* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2015-10-31 1:42 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2015-10-31 1:42 UTC (permalink / raw
To: gentoo-commits
commit: c0e9a7cf42c7bf4abae02b2ee0441244e01de9f6
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 31 01:41:22 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Oct 31 01:41:22 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0e9a7cf
dev-libs/libxml2: disable building of useless programs
These aren't used during build or install, so disable them.
.../files/libxml2-2.9.2-disable-tests.patch | 59 ++++++++++++++++++++++
dev-libs/libxml2/libxml2-2.9.2-r1.ebuild | 3 ++
2 files changed, 62 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
new file mode 100644
index 0000000..86d5995
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -0,0 +1,59 @@
+do not build test programs as we don't install them
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,7 +10,7 @@
+
+ AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS)
+
+-noinst_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
++check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
+ testThreads testC14N testAutomata testRegexp \
+ testReader testapi testModule runtest runsuite testchar \
+ testdict runxmlconf testrecurse testlimits
+@@ -170,7 +170,7 @@
+ testModule_DEPENDENCIES = $(DEPS)
+ testModule_LDADD= $(LDADDS)
+
+-noinst_LTLIBRARIES = testdso.la
++check_LTLIBRARIES = testdso.la
+ testdso_la_SOURCES = testdso.c
+ testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
+
+--- a/doc/examples/Makefile.am
++++ b/doc/examples/Makefile.am
+@@ -13,7 +13,7 @@
+ rebuild: examples.xml index.html
+ .PHONY: rebuild
+
+-examples.xml: index.py $(noinst_PROGRAMS:=.c)
++examples.xml: index.py $(check_PROGRAMS:=.c)
+ cd $(srcdir) && $(PYTHON) index.py
+ $(MAKE) Makefile
+
+@@ -49,7 +49,7 @@
+ xpath1.res \
+ xpath2.res
+
+-noinst_PROGRAMS = \
++check_PROGRAMS = \
+ io1 \
+ io2 \
+ parse1 \
+@@ -99,7 +99,7 @@
+ valgrind:
+ $(MAKE) CHECKER='valgrind' tests
+
+-tests: $(noinst_PROGRAMS)
++tests: $(check_PROGRAMS)
+ test -f Makefile.am || test -f test1.xml || $(LN_S) $(srcdir)/test?.xml .
+ @(echo '## examples regression tests')
+ @(echo > .memdump)
+--- a/example/Makefile.am
++++ b/example/Makefile.am
+@@ -1,4 +1,4 @@
+-noinst_PROGRAMS = gjobread
++check_PROGRAMS = gjobread
+
+ AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/include
+ AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS)
diff --git a/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
index a03df24..99c6b6c 100644
--- a/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.2-r1.ebuild
@@ -75,6 +75,9 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+ # Disable programs that we don't actually install.
+ epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
# epunt_cxx # if we don't eautoreconf
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2015-11-09 20:31 Gilles Dartiguelongue
0 siblings, 0 replies; 14+ messages in thread
From: Gilles Dartiguelongue @ 2015-11-09 20:31 UTC (permalink / raw
To: gentoo-commits
commit: 96b2498a5a75539fcf0bf322db2634f278a416d5
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 9 19:22:57 2015 +0000
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Mon Nov 9 20:30:36 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b2498a
dev-libs/libxml2: apply several security patches
Security bugs: #560524, #564240 and #564776.
Also fix incorrect lzma support, bug #530386 and fix handling of
documentation and examples with USE=python, bug #533324.
https://bugs.gentoo.org/show_bug.cgi?id=530386
https://bugs.gentoo.org/show_bug.cgi?id=533324
https://bugs.gentoo.org/show_bug.cgi?id=560524
https://bugs.gentoo.org/show_bug.cgi?id=564240
https://bugs.gentoo.org/show_bug.cgi?id=564776
Package-Manager: portage-2.2.23
.../files/libxml2-2.9.2-cve-2015-7941-1.patch | 32 +++
.../files/libxml2-2.9.2-cve-2015-7941-2.patch | 49 +++++
.../files/libxml2-2.9.2-cve-2015-8035.patch | 31 +++
.../files/libxml2-2.9.2-disable-tests.patch | 9 +
.../libxml2/files/libxml2-2.9.2-fix-lzma.patch | 114 ++++++++++
...ml2-2.9.2-overflow-conditional-sections-1.patch | 32 +++
...ml2-2.9.2-overflow-conditional-sections-2.patch | 28 +++
| 65 ++++++
dev-libs/libxml2/libxml2-2.9.2-r2.ebuild | 229 +++++++++++++++++++++
9 files changed, 589 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
new file mode 100644
index 0000000..8a6c98c
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
@@ -0,0 +1,32 @@
+From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:17:35 +0800
+Subject: [PATCH] Stop parsing on entities boundaries errors
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+There are times, like on unterminated entities that it's preferable to
+stop parsing, even if that means less error reporting. Entities are
+feeding the parser on further processing, and if they are ill defined
+then it's possible to get the parser to bug. Also do the same on
+Conditional Sections if the input is broken, as the structure of
+the document can't be guessed.
+---
+ parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/parser.c b/parser.c
+index a8d1b67..bbe97eb 100644
+--- a/parser.c
++++ b/parser.c
+@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
+ if (RAW != '>') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ "xmlParseEntityDecl: entity %s not terminated\n", name);
++ xmlStopParser(ctxt);
+ } else {
+ if (input != ctxt->input) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+--
+2.4.10
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
new file mode 100644
index 0000000..df30c89
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
@@ -0,0 +1,49 @@
+From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: [PATCH] Cleanup conditional section error handling
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index bbe97eb..fe603ac 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ SKIP_BLANKS;
+ if (RAW != '[') {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++ xmlStopParser(ctxt);
++ return;
+ } else {
+ if (ctxt->input->id != id) {
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ SKIP_BLANKS;
+ if (RAW != '[') {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++ xmlStopParser(ctxt);
++ return;
+ } else {
+ if (ctxt->input->id != id) {
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+
+ } else {
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
++ xmlStopParser(ctxt);
++ return;
+ }
+
+ if (RAW == 0)
+--
+2.4.10
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
new file mode 100644
index 0000000..f51863e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
@@ -0,0 +1,31 @@
+From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:31:25 +0800
+Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+DoS when parsing specially crafted XML document if XZ support
+is compiled in (which wasn't the case for 2.9.2 and master since
+Nov 2013, fixed in next commit !)
+---
+ xzlib.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index 0dcb9f4..1fab546 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
+ xz_error(state, LZMA_DATA_ERROR, "compressed data error");
+ return -1;
+ }
++ if (ret == LZMA_PROG_ERROR) {
++ xz_error(state, LZMA_PROG_ERROR, "compression error");
++ return -1;
++ }
+ } while (strm->avail_out && ret != LZMA_STREAM_END);
+
+ /* update available output and crc check value */
+--
+2.4.10
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
index 86d5995..a996bf6 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -20,6 +20,15 @@ do not build test programs as we don't install them
testdso_la_SOURCES = testdso.c
testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
+@@ -202,7 +202,7 @@ runxmlconf_LDADD= $(LDADDS)
+ #testOOM_DEPENDENCIES = $(DEPS)
+ #testOOM_LDADD= $(LDADDS)
+
+-runtests:
++runtests: check_PROGRAMS
+ [ -d test ] || $(LN_S) $(srcdir)/test .
+ [ -d result ] || $(LN_S) $(srcdir)/result .
+ $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -13,7 +13,7 @@
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
new file mode 100644
index 0000000..e9b6da6
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
@@ -0,0 +1,114 @@
+From 18b8988511b0954272cac4d6c3e6724f9dbf6e0a Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:46:29 +0800
+Subject: [PATCH] Reenable xz support by default
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+
+problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8
+for https://bugzilla.gnome.org/show_bug.cgi?id=711026
+---
+ configure.ac | 3 +++
+ xmlIO.c | 12 ++++++------
+ xzlib.c | 6 ++++--
+ 3 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 14ac0a8..48e0577 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -445,6 +445,9 @@ else
+ fi],
+ [have_liblzma=no])
+ LDFLAGS="${SAVE_LDFLAGS}"])
++ else
++ # we still need to check for lzma,h header
++ AC_CHECK_HEADERS([lzma.h])
+ fi
+
+ # Found the library via either method?
