On Mon, Jul 10, 2017 at 11:18:10AM +0200, Matthias Pitzl wrote:
> In libxml2 were some more CVEs.
This is the same diff applied to our ports tree.
ok?
bluhm
Index: textproc/libxml/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/textproc/libxml/Makefile,v
retrieving revision 1.169
diff -u -p -r1.169 Makefile
--- textproc/libxml/Makefile 3 Jun 2017 09:40:42 -0000 1.169
+++ textproc/libxml/Makefile 12 Jul 2017 13:50:07 -0000
@@ -4,7 +4,7 @@ COMMENT-main= XML parsing library
COMMENT-python= Python bindings for libxml
VERSION= 2.9.4
-REVISION-main= 1
+REVISION-main= 2
DISTNAME= libxml2-${VERSION}
PKGNAME-main= libxml-${VERSION}
PKGNAME-python= py-libxml-${VERSION}
Index: textproc/libxml/patches/patch-nanohttp_c
===================================================================
RCS file: textproc/libxml/patches/patch-nanohttp_c
diff -N textproc/libxml/patches/patch-nanohttp_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ textproc/libxml/patches/patch-nanohttp_c 12 Jul 2017 13:48:36 -0000
@@ -0,0 +1,20 @@
+$OpenBSD$
+
+CVE-2017-7376
+https://github.com/GNOME/libxml2/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
+
+Index: nanohttp.c
+--- nanohttp.c.orig
++++ nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+ if (ctxt->port != 80) {
+ /* reserve space for ':xxxxx', incl. potential proxy */
+ if (proxy)
+- blen += 12;
++ blen += 17;
+ else
+- blen += 6;
++ blen += 11;
+ }
+ bp = (char*)xmlMallocAtomic(blen);
+ if ( bp == NULL ) {
Index: textproc/libxml/patches/patch-parser_c
===================================================================
RCS file:
/data/mirror/openbsd/cvs/ports/textproc/libxml/patches/patch-parser_c,v
retrieving revision 1.17
diff -u -p -r1.17 patch-parser_c
--- textproc/libxml/patches/patch-parser_c 3 Jun 2017 09:40:42 -0000
1.17
+++ textproc/libxml/patches/patch-parser_c 12 Jul 2017 13:46:31 -0000
@@ -2,6 +2,9 @@ $OpenBSD: patch-parser_c,v 1.17 2017/06/
Fix CVE-2017-9049 and CVE-2017-9050.
+CVE-2017-7375
+https://github.com/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e
+
Index: parser.c
--- parser.c.orig
+++ parser.c
@@ -36,3 +39,19 @@ Index: parser.c
}
/**
+@@ -8123,6 +8127,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ if (xmlPushInput(ctxt, input) < 0)
+ return;
+ } else {
++ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++ (ctxt->replaceEntities == 0) &&
++ (ctxt->validate == 0))
++ return;
++
+ /*
+ * TODO !!!
+ * handle the extra spaces added before and after
Index: textproc/libxml/patches/patch-valid_c
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/textproc/libxml/patches/patch-valid_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-valid_c
--- textproc/libxml/patches/patch-valid_c 3 Jun 2017 09:40:42 -0000
1.1
+++ textproc/libxml/patches/patch-valid_c 12 Jul 2017 13:47:32 -0000
@@ -2,6 +2,9 @@ $OpenBSD: patch-valid_c,v 1.1 2017/06/03
Fix CVE-2017-9047 and CVE-2017-9048.
+CVE-2017-9663
+https://github.com/GNOME/libxml2/commit/92b9e8c8b3787068565a1820ba575d042f9eec66
+
Index: valid.c
--- valid.c.orig
+++ valid.c
@@ -21,3 +24,24 @@ Index: valid.c
if (englob)
strcat(buf, ")");
switch (content->ocur) {
+@@ -4621,6 +4623,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, c
+ }
+ }
+
++ /*
++ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++ * xmlAddID and xmlAddRef for namespace declarations, but it makes
++ * no practical sense to use ID types anyway.
++ */
++#if 0
+ /* Validity Constraint: ID uniqueness */
+ if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+ if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4632,6 +4640,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, c
+ if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ ret = 0;
+ }
++#endif
+
+ /* Validity Constraint: Notation Attributes */
+ if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
