head 1.2; access; symbols pkgsrc-2017Q2:1.1.0.4 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2017.09.10.20.56.24; author wiz; state dead; branches; next 1.1; commitid yScLGcIKpGLD2H6A; 1.1 date 2017.05.23.23.37.01; author tez; state Exp; branches 1.1.2.1; next ; commitid wr9hDqz7drlUszSz; 1.1.2.1 date 2017.05.23.23.37.01; author bsiegert; state dead; branches; next 1.1.2.2; commitid 6bLDnWTXBDWuBjTz; 1.1.2.2 date 2017.05.29.18.35.08; author bsiegert; state Exp; branches; next ; commitid 6bLDnWTXBDWuBjTz; desc @@ 1.2 log @Updated libxslt to 1.1.30. .1.30: Sep 04 2017 • Documentation: Misc doc fixes (Nick Wellnhofer) • Portability: Look for libxml2 via pkg-config first (Elliott Sales de Andrade), Change default SOPREFIX on Windows to "bin" (Nick Wellnhofer), Add WIN32_EXTRA_LDFLAGS to tests/plugins/ Makefile.am (Michael Haubenwallner) • Bug Fixes: Also fix memory hazards in exsltFuncResultElem (Nick Wellnhofer), Fix NULL deref in xsltDefaultSortFunction (Nick Wellnhofer), Fix memory hazards in exsltFuncFunctionFunction (Nick Wellnhofer), Fix memory leaks in EXSLT error paths (Nick Wellnhofer), Fix memory leak in str:concat with empty node-set (Nick Wellnhofer), Fix memory leaks in error paths (Nick Wellnhofer), Switch to xmlUTF8Strsize in numbers.c (Nick Wellnhofer), Fix NULL pointer deref in xsltFormatNumberFunction (Nick Wellnhofer), Fix UTF-8 check in str:padding (Nick Wellnhofer), Fix xmlStrPrintf argument (Nick Wellnhofer), Check for overflow in _exsltDateParseGYear (Nick Wellnhofer), Fix double to int conversion (Nick Wellnhofer), Check for overflow in exsltDateParseDuration (Nick Wellnhofer), Change version of xsltMaxVars back to 1.0.24 (Nick Wellnhofer), Disable xsltCopyTextString optimization for extensions (Nick Wellnhofer), Create DOCTYPE for HTML version 5 (Nick Wellnhofer), Make xsl:decimal-format work with namespaces (Nick Wellnhofer), Remove norm:localTime extension function (Nick Wellnhofer), Check for integer overflow in xsltAddTextString (Nick Wellnhofer), Detect infinite recursion when evaluating function arguments (Nick Wellnhofer), Fix memory leak in xsltElementAvailableFunction (Nick Wellnhofer), Fix for pattern predicates calling functions (Nick Wellnhofer), Fix cmd.exe invocations in Makefile.mingw (Nick Wellnhofer), Don't try to install index.sgml (Nick Wellnhofer), Fix symbols.xml (Nick Wellnhofer), Fix heap overread in xsltFormatNumberConversion (Nick Wellnhofer), Fix for non-element nodes (Nick Wellnhofer), Fix unreachable code in xsltAddChild (mahendra.n), Change version number in xsl:version warning (Nick Wellnhofer), Avoid infinite recursion after failed param evaluation (Nick Wellnhofer), Stop if potential recursion is detected (Nick Wellnhofer), Consider built-in templates in apply-imports (Nick Wellnhofer), Fix precedence with multiple attribute sets (Nick Wellnhofer), Rework attribute set resolution (Nick Wellnhofer) • Improvements: Add .travis.yml (Nick Wellnhofer), Silence tests a little (Nick Wellnhofer), Set LIBXML_SRC to absolute path (Nick Wellnhofer), Add missing #include (Nick Wellnhofer), Adjust expected error messages in tests (Nick Wellnhofer), Make xsltDebug more quiet (Nick Wellnhofer), New-line terminate error message that missed this convention (Jan Pokorný), Use xmlBuffers in EXSLT string functions (Nick Wellnhofer), Switch to xmlUTF8Strsize in EXSLT string functions (Nick Wellnhofer), Check for return value of xmlUTF8Strlen (Nick Wellnhofer), Avoid double/long round trip in FORMAT_ITEM (Nick Wellnhofer), Separate date and duration structs (Nick Wellnhofer), Check for overflow in _exsltDateDifference (Nick Wellnhofer), Clamp seconds field of durations (Nick Wellnhofer), Change _exsltDateAddDurCalc parameter types (Nick Wellnhofer), Fix date:difference with time zones (Nick Wellnhofer), Rework division/remainder arithmetic in date.c (Nick Wellnhofer), Remove exsltDateCastDateToNumber (Nick Wellnhofer), Change internal representation of years (Nick Wellnhofer), Optimize IS_LEAP (Nick Wellnhofer), Link libraries with libm (Jussi Kukkonen), Rename xsltCopyTreeInternal to xsltCopyTree (Nick Wellnhofer), Update linker version script (Nick Wellnhofer), Add local wildcard to version script (Nick Wellnhofer), Make some symbols static (Nick Wellnhofer), Remove redundant NULL check in xsltNumberComp (mahendra.n), Fix forwards compatibility for imported stylesheets (Nick Wellnhofer), Reduce warnings in forwards-compatible mode (Nick Wellnhofer), Precompute XSLT elements after preprocessing (Nick