+diff --git a/xmlIO.c b/xmlIO.c
+index e628ab0..8b13184 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -1334,7 +1334,7 @@ xmlGzfileClose (void * context) {
+ }
+ #endif /* HAVE_ZLIB_H */
+
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ /************************************************************************
+ * *
+ * I/O for compressed file accesses *
+@@ -1451,7 +1451,7 @@ xmlXzfileClose (void * context) {
+ if (ret < 0) xmlIOErr(0, "xzclose()");
+ return(ret);
+ }
+-#endif /* HAVE_LZMA_H */
++#endif /* LIBXML_LZMA_ENABLED */
+
+ #ifdef LIBXML_HTTP_ENABLED
+ /************************************************************************
+@@ -2328,10 +2328,10 @@ xmlRegisterDefaultInputCallbacks(void) {
+ xmlRegisterInputCallbacks(xmlGzfileMatch, xmlGzfileOpen,
+ xmlGzfileRead, xmlGzfileClose);
+ #endif /* HAVE_ZLIB_H */
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ xmlRegisterInputCallbacks(xmlXzfileMatch, xmlXzfileOpen,
+ xmlXzfileRead, xmlXzfileClose);
+-#endif /* HAVE_ZLIB_H */
++#endif /* LIBXML_LZMA_ENABLED */
+
+ #ifdef LIBXML_HTTP_ENABLED
+ xmlRegisterInputCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
+@@ -2683,7 +2683,7 @@ __xmlParserInputBufferCreateFilename(const char *URI, xmlCharEncoding enc) {
+ #endif
+ }
+ #endif
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ if ((xmlInputCallbackTable[i].opencallback == xmlXzfileOpen) &&
+ (strcmp(URI, "-") != 0)) {
+ ret->compressed = __libxml2_xzcompressed(context);
+@@ -3350,7 +3350,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
+ * try to establish compressed status of input if not done already
+ */
+ if (in->compressed == -1) {
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+ if (in->readcallback == xmlXzfileRead)
+ in->compressed = __libxml2_xzcompressed(in->context);
+ #endif
+diff --git a/xzlib.c b/xzlib.c
+index 1fab546..782957f 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -8,7 +8,7 @@
+ */
+ #define IN_LIBXML
+ #include "libxml.h"
+-#ifdef HAVE_LZMA_H
++#ifdef LIBXML_LZMA_ENABLED
+
+ #include <string.h>
+ #ifdef HAVE_ERRNO_H
+@@ -34,7 +34,9 @@
+ #ifdef HAVE_ZLIB_H
+ #include <zlib.h>
+ #endif
++#ifdef HAVE_LZMA_H
+ #include <lzma.h>
++#endif
+
+ #include "xzlib.h"
+ #include <libxml/xmlmemory.h>
+@@ -799,4 +801,4 @@ __libxml2_xzclose(xzFile file)
+ xmlFree(state);
+ return ret ? ret : LZMA_OK;
+ }
+-#endif /* HAVE_LZMA_H */
++#endif /* LIBXML_LZMA_ENABLED */
+--
+2.4.10
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
new file mode 100644
index 0000000..bb0766a
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
@@ -0,0 +1,32 @@
+From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 23 Oct 2015 19:02:28 +0800
+Subject: Another variation of overflow in Conditional sections
+
+Which happen after the previous fix to
+https://bugzilla.gnome.org/show_bug.cgi?id=756456
+
+But stopping the parser and exiting we didn't pop the intermediary entities
+and doing the SKIP there applies on an input which may be too small
+---
+ parser.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index a65e4cc..b9217ff 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ "All markup of the conditional section is not in the same entity\n",
+ NULL, NULL);
+ }
+- SKIP(3);
++ if ((ctxt-> instate != XML_PARSER_EOF) &&
++ ((ctxt->input->cur + 3) < ctxt->input->end))
++ SKIP(3);
+ }
+ }
+
+--
+cgit v0.11.2
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
new file mode 100644
index 0000000..1a059fe
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
@@ -0,0 +1,28 @@
+From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 27 Oct 2015 10:53:44 +0800
+Subject: Fix an error in previous Conditional section patch
+
+an off by one mistake in the change, led to error on correct
+document where the end of the included entity was exactly
+the end of the conditional section, leading to regtest failure
+---
+ parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index b9217ff..d67b300 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ NULL, NULL);
+ }
+ if ((ctxt-> instate != XML_PARSER_EOF) &&
+- ((ctxt->input->cur + 3) < ctxt->input->end))
++ ((ctxt->input->cur + 3) <= ctxt->input->end))
+ SKIP(3);
+ }
+ }
+--
+cgit v0.11.2
+
--git a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
new file mode 100644
index 0000000..bd4e482
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
@@ -0,0 +1,65 @@
+From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 30 Oct 2015 21:14:55 +0800
+Subject: Fix parsing short unclosed comment uninitialized access
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=746048
+The HTML parser was too optimistic when processing comments and
+didn't check for the end of the stream on the first 2 characters
+---
+ HTMLparser.c | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index 19c10c3..bdf7807 100644
+--- a/HTMLparser.c
++++ b/HTMLparser.c
+@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
+ ctxt->instate = state;
+ return;
+ }
++ len = 0;
++ buf[len] = 0;
+ q = CUR_CHAR(ql);
++ if (!IS_CHAR(q))
++ goto unfinished;
+ NEXTL(ql);
+ r = CUR_CHAR(rl);
++ if (!IS_CHAR(r))
++ goto unfinished;
+ NEXTL(rl);
+ cur = CUR_CHAR(l);
+- len = 0;
+ while (IS_CHAR(cur) &&
+ ((cur != '>') ||
+ (r != '-') || (q != '-'))) {
+@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
+ }
+ }
+ buf[len] = 0;
+- if (!IS_CHAR(cur)) {
+- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+- "Comment not terminated \n<!--%.50s\n", buf, NULL);
+- xmlFree(buf);
+- } else {
++ if (IS_CHAR(cur)) {
+ NEXT;
+ if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
+ (!ctxt->disableSAX))
+ ctxt->sax->comment(ctxt->userData, buf);
+ xmlFree(buf);
++ ctxt->instate = state;
++ return;
+ }
+- ctxt->instate = state;
++
++unfinished:
++ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++ "Comment not terminated \n<!--%.50s\n", buf, NULL);
++ xmlFree(buf);
+ }
+
+ /**
+--
+cgit v0.11.2
+
diff --git a/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild
new file mode 100644
index 0000000..5501fca
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.2-r2.ebuild
@@ -0,0 +1,229 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{3,4,5} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+COMMON_DEPEND="
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+RDEPEND="${COMMON_DEPEND}
+ abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r6
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
+"
+DEPEND="${COMMON_DEPEND}
+ dev-util/gtk-doc-am
+ virtual/pkgconfig
+ hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+src_unpack() {
+ # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${P/_rc/-rc}.tar.gz
+ cd "${S}"
+
+ if use test; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+ # Patches needed for prefix support
+ epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+ # Fix build for Windows platform
+ epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+ # Disable programs that we don't actually install.
+ epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+ # Fix zlib parameter handling for cross-compilation
+ # https://bugzilla.gnome.org/show_bug.cgi?id=749416
+ epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
+
+ # Use pkgconfig to find icu to properly support multilib
+ # https://bugs.gentoo.org/show_bug.cgi?id=738751
+ epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
+
+ # Important patches from master
+ epatch \
+ "${FILESDIR}"/${PN}-2.9.2-revert-missing-initialization.patch \
+ "${FILESDIR}"/${PN}-2.9.2-missing-entities.patch \
+ "${FILESDIR}"/${PN}-2.9.2-threads-declarations.patch \
+ "${FILESDIR}"/${PN}-2.9.2-timsort.patch \
+ "${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-1.patch \
+ "${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-2.patch \
+ "${FILESDIR}"/${PN}-2.9.2-constant-memory.patch \
+ "${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-1.patch \
+ "${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-2.patch \
+ "${FILESDIR}"/${PN}-2.9.2-unclosed-comments.patch \
+ "${FILESDIR}"/${PN}-2.9.2-cve-2015-8035.patch \
+ "${FILESDIR}"/${PN}-2.9.2-fix-lzma.patch
+
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ # We now need to run eautoreconf at the end to prevent maintainer mode.
+# elibtoolize
+# epunt_cxx # if we don't eautoreconf
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # filter seemingly problematic CFLAGS (#26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # USE zlib support breaks gnome2
+ # (libgnomeprint for instance fails to compile with
+ # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+ # The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+
+ # --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-html-subdir=${PF}/html \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable ipv6) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ libxml2_py_configure() {
+ mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+ run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
+ }
+
+ libxml2_configure --without-python # build python bindings separately
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_configure
+ fi
+}
+
+multilib_src_compile() {
+ default
+ if multilib_is_native_abi && use python; then
+ local native_builddir=${BUILD_DIR}
+ python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+ fi
+}
+
+multilib_src_test() {
+ default
+ multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" \
+ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_emake \
+ DESTDIR="${D}" \
+ exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples
+ python_foreach_impl python_optimize
+ fi
+}
+
+multilib_src_install_all() {
+ # on windows, xmllint is installed by interix libxml2 in parent prefix.
+ # this is the version to use. the native winnt version does not support
+ # symlinks, which makes repoman fail if the portage tree is linked in
+ # from another location (which is my default). -- mduft
+ if [[ ${CHOST} == *-winnt* ]]; then
+ rm -rf "${ED}"/usr/bin/xmllint
+ rm -rf "${ED}"/usr/bin/xmlcatalog
+ fi
+
+ rm -rf "${ED}"/usr/share/doc/${P}
+ einstalldocs
+
+ if use python ; then
+ docinto python
+ dodoc "${S}"/python/TODO
+ fi
+
+ if ! use examples; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+ fi
+
+ prune_libtool_files --modules
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ "${ROOT}" != "/" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}etc/xml/catalog"
+
+ # we dont want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e ${CATALOG} ]]; then
+ [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}/python" > /dev/null || die
+ emake "$@"
+ popd > /dev/null
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2017-01-02 6:41 Aaron Bauman
0 siblings, 0 replies; 14+ messages in thread
From: Aaron Bauman @ 2017-01-02 6:41 UTC (permalink / raw
To: gentoo-commits
commit: 060503be258912e25b6da77ca79d450553ed0be3
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 2 06:40:16 2017 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Mon Jan 2 06:40:59 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=060503be
dev-libs/libxml2: security bump to -r1 wrt bugs 589816, 597112, 597114, 597116 in coordination with leio
.../files/libxml2-2.9.4-CVE-2016-4658.patch | 249 +++++++++++++++++++++
.../files/libxml2-2.9.4-CVE-2016-5131.patch | 174 ++++++++++++++
.../libxml2/files/libxml2-2.9.4-nullptrderef.patch | 50 +++++
.../files/libxml2-2.9.4-nullptrderef2.patch | 57 +++++
dev-libs/libxml2/libxml2-2.9.4-r1.ebuild | 220 ++++++++++++++++++
5 files changed, 750 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
new file mode 100644
index 00000000..2ef22ce
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
@@ -0,0 +1,249 @@
+From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 18:34:52 +0200
+Subject: Disallow namespace nodes in XPointer ranges
+
+Namespace nodes must be copied to avoid use-after-free errors.
+But they don't necessarily have a physical representation in a
+document, so simply disallow them in XPointer ranges.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-4658.
+---
+ xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
+ 1 file changed, 56 insertions(+), 93 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index a7b03fb..694d120 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
+ }
+
+ /**
++ * xmlXPtrNewRangeInternal:
++ * @start: the starting node
++ * @startindex: the start index
++ * @end: the ending point
++ * @endindex: the ending index
++ *
++ * Internal function to create a new xmlXPathObjectPtr of type range
++ *
++ * Returns the newly created object.
++ */
++static xmlXPathObjectPtr
++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
++ xmlNodePtr end, int endindex) {
++ xmlXPathObjectPtr ret;
++
++ /*
++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
++ * Disallow them for now.
++ */
++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
++ return(NULL);
++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
++ return(NULL);
++
++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
++ if (ret == NULL) {
++ xmlXPtrErrMemory("allocating range");
++ return(NULL);
++ }
++ memset(ret, 0, sizeof(xmlXPathObject));
++ ret->type = XPATH_RANGE;
++ ret->user = start;
++ ret->index = startindex;
++ ret->user2 = end;
++ ret->index2 = endindex;
++ return(ret);
++}
++
++/**
+ * xmlXPtrNewRange:
+ * @start: the starting node
+ * @startindex: the start index
+@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
+ if (endindex < 0)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = startindex;
+- ret->user2 = end;
+- ret->index2 = endindex;
++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
+ if (end->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start->user;
+- ret->index = start->index;
+- ret->user2 = end->user;
+- ret->index2 = end->index;
++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
++ end->index);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
+ if (start->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start->user;
+- ret->index = start->index;
+- ret->user2 = end;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
+ if (end->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = end->user;
+- ret->index2 = end->index;
++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
+ if (end == NULL)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = end;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+ if (start == NULL)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = NULL;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
+ return(ret);
+ }
+
+@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+ */
+ xmlXPathObjectPtr
+ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
++ xmlNodePtr endNode;
++ int endIndex;
+ xmlXPathObjectPtr ret;
+
+ if (start == NULL)
+@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ return(NULL);
+ switch (end->type) {
+ case XPATH_POINT:
++ endNode = end->user;
++ endIndex = end->index;
++ break;
+ case XPATH_RANGE:
++ endNode = end->user2;
++ endIndex = end->index2;
+ break;
+ case XPATH_NODESET:
+ /*
+@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ */
+ if (end->nodesetval->nodeNr <= 0)
+ return(NULL);
++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
++ endIndex = -1;
+ break;
+ default:
+ /* TODO */
+ return(NULL);
+ }
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- switch (end->type) {
+- case XPATH_POINT:
+- ret->user2 = end->user;
+- ret->index2 = end->index;
+- break;
+- case XPATH_RANGE:
+- ret->user2 = end->user2;
+- ret->index2 = end->index2;
+- break;
+- case XPATH_NODESET: {
+- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+- ret->index2 = -1;
+- break;
+- }
+- default:
+- STRANGE
+- return(NULL);
+- }
++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+--
+cgit v0.12
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
new file mode 100644
index 00000000..9ce3fb9
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
@@ -0,0 +1,174 @@
+From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:22:23 +0200
+Subject: Fix XPointer paths beginning with range-to
+
+The old code would invoke the broken xmlXPtrRangeToFunction. range-to
+isn't really a function but a special kind of location step. Remove
+this function and always handle range-to in the XPath code.
+
+The old xmlXPtrRangeToFunction could also be abused to trigger a
+use-after-free error with the potential for remote code execution.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-5131.
