git: 3d6deee359ce - main - textproc/libxslt: Backport compatibility patches.

Gleb Popov arrowd at FreeBSD.org
Wed Jun 16 15:28:45 UTC 2021 

The branch main has been updated by arrowd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3d6deee359ce10ae7da4bb1ffe40fd0ce312d9b7

commit 3d6deee359ce10ae7da4bb1ffe40fd0ce312d9b7
Author:     Daniel Engberg <daniel.engberg.lists at pyret.net>
AuthorDate: 2021-06-16 15:17:27 +0000
Commit:     Gleb Popov <arrowd at FreeBSD.org>
CommitDate: 2021-06-16 15:23:03 +0000

    textproc/libxslt: Backport compatibility patches.
    
    These patches are required for the new textproc/libxml2.
    
    PR:             256617
    Reviewed by:    arrowd
    Tested by:      arrowd
---
 textproc/libxslt/Makefile                          | 36 +++++------
 ...git-01-9ae2f94df1721e002941b40665efb762aefcea1a | 37 ++++++++++++
 ...git-02-824657768aea2cce9c23e72ba8085cb5e44350c7 | 42 +++++++++++++
 ...git-03-77c26bad0433541f486b1e7ced44ca9979376908 | 70 ++++++++++++++++++++++
 4 files changed, 167 insertions(+), 18 deletions(-)

diff --git a/textproc/libxslt/Makefile b/textproc/libxslt/Makefile
index c9f65f75b241..3f37ccbbf28b 100644
--- a/textproc/libxslt/Makefile
+++ b/textproc/libxslt/Makefile
@@ -2,39 +2,39 @@
 
 PORTNAME=	libxslt
 DISTVERSION=	1.1.34
-PORTREVISION=	1
-CATEGORIES?=	textproc gnome
+PORTREVISION=	2
+CATEGORIES=	textproc gnome
 MASTER_SITES=	http://xmlsoft.org/sources/ \
 		https://mirror.umd.edu/xbmc/build-deps/sources/
 DIST_SUBDIR=	gnome2
 
-MAINTAINER?=	desktop at FreeBSD.org
-COMMENT?=	The XSLT C library for GNOME
+MAINTAINER=	desktop at FreeBSD.org
+COMMENT=	XML stylesheet transformation library
 
-USES+=		cpe gmake gnome localbase libtool pathfix
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+USES=		cpe gmake gnome localbase libtool pathfix
 CPE_VENDOR=	xmlsoft
 GNU_CONFIGURE=	yes
-INSTALL_TARGET=	install-strip
+USE_GNOME=	libxml2
 USE_LDCONFIG=	yes
-USE_GNOME?=	libxml2
-CONFIGURE_ARGS?=--with-html-dir=${PREFIX}/share/doc \
-		--without-python
 
-LICENSE=	MIT
+CONFIGURE_ARGS=	--with-html-dir=${PREFIX}/share/doc \
+		--without-python
 
-.if defined(MASTERDIR)
-_SLAVE_PORT=	yes
-.else
+INSTALL_TARGET=	install-strip
+TEST_TARGET=	check
 
-OPTIONS_DEFINE=	MEM_DEBUG CRYPTO
+OPTIONS_DEFINE=	CRYPTO MEM_DEBUG
 OPTIONS_DEFAULT=CRYPTO
+
+CRYPTO_DESC=	Enable crypto support
 MEM_DEBUG_DESC=	Enable memory debugging
-CRYPTO_DESC=	Enable crypto support for exslt
-.endif
 
-MEM_DEBUG_CONFIGURE_ON=	--with-mem-debug
-CRYPTO_CONFIGURE_WITH=	crypto
 CRYPTO_LIB_DEPENDS=	libgcrypt.so:security/libgcrypt
+CRYPTO_CONFIGURE_WITH=	crypto
+MEM_DEBUG_CONFIGURE_ON=	--with-mem-debug
 
