[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/

["Mike Frysinger" <vapier@gentoo.org>]

commit:     2ad6bf6d6f3dbe00df33a5399c6762fb0ae1867f
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Jan  3 11:08:40 2019 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan  3 11:21:38 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ad6bf6d

dev-libs/libxml2: fix CVE-2017-8872 #618110

Bug: https://bugs.gentoo.org/618110
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .../files/libxml2-2.9.8-CVE-2017-8872.patch        |  65 ++++++
 dev-libs/libxml2/libxml2-2.9.8-r1.ebuild           | 217 +++++++++++++++++++++
 2 files changed, 282 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2017-8872.patch b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2017-8872.patch
new file mode 100644
index 00000000000..6062f63df9e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2017-8872.patch
@@ -0,0 +1,65 @@
+https://bugs.gentoo.org/618110
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+https://gitlab.gnome.org/GNOME/libxml2/issues/26
+
+From 123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 11 Sep 2018 14:52:07 +0200
+Subject: [PATCH] Free input buffer in xmlHaltParser
+
+This avoids miscalculation of available bytes.
+
+Thanks to Yunho Kim for the report.
+
+Closes: #26
+---
+ parser.c                     |  5 +++++
+ result/errors/759573.xml.err | 17 +++++++----------
+ 2 files changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index ca9fde2c8758..5813a6643e15 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ 	    ctxt->input->free((xmlChar *) ctxt->input->base);
+ 	    ctxt->input->free = NULL;
+ 	}
++        if (ctxt->input->buf != NULL) {
++            xmlFreeParserInputBuffer(ctxt->input->buf);
++            ctxt->input->buf = NULL;
++        }
+ 	ctxt->input->cur = BAD_CAST"";
++        ctxt->input->length = 0;
+ 	ctxt->input->base = ctxt->input->cur;
+         ctxt->input->end = ctxt->input->cur;
+     }
+diff --git a/result/errors/759573.xml.err b/result/errors/759573.xml.err
+index 554039f65b91..38ef5c40b8e3 100644
+--- a/result/errors/759573.xml.err
++++ b/result/errors/759573.xml.err
+@@ -21,14 +21,11 @@ Entity: line 1:
+             ^
+ ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
+ 
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-     ^
++
++^
+ ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-     ^
+-./test/errors/759573.xml:1: parser error : StartTag: invalid element name
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-      ^
+-./test/errors/759573.xml:1: parser error : Extra content at the end of the document
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-      ^
++
++^
++./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
++
++^
+-- 
+2.19.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
new file mode 100644
index 00000000000..1a798958bcb
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
@@ -0,0 +1,217 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="XML C parser and toolkit"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${RDEPEND}
+	dev-util/gtk-doc-am
+	virtual/pkgconfig
+	hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+src_unpack() {
+	# ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+	# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+	unpack ${P/_rc/-rc}.tar.gz
+	cd "${S}" || die
+
+	if use test; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+	# Patches needed for prefix support
+	eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+	eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+	# Fix build for Windows platform
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760456
+	# eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+	# Fix python detection, bug #567066
+	# https://bugzilla.gnome.org/show_bug.cgi?id=760458
+	eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+	# Fix python tests when building out of tree #565576
+	eapply "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+
+	# CVE-2017-8872 #618110
+	# https://bugzilla.gnome.org/show_bug.cgi?id=775200
+	eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2017-8872.patch
+
+	if [[ ${CHOST} == *-darwin* ]] ; then
+		# Avoid final linking arguments for python modules
+		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+		# gcc-apple doesn't grok -Wno-array-bounds
+		sed -i -e 's/-Wno-array-bounds//' configure.ac || die
+	fi
+
+	# Please do not remove, as else we get references to PORTAGE_TMPDIR
+	# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+	# We now need to run eautoreconf at the end to prevent maintainer mode.
+#	elibtoolize
+#	epunt_cxx # if we don't eautoreconf
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# filter seemingly problematic CFLAGS (#26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# USE zlib support breaks gnome2
+	# (libgnomeprint for instance fails to compile with
+	# fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+
+	# --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--with-html-subdir=${PF}/html \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable ipv6) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	libxml2_py_configure() {
+		mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+		run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+	}
+
+	libxml2_configure --without-python # build python bindings separately
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_configure
+	fi
+}
+
+multilib_src_compile() {
+	default
+	if multilib_is_native_abi && use python; then
+		local native_builddir=${BUILD_DIR}
+		python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+	fi
+}
+
+multilib_src_test() {
+	emake check
+	multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" \
+		EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+	if multilib_is_native_abi && use python; then
+		python_foreach_impl libxml2_py_emake \
+			DESTDIR="${D}" \
+			docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+			exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+			install
+		python_foreach_impl python_optimize
+	fi
+}
+
+multilib_src_install_all() {
+	# on windows, xmllint is installed by interix libxml2 in parent prefix.
+	# this is the version to use. the native winnt version does not support
+	# symlinks, which makes repoman fail if the portage tree is linked in
+	# from another location (which is my default). -- mduft
+	if [[ ${CHOST} == *-winnt* ]]; then
+		rm -rf "${ED}"/usr/bin/xmllint
+		rm -rf "${ED}"/usr/bin/xmlcatalog
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${P}
+	einstalldocs
+
+	if ! use examples; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ "${ROOT}" != "/" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}etc/xml/catalog"
+
+		# we dont want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e ${CATALOG} ]]; then
+			[[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}/python" > /dev/null || die
+	emake "$@"
+	popd > /dev/null
+}