+---
+ result/XPath/xptr/vidbase | 13 ++++++++
+ test/XPath/xptr/vidbase | 1 +
+ xpath.c | 7 ++++-
+ xpointer.c | 76 ++++-------------------------------------------
+ 4 files changed, 26 insertions(+), 71 deletions(-)
+
+diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
+index 8b9e92d..f19193e 100644
+--- a/result/XPath/xptr/vidbase
++++ b/result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+ To node
+ ELEMENT p
+
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 : Object is a range :
++ From node
++ /
++ To node
++ ELEMENT chapter
++ ATTRIBUTE id
++ TEXT
++ content=chapter2
++
+diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
+index b146383..884b106 100644
+--- a/test/XPath/xptr/vidbase
++++ b/test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index d992841..5a01b1b 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
+ lc = 1;
+ break;
+ } else if ((NXT(len) == '(')) {
+- /* Note Type or Function */
++ /* Node Type or Function */
+ if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+ "PathExpr: Type search\n");
+ #endif
+ lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++ } else if (ctxt->xptr &&
++ xmlStrEqual(name, BAD_CAST "range-to")) {
++ lc = 1;
++#endif
+ } else {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+diff --git a/xpointer.c b/xpointer.c
+index 676c510..d74174a 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
+ ret->here = here;
+ ret->origin = origin;
+
+- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+- xmlXPtrRangeToFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ xmlXPtrRangeFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ * @nargs: the number of args
+ *
+ * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+ */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+- xmlXPathObjectPtr range;
+- const xmlChar *cur;
+- xmlXPathObjectPtr res, obj;
+- xmlXPathObjectPtr tmp;
+- xmlLocationSetPtr newset = NULL;
+- xmlNodeSetPtr oldset;
+- int i;
+-
+- if (ctxt == NULL) return;
+- CHECK_ARITY(1);
+- /*
+- * Save the expression pointer since we will have to evaluate
+- * it multiple times. Initialize the new set.
+- */
+- CHECK_TYPE(XPATH_NODESET);
+- obj = valuePop(ctxt);
+- oldset = obj->nodesetval;
+- ctxt->context->node = NULL;
+-
+- cur = ctxt->cur;
+- newset = xmlXPtrLocationSetCreate(NULL);
+-
+- for (i = 0; i < oldset->nodeNr; i++) {
+- ctxt->cur = cur;
+-
+- /*
+- * Run the evaluation with a node list made of a single item
+- * in the nodeset.
+- */
+- ctxt->context->node = oldset->nodeTab[i];
+- tmp = xmlXPathNewNodeSet(ctxt->context->node);
+- valuePush(ctxt, tmp);
+-
+- xmlXPathEvalExpr(ctxt);
+- CHECK_ERROR;
+-
+- /*
+- * The result of the evaluation need to be tested to
+- * decided whether the filter succeeded or not
+- */
+- res = valuePop(ctxt);
+- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+- if (range != NULL) {
+- xmlXPtrLocationSetAdd(newset, range);
+- }
+-
+- /*
+- * Cleanup
+- */
+- if (res != NULL)
+- xmlXPathFreeObject(res);
+- if (ctxt->value == tmp) {
+- res = valuePop(ctxt);
+- xmlXPathFreeObject(res);
+- }
+-
+- ctxt->context->node = NULL;
+- }
+-
+- /*
+- * The result is used as the new evaluation set.
+- */
+- xmlXPathFreeObject(obj);
+- ctxt->context->node = NULL;
+- ctxt->context->contextSize = -1;
+- ctxt->context->proximityPosition = -1;
+- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++ int nargs ATTRIBUTE_UNUSED) {
++ XP_ERROR(XPATH_EXPR_ERROR);
+ }
+
+ /**
+--
+cgit v0.12
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
new file mode 100644
index 00000000..d2a9c3e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
@@ -0,0 +1,50 @@
+From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 26 Jun 2016 12:38:28 +0200
+Subject: Fix more NULL pointer derefs in xpointer.c
+
+Found with afl-fuzz.
+---
+ xpointer.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index 694d120..e643ee9 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ /*
+ * Empty set ...
+ */
+- if (end->nodesetval->nodeNr <= 0)
++ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
+ return(NULL);
+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+ endIndex = -1;
+@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
+ */
+ xmlNodeSetPtr set;
+ set = tmp->nodesetval;
+- if ((set->nodeNr != 1) ||
++ if ((set == NULL) || (set->nodeNr != 1) ||
+ (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
+ stack++;
+ } else
+@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ xmlXPathFreeObject(set);
+ XP_ERROR(XPATH_MEMORY_ERROR);
+ }
+- for (i = 0;i < oldset->locNr;i++) {
+- xmlXPtrLocationSetAdd(newset,
+- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++ if (oldset != NULL) {
++ for (i = 0;i < oldset->locNr;i++) {
++ xmlXPtrLocationSetAdd(newset,
++ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
++ }
+ }
+
+ /*
+--
+cgit v0.12
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
new file mode 100644
index 00000000..2484f76
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
@@ -0,0 +1,57 @@
+From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 25 Jun 2016 12:35:50 +0200
+Subject: Fix NULL pointer deref in XPointer range-to
+
+- Check for errors after evaluating first operand.
+- Add sanity check for empty stack.
+
+Found with afl-fuzz.
+---
+ result/XPath/xptr/viderror | 4 ++++
+ test/XPath/xptr/viderror | 1 +
+ xpath.c | 7 ++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 result/XPath/xptr/viderror
+ create mode 100644 test/XPath/xptr/viderror
+
+diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
+new file mode 100644
+index 0000000..d589882
+--- /dev/null
++++ b/result/XPath/xptr/viderror
+@@ -0,0 +1,4 @@
++
++========================
++Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
++Object is empty (NULL)
+diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
+new file mode 100644
+index 0000000..da8c53b
+--- /dev/null
++++ b/test/XPath/xptr/viderror
+@@ -0,0 +1 @@
++xpointer(non-existing-fn()/range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index 113bce6..751665b 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
+ xmlNodeSetPtr oldset;
+ int i, j;
+
+- if (op->ch1 != -1)
++ if (op->ch1 != -1) {
+ total +=
+ xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
++ CHECK_ERROR0;
++ }
++ if (ctxt->value == NULL) {
++ XP_ERROR0(XPATH_INVALID_OPERAND);
++ }
+ if (op->ch2 == -1)
+ return (total);
+
+--
+cgit v0.12
+
diff --git a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
new file mode 100644
index 00000000..642f22d
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
@@ -0,0 +1,220 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+ dev-util/gtk-doc-am
+ virtual/pkgconfig
+ hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+src_unpack() {
+ # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${P/_rc/-rc}.tar.gz
+ cd "${S}"
+
+ if use test; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ default
+
+ DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+ # Patches needed for prefix support
+ eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+ eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+ # Fix build for Windows platform
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760456
+ eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+ # Disable programs that we don't actually install.
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760457
+ eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+ # Fix python detection, bug #567066
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760458
+ eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+ # Apply latest round of security patches wrt bugs
+ # 589816, 597112, 597114, 597116. This will be included
+ # in the next upstream release
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+ # Avoid final linking arguments for python modules
+ if [[ ${CHOST} == *-darwin* ]] ; then
+ sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+ fi
+
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ # We now need to run eautoreconf at the end to prevent maintainer mode.
+# elibtoolize
+# epunt_cxx # if we don't eautoreconf
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # filter seemingly problematic CFLAGS (#26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # USE zlib support breaks gnome2
+ # (libgnomeprint for instance fails to compile with
+ # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+ # The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+
+ # --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-html-subdir=${PF}/html \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable ipv6) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ libxml2_py_configure() {
+ mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+ run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+ }
+
+ libxml2_configure --without-python # build python bindings separately
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_configure
+ fi
+}
+
+multilib_src_compile() {
+ default
+ if multilib_is_native_abi && use python; then
+ local native_builddir=${BUILD_DIR}
+ python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+ fi
+}
+
+multilib_src_test() {
+ default
+ multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" \
+ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_emake \
+ DESTDIR="${D}" \
+ docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+ exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+ install
+ python_foreach_impl python_optimize
+ fi
+}
+
+multilib_src_install_all() {
+ # on windows, xmllint is installed by interix libxml2 in parent prefix.
+ # this is the version to use. the native winnt version does not support
+ # symlinks, which makes repoman fail if the portage tree is linked in
+ # from another location (which is my default). -- mduft
+ if [[ ${CHOST} == *-winnt* ]]; then
+ rm -rf "${ED}"/usr/bin/xmllint
+ rm -rf "${ED}"/usr/bin/xmlcatalog
+ fi
+
+ rm -rf "${ED}"/usr/share/doc/${P}
+ einstalldocs
+
+ if ! use examples; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+ fi
+
+ prune_libtool_files --modules
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ "${ROOT}" != "/" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}etc/xml/catalog"
+
+ # we dont want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e ${CATALOG} ]]; then
+ [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}/python" > /dev/null || die
+ emake "$@"
+ popd > /dev/null
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2017-01-17 15:08 Mart Raudsepp
0 siblings, 0 replies; 14+ messages in thread
From: Mart Raudsepp @ 2017-01-17 15:08 UTC (permalink / raw
To: gentoo-commits
commit: adb3a6266e0b366780309bab1e9b79db48a8b10a
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 17 15:07:16 2017 +0000
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Tue Jan 17 15:07:16 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb3a626
dev-libs/libxml2: Security cleanup (bug #597116)
Package-Manager: Portage-2.3.3, Repoman-2.3.1
dev-libs/libxml2/Manifest | 2 -
.../files/libxml2-2.9.2-constant-memory.patch | 176 ----------------
.../files/libxml2-2.9.2-cross-compile.patch | 17 --
.../files/libxml2-2.9.2-cve-2015-7941-1.patch | 32 ---
.../files/libxml2-2.9.2-cve-2015-7941-2.patch | 49 -----
.../files/libxml2-2.9.2-cve-2015-8035.patch | 31 ---
.../libxml2/files/libxml2-2.9.2-fix-lzma.patch | 114 ----------
.../files/libxml2-2.9.2-icu-pkgconfig.patch | 26 ---
.../files/libxml2-2.9.2-missing-entities.patch | 31 ---
...ml2-2.9.2-overflow-conditional-sections-1.patch | 32 ---
...ml2-2.9.2-overflow-conditional-sections-2.patch | 28 ---
...bxml2-2.9.2-revert-missing-initialization.patch | 26 ---
.../files/libxml2-2.9.2-threads-declarations.patch | 48 -----
dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch | 128 ------------
| 65 ------
dev-libs/libxml2/libxml2-2.9.2-r4.ebuild | 230 ---------------------
dev-libs/libxml2/libxml2-2.9.3.ebuild | 215 -------------------
dev-libs/libxml2/libxml2-2.9.4.ebuild | 4 +-
18 files changed, 2 insertions(+), 1252 deletions(-)
diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index a98d740..78dfb10 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,5 +1,3 @@
-DIST libxml2-2.9.2.tar.gz 5444991 SHA256 5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc SHA512 a4e3b20e2efceed39c20379b32b746d4a1cf65c0cf7719d26c9bf7483c1f04a4e5a442ae2f36dc4ae8a4d011b67cfb58d9f6d0be034fa3e897a49059c9289565 WHIRLPOOL d7a77cb6ad49533cf62f6a759668e297a60dd7f70c9e13b29f682c64dfb25ae46eb9db552500130f40e3f969897bda996001d18236a4630e3713f6dd5acbe686
-DIST libxml2-2.9.3.tar.gz 5477112 SHA256 4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d SHA512 078afa65229de4f23e6538767253fb4f9f61d96cb72e445179c71d536b224d54922f22972a2b71434796f83f8c99f6a46c3b8813cb4582ad9fca696d141e0abb WHIRLPOOL 34006c371ef85ce05a4f662bfda9f06e7d7fec737a02e023bc3153584d4dcff26be45673b7989091dadd10882765fa3a2abe67c5d1f5aa476d84b9bb57b83b73
DIST libxml2-2.9.4.tar.gz 5374830 SHA256 ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c SHA512 f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 WHIRLPOOL 268d3364a3d293810dff060b3ab92042c5550e50dbe9038c4d5b54ea6a22ed77f9572575517ae3bacfe518d634047eb9d5345e903b125e56a3d32ad1ba96dabf
DIST xmlts20080827.tar.gz 638940 SHA256 96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d WHIRLPOOL 50835380c3ea208df0bf9ce032ed2df69c4c6cb5a53ffdd39a08fb4f1d166f311b2ef2fe0d9911ae1ebff92aeb42f6ea55e727dfe0b7a3b95e6c7240315b3eda
DIST xsts-2002-01-16.tar.gz 6894439 SHA256 55e5c08db29946a91ea8e70e8f2418d3fd30d8b6777941dfba7f54726ffd9914 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288 WHIRLPOOL 84dd51959460a4f8aa582d57ad39229c546ca7fe155012c57c368b59f5d31400d8b940a343a7320058330ca611303139cacdffed514783f96406ac5366026b11
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch b/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch
deleted file mode 100644
index dc944b6..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-constant-memory.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 14 Apr 2015 17:41:48 +0800
-Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant memory
-
-One of the operation on the reader could resolve entities
-leading to the classic expansion issue. Make sure the
-buffer used for xmlreader operation is bounded.
