[update] textproc/libxml

[Moritz Buhl]

Hi ports@,

A new libxml release is out (two actally)
http://www.xmlsoft.org/news.html
https://gitlab.gnome.org/GNOME/libxml2/-/commit/b48e77cf4f6fa0792c5f4b639707a2b0675e461b

This fixes CVE-2021-3541.

I updated the version and removed previous patches for CVE-2021-3537
and CVE-2020-7595.

make test passes with no errors.

mbuhl


Index: textproc/libxml/Makefile
===================================================================
RCS file: /cvs/ports/textproc/libxml/Makefile,v
retrieving revision 1.188
diff -u -p -r1.188 Makefile
--- textproc/libxml/Makefile    12 May 2021 11:22:35 -0000      1.188
+++ textproc/libxml/Makefile    14 May 2021 20:17:49 -0000
@@ -3,9 +3,7 @@
 COMMENT-main=          XML parsing library
 COMMENT-python=                Python bindings for libxml
 
-VERSION=               2.9.10
-REVISION-main=         4
-REVISION-python=       5
+VERSION=               2.9.12
 DISTNAME=              libxml2-${VERSION}
 PKGNAME-main=          libxml-${VERSION}
 PKGNAME-python=                py3-libxml-${VERSION}
Index: textproc/libxml/distinfo
===================================================================
RCS file: /cvs/ports/textproc/libxml/distinfo,v
retrieving revision 1.57
diff -u -p -r1.57 distinfo
--- textproc/libxml/distinfo    1 Nov 2019 15:37:45 -0000       1.57
+++ textproc/libxml/distinfo    14 May 2021 20:17:49 -0000
@@ -1,2 +1,2 @@
-SHA256 (libxml2-2.9.10.tar.gz) = qv7hk/+4/gyC1K/vbvkZcsuvX+6hAO3C8mJ1BhG0vh8=
-SIZE (libxml2-2.9.10.tar.gz) = 5624761
+SHA256 (libxml2-2.9.12.tar.gz) = yNZoHjjFbxcokshd3AhS4f1LU7Qgnn9Ovxf34urnHZI=
+SIZE (libxml2-2.9.12.tar.gz) = 5681632
Index: textproc/libxml/patches/patch-parser_c
===================================================================
RCS file: textproc/libxml/patches/patch-parser_c
diff -N textproc/libxml/patches/patch-parser_c
--- textproc/libxml/patches/patch-parser_c      11 May 2021 07:39:24 -0000      
1.21
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-parser_c,v 1.21 2021/05/11 07:39:24 bluhm Exp $
-
-https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
-CVE-2020-7595
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1956522
-https://gitlab.gnome.org/GNOME/libxml2/commit/babe75030c7f64a37826bb3342317134568bef61
-CVE-2021-3537
-
-Index: parser.c
---- parser.c.orig
-+++ parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, cons
-     else
-         c = 0;
-     while ((c != 0) && (c != end) && /* non input consuming loop */
--         (c != end2) && (c != end3)) {
-+           (c != end2) && (c != end3) &&
-+           (ctxt->instate != XML_PARSER_EOF)) {
- 
-       if (c == 0) break;
-         if ((c == '&') && (str[1] == '#')) {
-@@ -6194,6 +6195,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPt
-       SKIP_BLANKS;
-         cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
-                                                            depth + 1);
-+        if (cur == NULL)
-+            return(NULL);
-       SKIP_BLANKS;
-       GROW;
-     } else {
-@@ -6327,6 +6330,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPt
-           SKIP_BLANKS;
-           last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
-                                                           depth + 1);
-+            if (last == NULL) {
-+              if (ret != NULL)
-+                  xmlFreeDocElementContent(ctxt->myDoc, ret);
-+              return(NULL);
-+            }
-           SKIP_BLANKS;
-       } else {
-           elem = xmlParseName(ctxt);