 post-patch:
 	@${REINPLACE_CMD} -e '/^install-data-am:/ s|install-data-local||' \
diff --git a/textproc/libxslt/files/patch-git-01-9ae2f94df1721e002941b40665efb762aefcea1a b/textproc/libxslt/files/patch-git-01-9ae2f94df1721e002941b40665efb762aefcea1a
new file mode 100644
index 000000000000..eca5e6ee4e3b
--- /dev/null
+++ b/textproc/libxslt/files/patch-git-01-9ae2f94df1721e002941b40665efb762aefcea1a
@@ -0,0 +1,37 @@
+From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer at aevum.de>
+Date: Mon, 17 Aug 2020 03:42:11 +0200
+Subject: [PATCH] Stop using maxParserDepth XPath limit
+
+This will be removed again from libxml2.
+---
+ tests/fuzz/fuzz.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
+index f502ca2c..75234ad6 100644
+--- tests/fuzz/fuzz.c
++++ tests/fuzz/fuzz.c
+@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+     xpctxt = tctxt->xpathCtxt;
+ 
+     /* Resource limits to avoid timeouts and call stack overflows */
+-    xpctxt->maxParserDepth = 15;
+-    xpctxt->maxDepth = 100;
++    xpctxt->maxDepth = 500;
+     xpctxt->opLimit = 500000;
+ 
+     /* Test namespaces used in xpath.xml */
+@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+ 
+ static void
+ xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
+-    ctxt->maxParserDepth = 15;
+-    ctxt->maxDepth = 100;
++    ctxt->maxDepth = 200;
+     ctxt->opLimit = 100000;
+ }
+ 
+-- 
+GitLab
+
diff --git a/textproc/libxslt/files/patch-git-02-824657768aea2cce9c23e72ba8085cb5e44350c7 b/textproc/libxslt/files/patch-git-02-824657768aea2cce9c23e72ba8085cb5e44350c7
new file mode 100644
index 000000000000..77ee92c51427
--- /dev/null
+++ b/textproc/libxslt/files/patch-git-02-824657768aea2cce9c23e72ba8085cb5e44350c7
@@ -0,0 +1,42 @@
+From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer at aevum.de>
+Date: Mon, 17 Aug 2020 04:27:13 +0200
+Subject: [PATCH] Transfer XPath limits to XPtr context
+
+Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
+XPath limits.
+---
+ libxslt/functions.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index b350545a..975ea790 100644
+--- libxslt/functions.c
++++ libxslt/functions.c
+@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+ 	goto out_fragment;
+     }
+ 
++#if LIBXML_VERSION >= 20911 || \
++    defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
++    xptrctxt->opLimit = ctxt->context->opLimit;
++    xptrctxt->opCount = ctxt->context->opCount;
++    xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
++
++    resObj = xmlXPtrEval(fragment, xptrctxt);
++
++    ctxt->context->opCount = xptrctxt->opCount;
++#else
+     resObj = xmlXPtrEval(fragment, xptrctxt);
+-    xmlXPathFreeContext(xptrctxt);
+ #endif
+ 
++    xmlXPathFreeContext(xptrctxt);
++#endif /* LIBXML_XPTR_ENABLED */
++
+     if (resObj == NULL)
+ 	goto out_fragment;
+ 
+-- 
+GitLab
+
diff --git a/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908 b/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908
new file mode 100644
index 000000000000..157dd444ba89
--- /dev/null
+++ b/textproc/libxslt/files/patch-git-03-77c26bad0433541f486b1e7ced44ca9979376908
@@ -0,0 +1,70 @@
+From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer at aevum.de>
+Date: Wed, 26 Aug 2020 00:34:38 +0200
+Subject: [PATCH] Don't set maxDepth in XPath contexts
+
+The maximum recursion depth is hardcoded in libxml2 now.
+---
+ libxslt/functions.c |  2 +-
+ tests/fuzz/fuzz.c   | 11 ++---------
+ 2 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 975ea790..7887dda7 100644
+--- libxslt/functions.c
++++ libxslt/functions.c
+@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
+     defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+     xptrctxt->opLimit = ctxt->context->opLimit;
+     xptrctxt->opCount = ctxt->context->opCount;
+-    xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
++    xptrctxt->depth = ctxt->context->depth;
+ 
+     resObj = xmlXPtrEval(fragment, xptrctxt);
+ 
+diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
+index 75234ad6..780c2d41 100644
+--- tests/fuzz/fuzz.c
++++ tests/fuzz/fuzz.c
+@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+     xpctxt = tctxt->xpathCtxt;
+ 
+     /* Resource limits to avoid timeouts and call stack overflows */
+-    xpctxt->maxDepth = 500;
+     xpctxt->opLimit = 500000;
+ 
+     /* Test namespaces used in xpath.xml */
+@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
+     return 0;
+ }
+ 
+-static void
+-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
+-    ctxt->maxDepth = 200;
+-    ctxt->opLimit = 100000;
+-}
+-
+ xmlChar *
+ xsltFuzzXslt(const char *data, size_t size) {
+     xmlDocPtr xsltDoc;
+@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
+         xmlFreeDoc(xsltDoc);
+         return NULL;
+     }
+-    xsltSetXPathResourceLimits(sheet->xpathCtxt);
++    sheet->xpathCtxt->opLimit = 100000;
+     sheet->xpathCtxt->opCount = 0;
+     if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
+         xsltFreeStylesheet(sheet);
+@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
+     xsltSetCtxtSecurityPrefs(sec, ctxt);
+     ctxt->maxTemplateDepth = 100;
+     ctxt->opLimit = 20000;
+-    xsltSetXPathResourceLimits(ctxt->xpathCtxt);
++    ctxt->xpathCtxt->opLimit = 100000;
+     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
+ 
+     result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
+-- 
+GitLab
+

More information about the dev-commits-ports-main mailing list