-Introduce a new allocation type for the buffers for this effect.
----
- buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
- include/libxml/tree.h | 3 ++-
- xmlreader.c | 20 +++++++++++++++++++-
- 3 files changed, 63 insertions(+), 3 deletions(-)
-
-diff --git a/buf.c b/buf.c
-index 6efc7b6..07922ff 100644
---- a/buf.c
-+++ b/buf.c
-@@ -27,6 +27,7 @@
- #include <libxml/tree.h>
- #include <libxml/globals.h>
- #include <libxml/tree.h>
-+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
- #include "buf.h"
-
- #define WITH_BUFFER_COMPAT
-@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
- if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
- (scheme == XML_BUFFER_ALLOC_EXACT) ||
- (scheme == XML_BUFFER_ALLOC_HYBRID) ||
-- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
-+ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
-+ (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
- buf->alloc = scheme;
- if (buf->buffer)
- buf->buffer->alloc = scheme;
-@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
- size = buf->use + len + 100;
- #endif
-
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
-+ (buf->size >= XML_MAX_TEXT_LENGTH)) {
-+ xmlBufMemoryError(buf, "buffer error: text too long\n");
-+ return(0);
-+ }
-+ if (size >= XML_MAX_TEXT_LENGTH)
-+ size = XML_MAX_TEXT_LENGTH;
-+ }
- if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
- size_t start_buf = buf->content - buf->contentIO;
-
-@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
- CHECK_COMPAT(buf)
-
- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if (size >= XML_MAX_TEXT_LENGTH) {
-+ xmlBufMemoryError(buf, "buffer error: text too long\n");
-+ return(0);
-+ }
-+ }
-
- /* Don't resize if we don't have to */
- if (size < buf->size)
-@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
-
- needSize = buf->use + len + 2;
- if (needSize > buf->size){
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if (needSize >= XML_MAX_TEXT_LENGTH) {
-+ xmlBufMemoryError(buf, "buffer error: text too long\n");
-+ return(-1);
-+ }
-+ }
- if (!xmlBufResize(buf, needSize)){
- xmlBufMemoryError(buf, "growing buffer");
- return XML_ERR_NO_MEMORY;
-@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
- }
- needSize = buf->use + len + 2;
- if (needSize > buf->size){
-+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
-+ /*
-+ * Used to provide parsing limits
-+ */
-+ if (needSize >= XML_MAX_TEXT_LENGTH) {
-+ xmlBufMemoryError(buf, "buffer error: text too long\n");
-+ return(-1);
-+ }
-+ }
- if (!xmlBufResize(buf, needSize)){
- xmlBufMemoryError(buf, "growing buffer");
- return XML_ERR_NO_MEMORY;
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index 2f90717..4a9b3bc 100644
---- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -76,7 +76,8 @@ typedef enum {
- XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
- XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
- XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
-- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
-+ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
-+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
- } xmlBufferAllocationScheme;
-
- /**
-diff --git a/xmlreader.c b/xmlreader.c
-index f19e123..471e7e2 100644
---- a/xmlreader.c
-+++ b/xmlreader.c
-@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
- "xmlNewTextReader : malloc failed\n");
- return(NULL);
- }
-+ /* no operation on a reader should require a huge buffer */
-+ xmlBufSetAllocationScheme(ret->buffer,
-+ XML_BUFFER_ALLOC_BOUNDED);
- ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
- if (ret->sax == NULL) {
- xmlBufFree(ret->buffer);
-@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
- return(((xmlNsPtr) node)->href);
- case XML_ATTRIBUTE_NODE:{
- xmlAttrPtr attr = (xmlAttrPtr) node;
-+ const xmlChar *ret;
-
- if ((attr->children != NULL) &&
- (attr->children->type == XML_TEXT_NODE) &&
-@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
- "xmlTextReaderSetup : malloc failed\n");
- return (NULL);
- }
-+ xmlBufSetAllocationScheme(reader->buffer,
-+ XML_BUFFER_ALLOC_BOUNDED);
- } else
- xmlBufEmpty(reader->buffer);
- xmlBufGetNodeContent(reader->buffer, node);
-- return(xmlBufContent(reader->buffer));
-+ ret = xmlBufContent(reader->buffer);
-+ if (ret == NULL) {
-+ /* error on the buffer best to reallocate */
-+ xmlBufFree(reader->buffer);
-+ reader->buffer = xmlBufCreateSize(100);
-+ xmlBufSetAllocationScheme(reader->buffer,
-+ XML_BUFFER_ALLOC_BOUNDED);
-+ ret = BAD_CAST "";
-+ }
-+ return(ret);
- }
- break;
- }
-@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
- "xmlTextReaderSetup : malloc failed\n");
- return (-1);
- }
-+ /* no operation on a reader should require a huge buffer */
-+ xmlBufSetAllocationScheme(reader->buffer,
-+ XML_BUFFER_ALLOC_BOUNDED);
- if (reader->sax == NULL)
- reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
- if (reader->sax == NULL) {
---
-2.3.5
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch
deleted file mode 100644
index 447222e..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cross-compile.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-https://bugzilla.gnome.org/show_bug.cgi?id=749416
-
-do not use -L$Z_DIR/lib when Z_DIR isn't actually set
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -392,7 +392,9 @@ if test "$with_zlib" = "no"; then
- else
- AC_CHECK_HEADERS(zlib.h,
- [SAVE_LDFLAGS="${LDFLAGS}"
-- LDFLAGS="-L${Z_DIR}/lib"
-+ if test "x${Z_DIR}" != "x"; then
-+ LDFLAGS="${LDFLAGS} -L${Z_DIR}/lib"
-+ fi
- AC_CHECK_LIB(z, gzread,[
- AC_DEFINE([HAVE_LIBZ], [1], [Have compression library])
- WITH_ZLIB=1
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
deleted file mode 100644
index 8a6c98c..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:17:35 +0800
-Subject: [PATCH] Stop parsing on entities boundaries errors
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-There are times, like on unterminated entities that it's preferable to
-stop parsing, even if that means less error reporting. Entities are
-feeding the parser on further processing, and if they are ill defined
-then it's possible to get the parser to bug. Also do the same on
-Conditional Sections if the input is broken, as the structure of
-the document can't be guessed.
----
- parser.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/parser.c b/parser.c
-index a8d1b67..bbe97eb 100644
---- a/parser.c
-+++ b/parser.c
-@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
- if (RAW != '>') {
- xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
- "xmlParseEntityDecl: entity %s not terminated\n", name);
-+ xmlStopParser(ctxt);
- } else {
- if (input != ctxt->input) {
- xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
---
-2.4.10
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
deleted file mode 100644
index df30c89..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-7941-2.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 23 Feb 2015 11:29:20 +0800
-Subject: [PATCH] Cleanup conditional section error handling
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=744980
-
-The error handling of Conditional Section also need to be
-straightened as the structure of the document can't be
-guessed on a failure there and it's better to stop parsing
-as further errors are likely to be irrelevant.
----
- parser.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index bbe97eb..fe603ac 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- SKIP_BLANKS;
- if (RAW != '[') {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- } else {
- if (ctxt->input->id != id) {
- xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
-@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
-
- } else {
- xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
-+ xmlStopParser(ctxt);
-+ return;
- }
-
- if (RAW == 0)
---
-2.4.10
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch b/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
deleted file mode 100644
index f51863e..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-cve-2015-8035.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 3 Nov 2015 15:31:25 +0800
-Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-DoS when parsing specially crafted XML document if XZ support
-is compiled in (which wasn't the case for 2.9.2 and master since
-Nov 2013, fixed in next commit !)
----
- xzlib.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index 0dcb9f4..1fab546 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
- xz_error(state, LZMA_DATA_ERROR, "compressed data error");
- return -1;
- }
-+ if (ret == LZMA_PROG_ERROR) {
-+ xz_error(state, LZMA_PROG_ERROR, "compression error");
-+ return -1;
-+ }
- } while (strm->avail_out && ret != LZMA_STREAM_END);
-
- /* update available output and crc check value */
---
-2.4.10
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch b/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
deleted file mode 100644
index e9b6da6..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-fix-lzma.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 18b8988511b0954272cac4d6c3e6724f9dbf6e0a Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 3 Nov 2015 15:46:29 +0800
-Subject: [PATCH] Reenable xz support by default
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=757466
-
-problem was introduced by commit f3f86ff465c92c79f834d7b981f3c7274a8bb5c8
-for https://bugzilla.gnome.org/show_bug.cgi?id=711026
----
- configure.ac | 3 +++
- xmlIO.c | 12 ++++++------
- xzlib.c | 6 ++++--
- 3 files changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 14ac0a8..48e0577 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -445,6 +445,9 @@ else
- fi],
- [have_liblzma=no])
- LDFLAGS="${SAVE_LDFLAGS}"])
-+ else
-+ # we still need to check for lzma,h header
-+ AC_CHECK_HEADERS([lzma.h])
- fi
-
- # Found the library via either method?
