ports/127661: [PATCH]textproc/libxml2: update to 2.7.1, which includes security fixes

bf bf2006a at yahoo.com
Fri Sep 26 16:40:04 UTC 2008 

>Number:         127661
>Category:       ports
>Synopsis:       [PATCH]textproc/libxml2: update to 2.7.1, which includes security fixes
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 26 16:40:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
I hesitated to suggest a change to this port during slush, because it
has a number of important dependencies, but I think that it would be better 
to address the security problems with the current version sooner rather than
later.  I didn't see an update to this port in the marcuscom repository ports
module, although one person did make a reference to one of the security
problems in a post to the freebsd-gnome mailing list.  There are two options
to deal with the security problems: either stick with 2.6.32 and patch it; or update to 2.7.1.  Since I'm guessing that we'll eventually be moving to the
newer version, I chose the latter. Besides, 2.7.1 has some other improvements:
in addition to fixes for CVE-2008-3281 and CVE-2008-3529, it also fixes other
bugs, and attempts to prevent more of the kinds of attacks described in
CVE-2003-1564 than does 2.6.32.  This didn't cause any problems in the
dependent ports that I have installed on 7-STABLE i386.  It also passed most
of the bundled regression tests.  In a cursory check of some related mailing
lists, I found some mention of problems that 2.7.0 caused with a few other pieces of software that had abused the libxml2 API, but these seem to have been
addressed in 2.7.1, and in the other software. Also, 2.7.1 seems to have been
incorporated in Red Hat's package system and NetBSD pkgsrc, so it seems okay to
stick it in.  If these changes, are accepted, py-libxml2 will also need a small
patch, which I will send in a subsequent message.

For an overview of changes, see:

http://xmlsoft.org/news.html
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN libxml2.orig/Makefile libxml2/Makefile
--- libxml2.orig/Makefile	2008-09-21 02:17:35.033361776 -0400
+++ libxml2/Makefile	2008-09-21 04:03:28.421022218 -0400
@@ -12,7 +12,7 @@
 #
 
 PORTNAME=	libxml2
-PORTVERSION=	2.6.32
+PORTVERSION=	2.7.1
 PORTREVISION?=	0
 CATEGORIES?=	textproc gnome
 MASTER_SITES=	ftp://fr.rpmfind.net/pub/libxml/ \
@@ -65,6 +65,9 @@
 .endif
 