Wellnhofer), Fix whitespace in xsltParseStylesheetTop (Nick Wellnhofer), Consolidate recursion checks (Nick Wellnhofer), Treat XSLT_STATE_STOPPED same as errors (Nick Wellnhofer), Make sure that XSLT_STATE_STOPPED isn't overwritten (Nick Wellnhofer), Add comment regarding built-in templates and params (Nick Wellnhofer), Rewrite memory management of local RVTs (Nick Wellnhofer), Validate QNames of attribute sets (Nick Wellnhofer), Add xsl:attribute-set regression tests (Nick Wellnhofer), Ignore imported stylesheets in xsltApplyAttributeSet (Nick Wellnhofer) @ text @$NetBSD: patch-CVE-2017-5029,v 1.1 2017/05/23 23:37:01 tez Exp $ Patch for CVE-2017-5029 from: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 --- libxslt/xsltInternals.h.orig 2017-05-23 23:14:05.625798800 +0000 +++ libxslt/xsltInternals.h @@@@ -1754,8 +1754,8 @@@@ struct _xsltTransformContext { * Speed optimization when coalescing text nodes */ const xmlChar *lasttext; /* last text node content */ - unsigned int lasttsize; /* last text node size */ - unsigned int lasttuse; /* last text node use */ + int lasttsize; /* last text node size */ + int lasttuse; /* last text node use */ /* * Per Context Debugging */ --- libxslt/transform.c.orig 2017-05-23 23:14:23.480987400 +0000 +++ libxslt/transform.c @@@@ -816,13 +816,32 @@@@ xsltAddTextString(xsltTransformContextPt return(target); if (ctxt->lasttext == target->content) { + int minSize; - if (ctxt->lasttuse + len >= ctxt->lasttsize) { + /* Check for integer overflow accounting for NUL terminator. */ + if (len >= INT_MAX - ctxt->lasttuse) { + xsltTransformError(ctxt, NULL, target, + "xsltCopyText: text allocation failed\n"); + return(NULL); + } + minSize = ctxt->lasttuse + len + 1; + + if (ctxt->lasttsize < minSize) { xmlChar *newbuf; int size; + int extra; + + /* Double buffer size but increase by at least 100 bytes. */ + extra = minSize < 100 ? 100 : minSize; + + /* Check for integer overflow. */ + if (extra > INT_MAX - ctxt->lasttsize) { + size = INT_MAX; + } + else { + size = ctxt->lasttsize + extra; + } - size = ctxt->lasttsize + len + 100; - size *= 2; newbuf = (xmlChar *) xmlRealloc(target->content,size); if (newbuf == NULL) { xsltTransformError(ctxt, NULL, target, @ 1.1 log @Add patch for CVE-2017-5029 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2017-5029 was added on branch pkgsrc-2017Q1 on 2017-05-29 18:35:08 +0000 @ text @d1 58 @ 1.1.2.2 log @Pullup ticket #5463 - requested by sevan textproc/libxslt: security fix Revisions pulled up: - textproc/libxslt/Makefile 1.105 - textproc/libxslt/distinfo 1.60 - textproc/libxslt/patches/patch-CVE-2017-5029 1.1 --- Module Name: pkgsrc Committed By: tez Date: Tue May 23 23:37:01 UTC 2017 Modified Files: pkgsrc/textproc/libxslt: Makefile distinfo Added Files: pkgsrc/textproc/libxslt/patches: patch-CVE-2017-5029 Log Message: Add patch for CVE-2017-5029 @ text @a0 58 $NetBSD: patch-CVE-2017-5029,v 1.1 2017/05/23 23:37:01 tez Exp $ Patch for CVE-2017-5029 from: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 --- libxslt/xsltInternals.h.orig 2017-05-23 23:14:05.625798800 +0000 +++ libxslt/xsltInternals.h @@@@ -1754,8 +1754,8 @@@@ struct _xsltTransformContext { * Speed optimization when coalescing text nodes */ const xmlChar *lasttext; /* last text node content */ - unsigned int lasttsize; /* last text node size */ - unsigned int lasttuse; /* last text node use */ + int lasttsize; /* last text node size */ + int lasttuse; /* last text node use */ /* * Per Context Debugging */ --- libxslt/transform.c.orig 2017-05-23 23:14:23.480987400 +0000 +++ libxslt/transform.c @@@@ -816,13 +816,32 @@@@ xsltAddTextString(xsltTransformContextPt return(target); if (ctxt->lasttext == target->content) { + int minSize; - if (ctxt->lasttuse + len >= ctxt->lasttsize) { + /* Check for integer overflow accounting for NUL terminator. */ + if (len >= INT_MAX - ctxt->lasttuse) { + xsltTransformError(ctxt, NULL, target, + "xsltCopyText: text allocation failed\n"); + return(NULL); + } + minSize = ctxt->lasttuse + len + 1; + + if (ctxt->lasttsize < minSize) { xmlChar *newbuf; int size; + int extra; + + /* Double buffer size but increase by at least 100 bytes. */ + extra = minSize < 100 ? 100 : minSize; + + /* Check for integer overflow. */ + if (extra > INT_MAX - ctxt->lasttsize) { + size = INT_MAX; + } + else { + size = ctxt->lasttsize + extra; + } - size = ctxt->lasttsize + len + 100; - size *= 2; newbuf = (xmlChar *) xmlRealloc(target->content,size); if (newbuf == NULL) { xsltTransformError(ctxt, NULL, target, @