-diff --git a/xmlIO.c b/xmlIO.c
-index e628ab0..8b13184 100644
---- a/xmlIO.c
-+++ b/xmlIO.c
-@@ -1334,7 +1334,7 @@ xmlGzfileClose (void * context) {
- }
- #endif /* HAVE_ZLIB_H */
-
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- /************************************************************************
- * *
- * I/O for compressed file accesses *
-@@ -1451,7 +1451,7 @@ xmlXzfileClose (void * context) {
- if (ret < 0) xmlIOErr(0, "xzclose()");
- return(ret);
- }
--#endif /* HAVE_LZMA_H */
-+#endif /* LIBXML_LZMA_ENABLED */
-
- #ifdef LIBXML_HTTP_ENABLED
- /************************************************************************
-@@ -2328,10 +2328,10 @@ xmlRegisterDefaultInputCallbacks(void) {
- xmlRegisterInputCallbacks(xmlGzfileMatch, xmlGzfileOpen,
- xmlGzfileRead, xmlGzfileClose);
- #endif /* HAVE_ZLIB_H */
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- xmlRegisterInputCallbacks(xmlXzfileMatch, xmlXzfileOpen,
- xmlXzfileRead, xmlXzfileClose);
--#endif /* HAVE_ZLIB_H */
-+#endif /* LIBXML_LZMA_ENABLED */
-
- #ifdef LIBXML_HTTP_ENABLED
- xmlRegisterInputCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
-@@ -2683,7 +2683,7 @@ __xmlParserInputBufferCreateFilename(const char *URI, xmlCharEncoding enc) {
- #endif
- }
- #endif
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- if ((xmlInputCallbackTable[i].opencallback == xmlXzfileOpen) &&
- (strcmp(URI, "-") != 0)) {
- ret->compressed = __libxml2_xzcompressed(context);
-@@ -3350,7 +3350,7 @@ xmlParserInputBufferGrow(xmlParserInputBufferPtr in, int len) {
- * try to establish compressed status of input if not done already
- */
- if (in->compressed == -1) {
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
- if (in->readcallback == xmlXzfileRead)
- in->compressed = __libxml2_xzcompressed(in->context);
- #endif
-diff --git a/xzlib.c b/xzlib.c
-index 1fab546..782957f 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -8,7 +8,7 @@
- */
- #define IN_LIBXML
- #include "libxml.h"
--#ifdef HAVE_LZMA_H
-+#ifdef LIBXML_LZMA_ENABLED
-
- #include <string.h>
- #ifdef HAVE_ERRNO_H
-@@ -34,7 +34,9 @@
- #ifdef HAVE_ZLIB_H
- #include <zlib.h>
- #endif
-+#ifdef HAVE_LZMA_H
- #include <lzma.h>
-+#endif
-
- #include "xzlib.h"
- #include <libxml/xmlmemory.h>
-@@ -799,4 +801,4 @@ __libxml2_xzclose(xzFile file)
- xmlFree(state);
- return ret ? ret : LZMA_OK;
- }
--#endif /* HAVE_LZMA_H */
-+#endif /* LIBXML_LZMA_ENABLED */
---
-2.4.10
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch b/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch
deleted file mode 100644
index 7a84fac..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-icu-pkgconfig.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/configure.in b/configure.in
-index 7374564..13c8d4e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1444,19 +1444,11 @@ XML_LIBTOOLLIBS="libxml2.la"
- AC_SUBST(WITH_ICONV)
-
- WITH_ICU=0
--ICU_LIBS=""
- if test "$with_icu" != "yes" ; then
- echo Disabling ICU support
- else
-- ICU_CONFIG=icu-config
-- if ${ICU_CONFIG} --cflags >/dev/null 2>&1
-- then
-- ICU_LIBS=`${ICU_CONFIG} --ldflags`
-- WITH_ICU=1
-- echo Enabling ICU support
-- else
-- AC_MSG_ERROR([libicu config program icu-config not found])
-- fi
-+ PKG_CHECK_MODULES(ICU, icu-i18n)
-+ WITH_ICU=1
- fi
- AC_SUBST(WITH_ICU)
- AC_SUBST(ICU_LIBS)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch b/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch
deleted file mode 100644
index 7a10e20..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-missing-entities.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 23 Oct 2014 11:35:36 +0800
-Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=738805
-
-The fix for CVE-2014-3660 introduced a regression in some case
-where entity substitution is required and the entity is used
-first in anotther entity referenced from an attribute value
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index 67c9dfd..a8d1b67 100644
---- a/parser.c
-+++ b/parser.c
-@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- * far more secure as the parser will only process data coming from
- * the document entity by default.
- */
-- if ((ent->checked == 0) &&
-+ if (((ent->checked == 0) ||
-+ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
- ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
- (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
- unsigned long oldnbent = ctxt->nbentities;
---
-2.3.5
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
deleted file mode 100644
index bb0766a..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 23 Oct 2015 19:02:28 +0800
-Subject: Another variation of overflow in Conditional sections
-
-Which happen after the previous fix to
-https://bugzilla.gnome.org/show_bug.cgi?id=756456
-
-But stopping the parser and exiting we didn't pop the intermediary entities
-and doing the SKIP there applies on an input which may be too small
----
- parser.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index a65e4cc..b9217ff 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- "All markup of the conditional section is not in the same entity\n",
- NULL, NULL);
- }
-- SKIP(3);
-+ if ((ctxt-> instate != XML_PARSER_EOF) &&
-+ ((ctxt->input->cur + 3) < ctxt->input->end))
-+ SKIP(3);
- }
- }
-
---
-cgit v0.11.2
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch b/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
deleted file mode 100644
index 1a059fe..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-overflow-conditional-sections-2.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 27 Oct 2015 10:53:44 +0800
-Subject: Fix an error in previous Conditional section patch
-
-an off by one mistake in the change, led to error on correct
-document where the end of the included entity was exactly
-the end of the conditional section, leading to regtest failure
----
- parser.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index b9217ff..d67b300 100644
---- a/parser.c
-+++ b/parser.c
-@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
- NULL, NULL);
- }
- if ((ctxt-> instate != XML_PARSER_EOF) &&
-- ((ctxt->input->cur + 3) < ctxt->input->end))
-+ ((ctxt->input->cur + 3) <= ctxt->input->end))
- SKIP(3);
- }
- }
---
-cgit v0.11.2
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch b/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch
deleted file mode 100644
index d98b382..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-revert-missing-initialization.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 17 Oct 2014 17:13:41 +0800
-Subject: Revert "Missing initialization for the catalog module"
-
-This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
-As this break xmlcatalog command
-https://bugzilla.redhat.com/show_bug.cgi?id=1153753
-
-diff --git a/parser.c b/parser.c
-index 1d93967..67c9dfd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
- #ifdef LIBXML_XPATH_ENABLED
- xmlXPathInit();
- #endif
--#ifdef LIBXML_CATALOG_ENABLED
-- xmlInitializeCatalog();
--#endif
- xmlParserInitialized = 1;
- #ifdef LIBXML_THREAD_ENABLED
- }
---
-cgit v0.10.1
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch b/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch
deleted file mode 100644
index 1236f62..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-threads-declarations.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From fff8a6b87e05200a0ad0af6f86c2e859c7de9172 Mon Sep 17 00:00:00 2001
-From: Michael Heimpold <mhei@heimpold.de>
-Date: Mon, 22 Dec 2014 11:12:12 +0800
-Subject: [PATCH] threads: use forward declarations only for glibc
-
-Fixes bug #704908
-
-The declarations of pthread functions, used to generate weak references
-to them, fail to suppress macros. Thus, if any pthread function has
-been provided as a macro, compiling threads.c will fail.
-This breaks on musl libc, which defines pthread_equal as a macro (in
-addition to providing the function, as required).
-
-Prevent the declarations for e.g. musl libc by refining the condition.
-
-The idea for this solution was borrowed from the alpine linux guys, see
-http://git.alpinelinux.org/cgit/aports/tree/main/libxml2/libxml2-pthread.patch
-
-Signed-off-by: Michael Heimpold <mhei@heimpold.de>
----
- threads.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/threads.c b/threads.c
-index 8921204..78006a2 100644
---- a/threads.c
-+++ b/threads.c
-@@ -47,7 +47,7 @@
- #ifdef HAVE_PTHREAD_H
-
- static int libxml_is_threaded = -1;
--#ifdef __GNUC__
-+#if defined(__GNUC__) && defined(__GLIBC__)
- #ifdef linux
- #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
- extern int pthread_once (pthread_once_t *__once_control,
-@@ -89,7 +89,7 @@ extern int pthread_cond_signal ()
- __attribute((weak));
- #endif
- #endif /* linux */
--#endif /* __GNUC__ */
-+#endif /* defined(__GNUC__) && defined(__GLIBC__) */
- #endif /* HAVE_PTHREAD_H */
-
- /*
---
-2.3.5
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch b/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch
deleted file mode 100644
index c179d47..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-timsort.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From 9b987f8c98763ee569bde90b5268b43474ca106c Mon Sep 17 00:00:00 2001
-From: Christopher Swenson <chris@caswenson.com>
-Date: Fri, 27 Feb 2015 14:55:49 +0800
-Subject: [PATCH] Fix timsort invariant loop re: Envisage article
-
-See http://envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it/
-
-We use a "runLen" array of size 128, so it should be nearly impossible
-to have our implementation overflow.
-
-But in any case, the fix is relatively simple -- checking two extra
-conditions in the invariant calculation.
-
-I also took this opportunity to remove some redundancy in the
-left/right merge logic in the invariant loop.
