diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 251af28..a0f436f 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,10 +1,14 @@ PORTNAME= libxml2 DISTVERSION= 2.11.9 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= textproc gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome +# FIX CVE-2025-32414 +PATCH_SITES= https://gitlab.gnome.org/-/project/1665/uploads/ +PATCHFILES+= 90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch:-p1 + MAINTAINER= desktop@FreeBSD.org COMMENT?= XML parser library for GNOME WWW= http://xmlsoft.org/ @@ -13,6 +17,7 @@ LICENSE= MIT USES+= cmake:testing cpe iconv localbase:ldflags pathfix \ pkgconfig tar:xz + CPE_VENDOR= xmlsoft USE_LDCONFIG= yes # Don't build with Python support unless requested diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 4ea4340..5b133ca 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1725749707 +TIMESTAMP = 1749806706 SHA256 (gnome/libxml2-2.11.9.tar.xz) = 780157a1efdb57188ec474dca87acaee67a3a839c2525b2214d318228451809f SIZE (gnome/libxml2-2.11.9.tar.xz) = 2627500 +SHA256 (gnome/90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch) = 48eb9235fa0ebb1f539b9669d01a05ed5afb73132eee13a9dfe08ac2165e6e8a +SIZE (gnome/90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch) = 2113 diff --git a/textproc/libxml2/files/patch-CVE-2024-56171 b/textproc/libxml2/files/patch-CVE-2024-56171 new file mode 100644 index 0000000..a2f6aa6 --- /dev/null +++ b/textproc/libxml2/files/patch-CVE-2024-56171 @@ -0,0 +1,18 @@ +--- xmlschemas.c.orig 2024-07-24 16:00:51.000000000 +0200 ++++ xmlschemas.c 2025-06-13 12:28:51.821977000 +0200 +@@ -23672,6 +23672,7 @@ + } + if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1) + goto internal_error; ++ dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items; + /* + * Remove the duplicate entry from the IDC node-table. + */ +@@ -23888,6 +23889,7 @@ + goto internal_error; + } + xmlSchemaItemListAdd(parBind->dupls, parNode); ++ dupls = (xmlSchemaPSVIIDCNodePtr *) parBind->dupls->items; + } else { + /* + * Add the node-table entry (node and key-sequence) of diff --git a/textproc/libxml2/files/patch-CVE-2025-24928 b/textproc/libxml2/files/patch-CVE-2025-24928 new file mode 100644 index 0000000..9295456 --- /dev/null +++ b/textproc/libxml2/files/patch-CVE-2025-24928 @@ -0,0 +1,42 @@ +--- valid.c.orig 2024-07-24 16:00:51.000000000 +0200 ++++ valid.c 2025-06-13 12:21:58.669680000 +0200 +@@ -5252,25 +5252,27 @@ + return; + } + switch (cur->type) { +- case XML_ELEMENT_NODE: ++ case XML_ELEMENT_NODE: { ++ int qnameLen = xmlStrlen(cur->name); ++ ++ if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) ++ qnameLen += xmlStrlen(cur->ns->prefix) + 1; ++ if (size - len < qnameLen + 10) { ++ if ((size - len > 4) && (buf[len - 1] != '.')) ++ strcat(buf, " ..."); ++ return; ++ } ++ + if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) { +- if (size - len < xmlStrlen(cur->ns->prefix) + 10) { +- if ((size - len > 4) && (buf[len - 1] != '.')) +- strcat(buf, " ..."); +- return; +- } + strcat(buf, (char *) cur->ns->prefix); + strcat(buf, ":"); + } +- if (size - len < xmlStrlen(cur->name) + 10) { +- if ((size - len > 4) && (buf[len - 1] != '.')) +- strcat(buf, " ..."); +- return; +- } +- strcat(buf, (char *) cur->name); ++ if (cur->name != NULL) ++ strcat(buf, (char *) cur->name); + if (cur->next != NULL) + strcat(buf, " "); + break; ++ } + case XML_TEXT_NODE: + if (xmlIsBlankNode(cur)) + break;