_XPath_xptr_vidbase > diff -N patches/patch-result_XPath_xptr_vidbase > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-result_XPath_xptr_vidbase 30 Dec 2016 14:22:45 -0000 > @@ -0,0 +1,23 @@ > +$OpenBSD$ > + > +https://github.com/GNOME/libxml2/commit/9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e > + > +--- result/XPath/xptr/vidbase.orig Mon May 23 02:45:24 2016 > ++++ result/XPath/xptr/vidbase Fri Dec 30 12:40:25 2016 > +@@ -17,3 +17,16 @@ Object is a Location Set: > + To node > + ELEMENT p > + > ++ > ++======================== > ++Expression: xpointer(range-to(id('chapter2'))) > ++Object is a Location Set: > ++1 : Object is a range : > ++ From node > ++ / > ++ To node > ++ ELEMENT chapter > ++ ATTRIBUTE id > ++ TEXT > ++ content=chapter2 > ++ > Index: patches/patch-test_XPath_xptr_vidbase > =================================================================== > RCS file: patches/patch-test_XPath_xptr_vidbase > diff -N patches/patch-test_XPath_xptr_vidbase > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-test_XPath_xptr_vidbase 30 Dec 2016 14:23:28 -0000 > @@ -0,0 +1,10 @@ > +$OpenBSD$ > + > +https://github.com/GNOME/libxml2/commit/9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e > + > +--- test/XPath/xptr/vidbase.orig Thu Jul 30 17:24:34 2009 > ++++ test/XPath/xptr/vidbase Fri Dec 30 12:40:25 2016 > +@@ -1,2 +1,3 @@ > + xpointer(id('chapter1')/p) > + xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) > ++xpointer(range-to(id('chapter2'))) > Index: patches/patch-xpath_c > =================================================================== > RCS file: patches/patch-xpath_c > diff -N patches/patch-xpath_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-xpath_c 30 Dec 2016 14:24:01 -0000 > @@ -0,0 +1,26 @@ > +$OpenBSD$ > + > +https://github.com/GNOME/libxml2/commit/9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e > + > +--- xpath.c.orig Mon May 23 09:25:25 2016 > ++++ xpath.c Fri Dec 30 12:40:25 2016 > +@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr > ctxt) { > + lc = 1; > + break; > + } else if ((NXT(len) == '(')) { > +- /* Note Type or Function */ > ++ /* Node Type or Function */ > + if (xmlXPathIsNodeType(name)) { > + #ifdef DEBUG_STEP > + xmlGenericError(xmlGenericErrorContext, > + "PathExpr: Type search\n"); > + #endif > + lc = 1; > ++#ifdef LIBXML_XPTR_ENABLED > ++ } else if (ctxt->xptr && > ++ xmlStrEqual(name, BAD_CAST "range-to")) { > ++ lc = 1; > ++#endif > + } else { > + #ifdef DEBUG_STEP > + xmlGenericError(xmlGenericErrorContext, > Index: patches/patch-xpointer_c > =================================================================== > RCS file: patches/patch-xpointer_c > diff -N patches/patch-xpointer_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-xpointer_c 30 Dec 2016 14:21:25 -0000 > @@ -0,0 +1,325 @@ > +$OpenBSD$ > + > +https://github.com/GNOME/libxml2/commit/c1d1f7121194036608bf555f08d3062a36fd344b > +https://github.com/GNOME/libxml2/commit/9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e > + > +--- xpointer.c.orig Mon May 23 09:25:25 2016 > ++++ xpointer.c Fri Dec 30 12:40:25 2016 > +@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathO > + } > + > + /** > ++ * xmlXPtrNewRangeInternal: > ++ * @start: the starting node > ++ * @startindex: the start index > ++ * @end: the ending point > ++ * @endindex: the ending index > ++ * > ++ * Internal function to create a new xmlXPathObjectPtr of type range > ++ * > ++ * Returns the newly created object. > ++ */ > ++static xmlXPathObjectPtr > ++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, > ++ xmlNodePtr end, int endindex) { > ++ xmlXPathObjectPtr ret; > ++ > ++ /* > ++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). > ++ * Disallow them for now. > ++ */ > ++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) > ++ return(NULL); > ++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) > ++ return(NULL); > ++ > ++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > ++ if (ret == NULL) { > ++ xmlXPtrErrMemory("allocating range"); > ++ return(NULL); > ++ } > ++ memset(ret, 0, sizeof(xmlXPathObject)); > ++ ret->type = XPATH_RANGE; > ++ ret->user = start; > ++ ret->index = startindex; > ++ ret->user2 = end; > ++ ret->index2 = endindex; > ++ return(ret); > ++} > ++ > ++/** > + * xmlXPtrNewRange: > + * @start: the starting node > + * @startindex: the start index > +@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, > + if (endindex < 0) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start; > +- ret->index = startindex; > +- ret->user2 = end; > +- ret->index2 = endindex; > ++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPat > + if (end->type != XPATH_POINT) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start->user; > +- ret->index = start->index; > +- ret->user2 = end->user; > +- ret->index2 = end->index; > ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, > ++ end->index); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlN > + if (start->type != XPATH_POINT) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start->user; > +- ret->index = start->index; > +- ret->user2 = end; > +- ret->index2 = -1; > ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObj > + if (end->type != XPATH_POINT) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start; > +- ret->index = -1; > +- ret->user2 = end->user; > +- ret->index2 = end->index; > ++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) > + if (end == NULL) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start; > +- ret->index = -1; > +- ret->user2 = end; > +- ret->index2 = -1; > ++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { > + if (start == NULL) > + return(NULL); > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start; > +- ret->index = -1; > +- ret->user2 = NULL; > +- ret->index2 = -1; > ++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); > + return(ret); > + } > + > +@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { > + */ > + xmlXPathObjectPtr > + xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { > ++ xmlNodePtr endNode; > ++ int endIndex; > + xmlXPathObjectPtr ret; > + > + if (start == NULL) > +@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathOb > + return(NULL); > + switch (end->type) { > + case XPATH_POINT: > ++ endNode = end->user; > ++ endIndex = end->index; > ++ break; > + case XPATH_RANGE: > ++ endNode = end->user2; > ++ endIndex = end->index2; > + break; > + case XPATH_NODESET: > + /* > +@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathOb > + */ > + if (end->nodesetval->nodeNr <= 0) > + return(NULL); > ++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; > ++ endIndex = -1; > + break; > + default: > + /* TODO */ > + return(NULL); > + } > + > +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); > +- if (ret == NULL) { > +- xmlXPtrErrMemory("allocating range"); > +- return(NULL); > +- } > +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); > +- ret->type = XPATH_RANGE; > +- ret->user = start; > +- ret->index = -1; > +- switch (end->type) { > +- case XPATH_POINT: > +- ret->user2 = end->user; > +- ret->index2 = end->index; > +- break; > +- case XPATH_RANGE: > +- ret->user2 = end->user2; > +- ret->index2 = end->index2; > +- break; > +- case XPATH_NODESET: { > +- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; > +- ret->index2 = -1; > +- break; > +- } > +- default: > +- STRANGE > +- return(NULL); > +- } > ++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); > + xmlXPtrRangeCheckOrder(ret); > + return(ret); > + } > +@@ -1332,8 +1295,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlN > + ret->here = here; > + ret->origin = origin; > + > +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", > +- xmlXPtrRangeToFunction); > + xmlXPathRegisterFunc(ret, (xmlChar *)"range", > + xmlXPtrRangeFunction); > + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", > +@@ -2243,76 +2204,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr > ct > + * @nargs: the number of args > + * > + * Implement the range-to() XPointer function > ++ * > ++ * Obsolete. range-to is not a real function but a special type of location > ++ * step which is handled in xpath.c. > + */ > + void > +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { > +- xmlXPathObjectPtr range; > +- const xmlChar *cur; > +- xmlXPathObjectPtr res, obj; > +- xmlXPathObjectPtr tmp; > +- xmlLocationSetPtr newset = NULL; > +- xmlNodeSetPtr oldset; > +- int i; > +- > +- if (ctxt == NULL) return; > +- CHECK_ARITY(1); > +- /* > +- * Save the expression pointer since we will have to evaluate > +- * it multiple times. Initialize the new set. > +- */ > +- CHECK_TYPE(XPATH_NODESET); > +- obj = valuePop(ctxt); > +- oldset = obj->nodesetval; > +- ctxt->context->node = NULL; > +- > +- cur = ctxt->cur; > +- newset = xmlXPtrLocationSetCreate(NULL); > +- > +- for (i = 0; i < oldset->nodeNr; i++) { > +- ctxt->cur = cur; > +- > +- /* > +- * Run the evaluation with a node list made of a single item > +- * in the nodeset. > +- */ > +- ctxt->context->node = oldset->nodeTab[i]; > +- tmp = xmlXPathNewNodeSet(ctxt->context->node); > +- valuePush(ctxt, tmp); > +- > +- xmlXPathEvalExpr(ctxt); > +- CHECK_ERROR; > +- > +- /* > +- * The result of the evaluation need to be tested to > +- * decided whether the filter succeeded or not > +- */ > +- res = valuePop(ctxt); > +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); > +- if (range != NULL) { > +- xmlXPtrLocationSetAdd(newset, range); > +- } > +- > +- /* > +- * Cleanup > +- */ > +- if (res != NULL) > +- xmlXPathFreeObject(res); > +- if (ctxt->value == tmp) { > +- res = valuePop(ctxt); > +- xmlXPathFreeObject(res); > +- } > +- > +- ctxt->context->node = NULL; > +- } > +- > +- /* > +- * The result is used as the new evaluation set. > +- */ > +- xmlXPathFreeObject(obj); > +- ctxt->context->node = NULL; > +- ctxt->context->contextSize = -1; > +- ctxt->context->proximityPosition = -1; > +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); > ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, > ++ int nargs ATTRIBUTE_UNUSED) { > ++ XP_ERROR(XPATH_EXPR_ERROR); > + } > + > + /** > -- Antoine