----
- timsort.h | 74 +++++++++++++++++++++++++++++++++------------------------------
- 1 file changed, 39 insertions(+), 35 deletions(-)
-
-diff --git a/timsort.h b/timsort.h
-index efa3aab..795f272 100644
---- a/timsort.h
-+++ b/timsort.h
-@@ -392,62 +392,66 @@ static void TIM_SORT_MERGE(SORT_TYPE *dst, const TIM_SORT_RUN_T *stack, const in
-
- static int TIM_SORT_COLLAPSE(SORT_TYPE *dst, TIM_SORT_RUN_T *stack, int stack_curr, TEMP_STORAGE_T *store, const size_t size)
- {
-- while (1)
-- {
-- int64_t A, B, C;
-+ while (1) {
-+ int64_t A, B, C, D;
-+ int ABC, BCD, BD, CD;
-+
- /* if the stack only has one thing on it, we are done with the collapse */
-- if (stack_curr <= 1) break;
-+ if (stack_curr <= 1) {
-+ break;
-+ }
-+
- /* if this is the last merge, just do it */
-- if ((stack_curr == 2) &&
-- (stack[0].length + stack[1].length == (int64_t) size))
-- {
-+ if ((stack_curr == 2) && (stack[0].length + stack[1].length == size)) {
- TIM_SORT_MERGE(dst, stack, stack_curr, store);
- stack[0].length += stack[1].length;
- stack_curr--;
- break;
- }
- /* check if the invariant is off for a stack of 2 elements */
-- else if ((stack_curr == 2) && (stack[0].length <= stack[1].length))
-- {
-+ else if ((stack_curr == 2) && (stack[0].length <= stack[1].length)) {
- TIM_SORT_MERGE(dst, stack, stack_curr, store);
- stack[0].length += stack[1].length;
- stack_curr--;
- break;
-- }
-- else if (stack_curr == 2)
-+ } else if (stack_curr == 2) {
- break;
-+ }
-
-- A = stack[stack_curr - 3].length;
-- B = stack[stack_curr - 2].length;
-- C = stack[stack_curr - 1].length;
-+ B = stack[stack_curr - 3].length;
-+ C = stack[stack_curr - 2].length;
-+ D = stack[stack_curr - 1].length;
-
-- /* check first invariant */
-- if (A <= B + C)
-- {
-- if (A < C)
-- {
-- TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
-- stack[stack_curr - 3].length += stack[stack_curr - 2].length;
-- stack[stack_curr - 2] = stack[stack_curr - 1];
-- stack_curr--;
-- }
-- else
-- {
-- TIM_SORT_MERGE(dst, stack, stack_curr, store);
-- stack[stack_curr - 2].length += stack[stack_curr - 1].length;
-- stack_curr--;
-- }
-+ if (stack_curr >= 4) {
-+ A = stack[stack_curr - 4].length;
-+ ABC = (A <= B + C);
-+ } else {
-+ ABC = 0;
- }
-- /* check second invariant */
-- else if (B <= C)
-- {
-+
-+ BCD = (B <= C + D) || ABC;
-+ CD = (C <= D);
-+ BD = (B < D);
-+
-+ /* Both invariants are good */
-+ if (!BCD && !CD) {
-+ break;
-+ }
-+
-+ /* left merge */
-+ if (BCD && !CD) {
-+ TIM_SORT_MERGE(dst, stack, stack_curr - 1, store);
-+ stack[stack_curr - 3].length += stack[stack_curr - 2].length;
-+ stack[stack_curr - 2] = stack[stack_curr - 1];
-+ stack_curr--;
-+ } else {
-+ /* right merge */
- TIM_SORT_MERGE(dst, stack, stack_curr, store);
- stack[stack_curr - 2].length += stack[stack_curr - 1].length;
- stack_curr--;
- }
-- else
-- break;
- }
-+
- return stack_curr;
- }
-
---
-2.3.5
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch b/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
deleted file mode 100644
index bd4e482..00000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-unclosed-comments.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 30 Oct 2015 21:14:55 +0800
-Subject: Fix parsing short unclosed comment uninitialized access
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=746048
-The HTML parser was too optimistic when processing comments and
-didn't check for the end of the stream on the first 2 characters
----
- HTMLparser.c | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/HTMLparser.c b/HTMLparser.c
-index 19c10c3..bdf7807 100644
---- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
- ctxt->instate = state;
- return;
- }
-+ len = 0;
-+ buf[len] = 0;
- q = CUR_CHAR(ql);
-+ if (!IS_CHAR(q))
-+ goto unfinished;
- NEXTL(ql);
- r = CUR_CHAR(rl);
-+ if (!IS_CHAR(r))
-+ goto unfinished;
- NEXTL(rl);
- cur = CUR_CHAR(l);
-- len = 0;
- while (IS_CHAR(cur) &&
- ((cur != '>') ||
- (r != '-') || (q != '-'))) {
-@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
- }
- }
- buf[len] = 0;
-- if (!IS_CHAR(cur)) {
-- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
-- "Comment not terminated \n<!--%.50s\n", buf, NULL);
-- xmlFree(buf);
-- } else {
-+ if (IS_CHAR(cur)) {
- NEXT;
- if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
- (!ctxt->disableSAX))
- ctxt->sax->comment(ctxt->userData, buf);
- xmlFree(buf);
-+ ctxt->instate = state;
-+ return;
- }
-- ctxt->instate = state;
-+
-+unfinished:
-+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
-+ "Comment not terminated \n<!--%.50s\n", buf, NULL);
-+ xmlFree(buf);
- }
-
- /**
---
-cgit v0.11.2
-
diff --git a/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild b/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild
deleted file mode 100644
index f47284c..00000000
--- a/dev-libs/libxml2/libxml2-2.9.2-r4.ebuild
+++ /dev/null
@@ -1,230 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
- test? (
- ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
- ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
- http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-COMMON_DEPEND="
- >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
- icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
-"
-RDEPEND="${COMMON_DEPEND}
- abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r6
- !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
-"
-DEPEND="${COMMON_DEPEND}
- dev-util/gtk-doc-am
- virtual/pkgconfig
- hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/xml2-config
-)
-
-src_unpack() {
- # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
- # as they are needed as tarballs in ${S}/xstc instead and not unpacked
- unpack ${P/_rc/-rc}.tar.gz
- cd "${S}"
-
- if use test; then
- cp "${DISTDIR}/${XSTS_TARBALL_1}" \
- "${DISTDIR}/${XSTS_TARBALL_2}" \
- "${S}"/xstc/ \
- || die "Failed to install test tarballs"
- unpack ${XMLCONF_TARBALL}
- fi
-}
-
-src_prepare() {
- DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
- # Patches needed for prefix support
- epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
- eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
- # Fix build for Windows platform
- epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
- # Disable programs that we don't actually install.
- epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
- # Fix zlib parameter handling for cross-compilation
- # https://bugzilla.gnome.org/show_bug.cgi?id=749416
- epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
-
- # Use pkgconfig to find icu to properly support multilib
- # https://bugs.gentoo.org/show_bug.cgi?id=738751
- epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
-
- epatch "${FILESDIR}"/${P}-python-ABIFLAG.patch
-
- # Important patches from master
- epatch \
- "${FILESDIR}"/${PN}-2.9.2-revert-missing-initialization.patch \
- "${FILESDIR}"/${PN}-2.9.2-missing-entities.patch \
- "${FILESDIR}"/${PN}-2.9.2-threads-declarations.patch \
- "${FILESDIR}"/${PN}-2.9.2-timsort.patch \
- "${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-1.patch \
- "${FILESDIR}"/${PN}-2.9.2-cve-2015-7941-2.patch \
- "${FILESDIR}"/${PN}-2.9.2-constant-memory.patch \
- "${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-1.patch \
- "${FILESDIR}"/${PN}-2.9.2-overflow-conditional-sections-2.patch \
- "${FILESDIR}"/${PN}-2.9.2-unclosed-comments.patch \
- "${FILESDIR}"/${PN}-2.9.2-cve-2015-8035.patch \
- "${FILESDIR}"/${PN}-2.9.2-fix-lzma.patch
-
- # Please do not remove, as else we get references to PORTAGE_TMPDIR
- # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
- # We now need to run eautoreconf at the end to prevent maintainer mode.
-# elibtoolize
-# epunt_cxx # if we don't eautoreconf
-
- eautoreconf
-}
-
-multilib_src_configure() {
- # filter seemingly problematic CFLAGS (#26320)
- filter-flags -fprefetch-loop-arrays -funroll-loops
-
- # USE zlib support breaks gnome2
- # (libgnomeprint for instance fails to compile with
- # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
- # The meaning of the 'debug' USE flag does not apply to the --with-debug
- # switch (enabling the libxml2 debug module). See bug #100898.
-
- # --with-mem-debug causes unusual segmentation faults (bug #105120).
-
- libxml2_configure() {
- ECONF_SOURCE="${S}" econf \
- --with-html-subdir=${PF}/html \
- --docdir="${EPREFIX}/usr/share/doc/${PF}" \
- $(use_with debug run-debug) \
- $(use_with icu) \
- $(use_with lzma) \
- $(use_enable ipv6) \
- $(use_enable static-libs static) \
- $(multilib_native_use_with readline) \
- $(multilib_native_use_with readline history) \
- "$@"
- }
-
- libxml2_py_configure() {
- mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
- run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
- }
-
- libxml2_configure --without-python # build python bindings separately
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_configure
- fi
-}
-
-multilib_src_compile() {
- default
- if multilib_is_native_abi && use python; then
- local native_builddir=${BUILD_DIR}
- python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
- fi
-}
-
-multilib_src_test() {
- default
- multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" \
- EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_emake \
- DESTDIR="${D}" \
- docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
- exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
- install
- python_foreach_impl python_optimize
- fi
-}
-
-multilib_src_install_all() {
- # on windows, xmllint is installed by interix libxml2 in parent prefix.
- # this is the version to use. the native winnt version does not support
- # symlinks, which makes repoman fail if the portage tree is linked in
- # from another location (which is my default). -- mduft
- if [[ ${CHOST} == *-winnt* ]]; then
- rm -rf "${ED}"/usr/bin/xmllint
- rm -rf "${ED}"/usr/bin/xmlcatalog
- fi
-
- rm -rf "${ED}"/usr/share/doc/${P}
- einstalldocs
-
- if ! use examples; then
- rm -rf "${ED}"/usr/share/doc/${PF}/examples
- rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
- fi
-
- prune_libtool_files --modules
-}
-
-pkg_postinst() {
- # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
- # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
- if [[ "${ROOT}" != "/" ]]; then
- elog "Skipping XML catalog creation for stage building (bug #208887)."
- else
- # need an XML catalog, so no-one writes to a non-existent one
- CATALOG="${EROOT}etc/xml/catalog"
-
- # we dont want to clobber an existing catalog though,
- # only ensure that one is there
- # <obz@gentoo.org>
- if [[ ! -e ${CATALOG} ]]; then
- [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
- "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
- einfo "Created XML catalog in ${CATALOG}"
- fi
- fi
-}
-
-libxml2_py_emake() {
- pushd "${BUILD_DIR}/python" > /dev/null || die
- emake "$@"
- popd > /dev/null
-}
diff --git a/dev-libs/libxml2/libxml2-2.9.3.ebuild b/dev-libs/libxml2/libxml2-2.9.3.ebuild
deleted file mode 100644
index dd738fc..00000000
--- a/dev-libs/libxml2/libxml2-2.9.3.ebuild
+++ /dev/null
@@ -1,215 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_{4,5} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
- test? (
- ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
- ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
- http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-RDEPEND="
- >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
- icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
-"
-DEPEND="${EDEPEND}
- dev-util/gtk-doc-am
- virtual/pkgconfig
- hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/xml2-config
-)
-
-src_unpack() {
- # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
- # as they are needed as tarballs in ${S}/xstc instead and not unpacked
- unpack ${P/_rc/-rc}.tar.gz
- cd "${S}"
-
- if use test; then
- cp "${DISTDIR}/${XSTS_TARBALL_1}" \
- "${DISTDIR}/${XSTS_TARBALL_2}" \
- "${S}"/xstc/ \
- || die "Failed to install test tarballs"
- unpack ${XMLCONF_TARBALL}
- fi
-}
-
-src_prepare() {
- DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
- # Patches needed for prefix support
- epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
- eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
- # Fix build for Windows platform
- # https://bugzilla.gnome.org/show_bug.cgi?id=760456
- epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
- # Disable programs that we don't actually install.
- # https://bugzilla.gnome.org/show_bug.cgi?id=760457
- epatch "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
- # Fix zlib parameter handling for cross-compilation
- # https://bugzilla.gnome.org/show_bug.cgi?id=749416
- epatch "${FILESDIR}"/${PN}-2.9.2-cross-compile.patch
-
- # Use pkgconfig to find icu to properly support multilib
- # https://bugzilla.gnome.org/show_bug.cgi?id=738751
- epatch "${FILESDIR}"/${PN}-2.9.2-icu-pkgconfig.patch
-
- # Fix python detection, bug #567066
- # https://bugzilla.gnome.org/show_bug.cgi?id=760458
- epatch "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
-
- # Please do not remove, as else we get references to PORTAGE_TMPDIR
- # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
- # We now need to run eautoreconf at the end to prevent maintainer mode.
-# elibtoolize
-# epunt_cxx # if we don't eautoreconf
-
- eautoreconf
-}
-
-multilib_src_configure() {
- # filter seemingly problematic CFLAGS (#26320)
- filter-flags -fprefetch-loop-arrays -funroll-loops
-
- # USE zlib support breaks gnome2
- # (libgnomeprint for instance fails to compile with
- # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
- # The meaning of the 'debug' USE flag does not apply to the --with-debug
- # switch (enabling the libxml2 debug module). See bug #100898.
-
- # --with-mem-debug causes unusual segmentation faults (bug #105120).
-
- libxml2_configure() {
- ECONF_SOURCE="${S}" econf \
- --with-html-subdir=${PF}/html \
- --docdir="${EPREFIX}/usr/share/doc/${PF}" \
- $(use_with debug run-debug) \
- $(use_with icu) \
- $(use_with lzma) \
- $(use_enable ipv6) \
- $(use_enable static-libs static) \
- $(multilib_native_use_with readline) \
- $(multilib_native_use_with readline history) \
- "$@"
- }
-
- libxml2_py_configure() {
- mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
- run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system
- }
-
- libxml2_configure --without-python # build python bindings separately
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_configure
- fi
-}
-
-multilib_src_compile() {
- default
- if multilib_is_native_abi && use python; then
- local native_builddir=${BUILD_DIR}
- python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
- fi
-}
-
-multilib_src_test() {
- default
- multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" \
- EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_emake \
- DESTDIR="${D}" \
- docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
- exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
- install
- python_foreach_impl python_optimize
- fi
-}
-
-multilib_src_install_all() {
- # on windows, xmllint is installed by interix libxml2 in parent prefix.