 post-patch:
+	@${REINPLACE_CMD} -e 's|%%FREEBSD_LIBXML_VERSION_INFO%%|5:1:0|' \
+		${WRKSRC}/Makefile.in
+
 .for d in . doc doc/devhelp doc/examples
 	@${REINPLACE_CMD} -e '/^install-data-am:/ s|install-data-local||' \
 		${WRKSRC}/${d}/Makefile.in
diff -ruN libxml2.orig/distinfo libxml2/distinfo
--- libxml2.orig/distinfo	2008-09-21 02:17:35.033361776 -0400
+++ libxml2/distinfo	2008-09-21 04:03:28.421022218 -0400
@@ -1,3 +1,3 @@
-MD5 (gnome2/libxml2-2.6.32.tar.gz) = 2621d322c16f0257e30f0ff2b13384de
-SHA256 (gnome2/libxml2-2.6.32.tar.gz) = 1b4428b879afcaae3c2013b21283baad040661fbd502e893e83adc3d15c85d53
-SIZE (gnome2/libxml2-2.6.32.tar.gz) = 4722227
+MD5 (gnome2/libxml2-2.7.1.tar.gz) = abc093e9ac7ea1aabf37982ae9df6d6c
+SHA256 (gnome2/libxml2-2.7.1.tar.gz) = 636d3f2c08ff69dd96182d49a3c75027d1bfe8e645e5a1d075a51fc9a9065bd9
+SIZE (gnome2/libxml2-2.7.1.tar.gz) = 4769568
diff -ruN libxml2.orig/files/patch-aa libxml2/files/patch-aa
--- libxml2.orig/files/patch-aa	2008-09-21 02:17:34.993361999 -0400
+++ libxml2/files/patch-aa	2008-09-21 04:03:28.421022218 -0400
@@ -1,31 +1,24 @@
---- Makefile.in.orig	2008-01-22 15:47:56.000000000 -0500
-+++ Makefile.in	2008-01-22 15:49:21.000000000 -0500
-@@ -486,13 +486,13 @@ sysconfdir = @sysconfdir@
- target_alias = @target_alias@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
--SUBDIRS = include . doc example xstc @PYTHON_SUBDIR@
-+SUBDIRS = include . doc example xstc @WITH_PYTHON_TRUE@ @PYTHON_SUBDIR@
- DIST_SUBDIRS = include . doc example python xstc
- INCLUDES = -I$(top_builddir)/include -I at srcdir@/include @THREAD_CFLAGS@ @Z_CFLAGS@ 
+--- Makefile.in.orig	2008-09-21 02:30:27.355231455 -0400
++++ Makefile.in	2008-09-21 03:31:02.901115638 -0400
+@@ -519,7 +519,7 @@
  bin_SCRIPTS = xml2-config
  lib_LTLIBRARIES = libxml2.la
  libxml2_la_LIBADD = @THREAD_LIBS@ @Z_LIBS@ $(ICONV_LIBS) @M_LIBS@ @WIN32_EXTRA_LIBADD@
 -libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -version-info @LIBXML_VERSION_INFO@ @MODULE_PLATFORM_LIBS@
-+libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -version-info 5:0:0 @MODULE_PLATFORM_LIBS@
++libxml2_la_LDFLAGS = @CYGWIN_EXTRA_LDFLAGS@ @WIN32_EXTRA_LDFLAGS@ -version-info %%FREEBSD_LIBXML_VERSION_INFO%% @MODULE_PLATFORM_LIBS@
  @WITH_TRIO_SOURCES_FALSE at libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c  \
  @WITH_TRIO_SOURCES_FALSE@		parser.c tree.c hash.c list.c xmlIO.c xmlmemory.c uri.c  \
  @WITH_TRIO_SOURCES_FALSE@		valid.c xlink.c HTMLparser.c HTMLtree.c debugXML.c xpath.c  \
-@@ -590,7 +590,7 @@ testapi_LDFLAGS = 
- testapi_DEPENDENCIES = $(DEPS)
- testapi_LDADD = $(LDADDS)
- CLEANFILES = xml2Conf.sh
+@@ -633,7 +633,7 @@
+ runxmlconf_DEPENDENCIES = $(DEPS)
+ runxmlconf_LDADD = $(LDADDS)
+ CLEANFILES = xml2Conf.sh *.gcda *.gcno
 -confexecdir = $(libdir)
 +confexecdir = $(sysconfdir)
  confexec_DATA = xml2Conf.sh
  CVS_EXTRA_DIST = 
  EXTRA_DIST = xml2-config.in xml2Conf.sh.in libxml.spec.in libxml2.spec \
-@@ -613,8 +613,8 @@ pkgconfig_DATA = libxml-2.0.pc
+@@ -656,8 +656,8 @@
  # Install the tests program sources as examples 
  #
  BASE_DIR = $(datadir)/doc
@@ -33,12 +26,12 @@
 -EXAMPLES_DIR = $(BASE_DIR)/$(DOC_MODULE)/examples
 +DOC_MODULE = libxml2
 +EXAMPLES_DIR = $(datadir)/examples/libxml2
- all: config.h
- 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
  
-@@ -1344,7 +1344,7 @@ distcleancheck: distclean
+ #
+ # Coverage support, largely borrowed from libvirt
+@@ -1414,7 +1414,7 @@
+ 	       exit 1; } >&2
  check-am: all-am
- 	$(MAKE) $(AM_MAKEFLAGS) check-local
  check: check-recursive
 -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \
 +all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) \


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list