- # this is the version to use. the native winnt version does not support
- # symlinks, which makes repoman fail if the portage tree is linked in
- # from another location (which is my default). -- mduft
- if [[ ${CHOST} == *-winnt* ]]; then
- rm -rf "${ED}"/usr/bin/xmllint
- rm -rf "${ED}"/usr/bin/xmlcatalog
- fi
-
- rm -rf "${ED}"/usr/share/doc/${P}
- einstalldocs
-
- if ! use examples; then
- rm -rf "${ED}"/usr/share/doc/${PF}/examples
- rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
- fi
-
- prune_libtool_files --modules
-}
-
-pkg_postinst() {
- # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
- # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
- if [[ "${ROOT}" != "/" ]]; then
- elog "Skipping XML catalog creation for stage building (bug #208887)."
- else
- # need an XML catalog, so no-one writes to a non-existent one
- CATALOG="${EROOT}etc/xml/catalog"
-
- # we dont want to clobber an existing catalog though,
- # only ensure that one is there
- # <obz@gentoo.org>
- if [[ ! -e ${CATALOG} ]]; then
- [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
- "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
- einfo "Created XML catalog in ${CATALOG}"
- fi
- fi
-}
-
-libxml2_py_emake() {
- pushd "${BUILD_DIR}/python" > /dev/null || die
- emake "$@"
- popd > /dev/null
-}
diff --git a/dev-libs/libxml2/libxml2-2.9.4.ebuild b/dev-libs/libxml2/libxml2-2.9.4.ebuild
index 046131b..f52e586 100644
--- a/dev-libs/libxml2/libxml2-2.9.4.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.xmlsoft.org/"
LICENSE="MIT"
SLOT="2"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="arm64 m68k s390 sh"
IUSE="debug examples icu ipv6 lzma python readline static-libs test"
XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2017-08-23 7:29 Gilles Dartiguelongue
0 siblings, 0 replies; 14+ messages in thread
From: Gilles Dartiguelongue @ 2017-08-23 7:29 UTC (permalink / raw
To: gentoo-commits
commit: 9f36ba11942153b51031264201e9a9491fb00ebd
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 23 07:27:49 2017 +0000
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Wed Aug 23 07:28:56 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f36ba11
dev-libs/libxml2: version bump 2.9.4-r1 → 2.9.4-r2
Apply a round of security fixes.
Gentoo-Bugs: 599192, 586886, 618604, 622914, 605208, 623206
Package-Manager: Portage-2.3.8, Repoman-2.3.3
.../files/libxml2-2.9.4-CVE-2016-9318.patch | 202 +++++++++++++
.../files/libxml2-2.9.4-CVE-2017-5969.patch | 63 ++++
.../files/libxml2-2.9.4-CVE-2017-7375.patch | 35 +++
.../files/libxml2-2.9.4-CVE-2017-9047-9048.patch | 116 ++++++++
.../files/libxml2-2.9.4-CVE-2017-9049-9050.patch | 316 +++++++++++++++++++++
.../files/libxml2-2.9.4-heap-buffer-overflow.patch | 32 +++
.../files/libxml2-2.9.4-osd-validation.patch | 66 +++++
dev-libs/libxml2/libxml2-2.9.4-r2.ebuild | 231 +++++++++++++++
8 files changed, 1061 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch
new file mode 100644
index 00000000000..5d1adb014a0
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch
@@ -0,0 +1,202 @@
+From 292be65a52ab9e0eb3a53b4e0be5a57bc6de59d3 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Fri, 7 Apr 2017 16:45:56 +0200
+Subject: [PATCH 6/7] Add an XML_PARSE_NOXXE flag to block all entities loading
+ even local
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=772726
+
+* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
+* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
+* include/libxml/xmlerror.h: new error raised
+* xmllint.c: adds --noxxe flag to activate the option
+---
+ elfgcchack.h | 10 ++++++++++
+ include/libxml/parser.h | 3 ++-
+ include/libxml/xmlIO.h | 8 ++++++++
+ include/libxml/xmlerror.h | 1 +
+ parser.c | 4 ++++
+ xmlIO.c | 40 +++++++++++++++++++++++++++++++++++-----
+ xmllint.c | 5 +++++
+ 7 files changed, 65 insertions(+), 6 deletions(-)
+
+diff --git a/elfgcchack.h b/elfgcchack.h
+index 8c52884a..1b81dcde 100644
+--- a/elfgcchack.h
++++ b/elfgcchack.h
+@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
+ #endif
+ #endif
+
++#ifdef bottom_xmlIO
++#undef xmlNoXxeExternalEntityLoader
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
++#else
++#ifndef xmlNoXxeExternalEntityLoader
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
++#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
++#endif
++#endif
++
+ #ifdef bottom_tree
+ #undef xmlNodeAddContent
+ extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
+diff --git a/include/libxml/parser.h b/include/libxml/parser.h
+index 47fbec03..63ca1b97 100644
+--- a/include/libxml/parser.h
++++ b/include/libxml/parser.h
+@@ -1111,7 +1111,8 @@ typedef enum {
+ XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
+ XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
+ XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
+- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
++ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
++ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
+ } xmlParserOption;
+
+ XMLPUBFUN void XMLCALL
+diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
+index 3e41744d..8d3fdef5 100644
+--- a/include/libxml/xmlIO.h
++++ b/include/libxml/xmlIO.h
+@@ -299,6 +299,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
+ const char *ID,
+ xmlParserCtxtPtr ctxt);
+
++/*
++ * A predefined entity loader external entity expansion
++ */
++XMLPUBFUN xmlParserInputPtr XMLCALL
++ xmlNoXxeExternalEntityLoader (const char *URL,
++ const char *ID,
++ xmlParserCtxtPtr ctxt);
++
+ /*
+ * xmlNormalizeWindowsPath is obsolete, don't use it.
+ * Check xmlCanonicPath in uri.h for a better alternative.
+diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
+index 037c16d5..3036062d 100644
+--- a/include/libxml/xmlerror.h
++++ b/include/libxml/xmlerror.h
+@@ -470,6 +470,7 @@ typedef enum {
+ XML_IO_EADDRINUSE, /* 1554 */
+ XML_IO_EALREADY, /* 1555 */
+ XML_IO_EAFNOSUPPORT, /* 1556 */
++ XML_IO_ILLEGAL_XXE, /* 1557 */
+ XML_XINCLUDE_RECURSION=1600,
+ XML_XINCLUDE_PARSE_VALUE, /* 1601 */
+ XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
+diff --git a/parser.c b/parser.c
+index b832406a..8e11c127 100644
+--- a/parser.c
++++ b/parser.c
+@@ -15352,6 +15352,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
+ ctxt->options |= XML_PARSE_NONET;
+ options -= XML_PARSE_NONET;
+ }
++ if (options & XML_PARSE_NOXXE) {
++ ctxt->options |= XML_PARSE_NOXXE;
++ options -= XML_PARSE_NOXXE;
++ }
+ if (options & XML_PARSE_COMPACT) {
+ ctxt->options |= XML_PARSE_COMPACT;
+ options -= XML_PARSE_COMPACT;
+diff --git a/xmlIO.c b/xmlIO.c
+index 6e61f45a..34881461 100644
+--- a/xmlIO.c
++++ b/xmlIO.c
+@@ -212,6 +212,7 @@ static const char *IOerr[] = {
+ "adddress in use", /* EADDRINUSE */
+ "already in use", /* EALREADY */
+ "unknown address familly", /* EAFNOSUPPORT */
++ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
+ };
+
+ #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
+@@ -4057,13 +4058,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
+ xmlGenericError(xmlGenericErrorContext,
+ "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
+ #endif
+- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
++ if (ctxt != NULL) {
+ int options = ctxt->options;
+
+- ctxt->options -= XML_PARSE_NONET;
+- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+- ctxt->options = options;
+- return(ret);
++ if (options & XML_PARSE_NOXXE) {
++ ctxt->options -= XML_PARSE_NOXXE;
++ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
++ ctxt->options = options;
++ return(ret);
++ }
++
++ if (options & XML_PARSE_NONET) {
++ ctxt->options -= XML_PARSE_NONET;
++ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
++ ctxt->options = options;
++ return(ret);
++ }
+ }
+ #ifdef LIBXML_CATALOG_ENABLED
+ resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+@@ -4164,6 +4174,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+ xmlParserInputPtr input = NULL;
+ xmlChar *resource = NULL;
+
++ if (ctxt == NULL) {
++ return(NULL);
++ }
++ if (ctxt->input_id == 1) {
++ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
++ }
++
+ #ifdef LIBXML_CATALOG_ENABLED
+ resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+ #endif
+@@ -4186,5 +4203,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+ return(input);
+ }
+
++xmlParserInputPtr
++xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
++ xmlParserCtxtPtr ctxt) {
++ if (ctxt == NULL) {
++ return(NULL);
++ }
++ if (ctxt->input_id == 1) {
++ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
++ }
++ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
++ return(NULL);
++}
++
+ #define bottom_xmlIO
+ #include "elfgcchack.h"
+diff --git a/xmllint.c b/xmllint.c
+index f8eb7ec4..8f304cda 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
+ printf("\t--path 'paths': provide a set of paths for resources\n");
+ printf("\t--load-trace : print trace of all external entities loaded\n");
+ printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
++ printf("\t--noxxe : forbid any external entity loading\n");
+ printf("\t--nocompact : do not generate compact text nodes\n");
+ printf("\t--htmlout : output results as HTML\n");
+ printf("\t--nowrap : do not put HTML doc wrapper\n");
+@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
+ (!strcmp(argv[i], "--nonet"))) {
+ options |= XML_PARSE_NONET;
+ xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
++ } else if ((!strcmp(argv[i], "-noxxe")) ||
++ (!strcmp(argv[i], "--noxxe"))) {
++ options |= XML_PARSE_NOXXE;
++ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
+ } else if ((!strcmp(argv[i], "-nocompact")) ||
+ (!strcmp(argv[i], "--nocompact"))) {
+ options &= ~XML_PARSE_COMPACT;
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch
new file mode 100644
index 00000000000..4d1362f2f93
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch
@@ -0,0 +1,63 @@
+From 8952ce48a5fa1d3de1f087f10e8b6e47bb59f4e3 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Wed, 7 Jun 2017 16:47:36 +0200
+Subject: [PATCH 1/7] Fix NULL pointer deref in xmlDumpElementContent
+
+Can only be triggered in recovery mode.
+
+Fixes bug 758422 (CVE-2017-5969).
+---
+ valid.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/valid.c b/valid.c
+index 19f84b82..0a8e58ab 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
+ xmlBufferWriteCHAR(buf, content->name);
+ break;
+ case XML_ELEMENT_CONTENT_SEQ:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " , ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
+ break;
+ case XML_ELEMENT_CONTENT_OR:
+- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++ if ((content->c1 != NULL) &&
++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ xmlDumpElementContent(buf, content->c1, 1);
+ else
+ xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " | ");
+- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++ if ((content->c2 != NULL) &&
++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
+ xmlDumpElementContent(buf, content->c2, 1);
+ else
+ xmlDumpElementContent(buf, content->c2, 0);
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch
new file mode 100644
index 00000000000..db9d597ad73
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch
@@ -0,0 +1,35 @@
+From 9ea49a06b9421b6a3a9c243fb1ec23b19bd6b049 Mon Sep 17 00:00:00 2001
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: [PATCH 7/7] Prevent unwanted external entity reference
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+
+* parser.c: add a specific check to avoid PE reference
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 8e11c127..e8e962bb 100644
+--- a/parser.c
++++ b/parser.c
+@@ -8125,6 +8125,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ if (xmlPushInput(ctxt, input) < 0)
+ return;
+ } else {
++ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++ (ctxt->replaceEntities == 0) &&
++ (ctxt->validate == 0))
++ return;
++
+ /*
+ * TODO !!!
+ * handle the extra spaces added before and after
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch
new file mode 100644
index 00000000000..f7c48cd877d
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch
@@ -0,0 +1,116 @@
+From 839b89e678b5265a0e6b0477410e64fac669d578 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 3 Jun 2017 02:01:29 +0200
+Subject: [PATCH 4/7] Fix buffer size checks in xmlSnprintfElementContent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+xmlSnprintfElementContent failed to correctly check the available
+buffer space in two locations.
+
+Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
+
+Thanks to Marcel Böhme and Thuan Pham for the report.
+---
+ result/valid/781333.xml | 5 +++++
+ result/valid/781333.xml.err | 3 +++
+ result/valid/781333.xml.err.rdr | 6 ++++++
+ test/valid/781333.xml | 4 ++++
+ valid.c | 20 +++++++++++---------
+ 5 files changed, 29 insertions(+), 9 deletions(-)
+ create mode 100644 result/valid/781333.xml
+ create mode 100644 result/valid/781333.xml.err
+ create mode 100644 result/valid/781333.xml.err.rdr
+ create mode 100644 test/valid/781333.xml
+
+diff --git a/result/valid/781333.xml b/result/valid/781333.xml
+new file mode 100644
+index 00000000..45dc451d
+--- /dev/null
++++ b/result/valid/781333.xml
+@@ -0,0 +1,5 @@
++<?xml version="1.0"?>
++<!DOCTYPE a [
++<!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
lllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
+new file mode 100644
+index 00000000..b401b49a
+--- /dev/null
++++ b/result/valid/781333.xml.err
+@@ -0,0 +1,3 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
++<a/>
++ ^
+diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
+new file mode 100644
+index 00000000..5ff56992
+--- /dev/null
++++ b/result/valid/781333.xml.err.rdr
+@@ -0,0 +1,6 @@
++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
++<a/>
++ ^
++./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
++
++^
+diff --git a/test/valid/781333.xml b/test/valid/781333.xml
+new file mode 100644
+index 00000000..b29e5a68
+--- /dev/null
++++ b/test/valid/781333.xml
+@@ -0,0 +1,4 @@
++<!DOCTYPE a [
++ <!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
lllllllllllllllllllllllllllllllllllll)>
++]>
++<a/>
+diff --git a/valid.c b/valid.c
+index 0a8e58ab..8075d3a0 100644
+--- a/valid.c
++++ b/valid.c
+@@ -1266,22 +1266,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ case XML_ELEMENT_CONTENT_PCDATA:
+ strcat(buf, "#PCDATA");
+ break;
+- case XML_ELEMENT_CONTENT_ELEMENT:
++ case XML_ELEMENT_CONTENT_ELEMENT: {
++ int qnameLen = xmlStrlen(content->name);
++
++ if (content->prefix != NULL)
++ qnameLen += xmlStrlen(content->prefix) + 1;
++ if (size - len < qnameLen + 10) {
++ strcat(buf, " ...");
++ return;
++ }
+ if (content->prefix != NULL) {
+- if (size - len < xmlStrlen(content->prefix) + 10) {
+- strcat(buf, " ...");
+- return;
+- }
+ strcat(buf, (char *) content->prefix);
+ strcat(buf, ":");
+ }
+- if (size - len < xmlStrlen(content->name) + 10) {
+- strcat(buf, " ...");
+- return;
+- }
+ if (content->name != NULL)
+ strcat(buf, (char *) content->name);
+ break;
++ }
+ case XML_ELEMENT_CONTENT_SEQ:
+ if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
+@@ -1323,6 +1324,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
+ xmlSnprintfElementContent(buf, size, content->c2, 0);
+ break;
+ }
++ if (size - strlen(buf) <= 2) return;
+ if (englob)
+ strcat(buf, ")");
+ switch (content->ocur) {
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch
new file mode 100644
index 00000000000..abf43ef9815
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch
@@ -0,0 +1,316 @@
+From 9c95d1b7f3951efe09df66ec41d7b19d6283084d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 5 Jun 2017 15:37:17 +0200
+Subject: [PATCH 3/7] Fix handling of parameter-entity references
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+---
+ Makefile.am | 18 ++++++++++++++++++
+ parser.c | 18 ++++++++++--------
+ result/errors10/781205.xml | 0
+ result/errors10/781205.xml.err | 21 +++++++++++++++++++++
+ result/errors10/781361.xml | 0
+ result/errors10/781361.xml.err | 13 +++++++++++++
+ result/valid/766956.xml | 0
+ result/valid/766956.xml.err | 9 +++++++++
+ result/valid/766956.xml.err.rdr | 10 ++++++++++
+ runtest.c | 3 +++
+ test/errors10/781205.xml | 3 +++
+ test/errors10/781361.xml | 3 +++
+ test/valid/766956.xml | 2 ++
+ test/valid/dtds/766956.dtd | 2 ++
+ 14 files changed, 94 insertions(+), 8 deletions(-)
+ create mode 100644 result/errors10/781205.xml
+ create mode 100644 result/errors10/781205.xml.err
+ create mode 100644 result/errors10/781361.xml
+ create mode 100644 result/errors10/781361.xml.err
+ create mode 100644 result/valid/766956.xml
+ create mode 100644 result/valid/766956.xml.err
+ create mode 100644 result/valid/766956.xml.err.rdr
+ create mode 100644 test/errors10/781205.xml
+ create mode 100644 test/errors10/781361.xml
+ create mode 100644 test/valid/766956.xml
+ create mode 100644 test/valid/dtds/766956.dtd
+
+diff --git a/Makefile.am b/Makefile.am
+index 3b52bae7..bf20124e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
+ if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
+ rm result.$$name error.$$name ; \
+ fi ; fi ; done)
++ @echo "## Error cases regression tests (old 1.0)"
++ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
++ name=`basename $$i`; \
++ if [ ! -d $$i ] ; then \
++ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++ echo New test file $$name ; \
++ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++ 2> $(srcdir)/result/errors10/$$name.err \
++ > $(srcdir)/result/errors10/$$name ; \
++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
++ else \
++ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
++ diff $(srcdir)/result/errors10/$$name result.$$name ; \
++ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++ rm result.$$name error.$$name ; \
++ fi ; fi ; done)
+ @echo "## Error cases stream regression tests"
+ -@(for i in $(srcdir)/test/errors/*.xml ; do \
+ name=`basename $$i`; \
+diff --git a/parser.c b/parser.c
+index 53a6b7f0..b832406a 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
+ ctxt->input->line++; ctxt->input->col = 1; \
+ } else ctxt->input->col++; \
+ ctxt->input->cur += l; \
+- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
+ } while (0)
+
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+- if (c == 0) {
+- count = 0;
+- GROW;
+- if (ctxt->instate == XML_PARSER_EOF)
+- return(NULL);
+- c = CUR_CHAR(l);
+- }
+ }
+ }
+ if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
++ if (ctxt->input->cur - ctxt->input->base < len) {
++ /*
++ * There were a couple of bugs where PERefs lead to to a change
++ * of the buffer. Check the buffer size to avoid passing an invalid
++ * pointer to xmlDictLookup.
++ */
++ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++ "unexpected change of input buffer");
++ return (NULL);
++ }
+ if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+ return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+ return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
+new file mode 100644
+index 00000000..da15c3f7
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a;
++ ^
++Entity: line 1:
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a;
++ ^
++Entity: line 1:
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a;
++ ^
++<:0000
++ ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
+new file mode 100644
+index 00000000..655f41a2
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+diff --git a/result/valid/766956.xml b/result/valid/766956.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
+new file mode 100644
+index 00000000..34b1dae6
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++ ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent;
++ ^
++Entity: line 1:
++value
++^
+diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
+new file mode 100644
+index 00000000..77603462
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++ ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent;
++ ^
++Entity: line 1:
++value
++^
++./test/valid/766956.xml : failed to parse
+diff --git a/runtest.c b/runtest.c
+index 7d030bdc..cd233da9 100644
+--- a/runtest.c
++++ b/runtest.c
+@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
+ { "Error cases regression tests",
+ errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
+ 0 },
++ { "Error cases regression tests (old 1.0)",
++ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
++ XML_PARSE_OLD10 },
+ #ifdef LIBXML_READER_ENABLED
+ { "Error cases stream regression tests",
+ streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
+diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
+new file mode 100644
+index 00000000..d9e9e839
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++ <!ENTITY % a "<:0000">
++ %a;
+diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
+new file mode 100644
+index 00000000..67476bcb
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++ <!ENTITY % elem "<!ELEMENT e0000000000">
++ %elem;
+diff --git a/test/valid/766956.xml b/test/valid/766956.xml
+new file mode 100644
+index 00000000..19a95a0e
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
+new file mode 100644
+index 00000000..dddde68b
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
new file mode 100644
index 00000000000..770a1832b19
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
@@ -0,0 +1,32 @@
+From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001
+From: David Kilzer <ddkilzer@apple.com>
+Date: Tue, 4 Jul 2017 18:38:03 +0200
+Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in
+ xmlFAParsePosCharGroup
+
+Credit to OSS-Fuzz.
+
+Add a check to xmlFAParseCharRange() for the end of the buffer
+to prevent reading past the end of it.
+
+This fixes Bug 784017.
+---
+ xmlregexp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmlregexp.c b/xmlregexp.c
+index ca3b4f46..6676c2a8 100644
+--- a/xmlregexp.c
++++ b/xmlregexp.c
+@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
+ return;
+ }
+ len = 1;
+- } else if ((cur != 0x5B) && (cur != 0x5D)) {
++ } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) {
+ end = CUR_SCHAR(ctxt->cur, len);
+ } else {
+ ERROR("Expecting the end of a char range");
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch b/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch
new file mode 100644
index 00000000000..9d1a03346f6
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch
@@ -0,0 +1,66 @@
+From 8bc6baccc7da291c2338b8d95953ea487b0b3ca1 Mon Sep 17 00:00:00 2001
+From: Alex Henrie <alexhenrie24@gmail.com>
+Date: Thu, 26 May 2016 17:38:35 -0600
+Subject: [PATCH 2/7] Fix attribute decoding during XML schema validation
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=766834
+
+vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
+so this function can't call xmlStringLenDecodeEntities to decode the
+entities.
+---
+ xmlschemas.c | 30 +++++++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index e1b3a4f0..59535e5c 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+ * attributes yet.
+ */
+ if (nb_attributes != 0) {
++ int valueLen, k, l;
+ xmlChar *value;
+
+ for (j = 0, i = 0; i < nb_attributes; i++, j += 5) {
+@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx,
+ * libxml2 differs from normal SAX here in that it escapes all ampersands
+ * as & instead of delivering the raw converted string. Changing the
+ * behavior at this point would break applications that use this API, so
+- * we are forced to work around it. There is no danger of accidentally
+- * decoding some entity other than & in this step because without
+- * unescaped ampersands there can be no other entities in the string.
++ * we are forced to work around it.
+ */
+- value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3],
+- attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0);
++ valueLen = attributes[j+4] - attributes[j+3];
++ value = xmlMallocAtomic(valueLen + 1);
++ if (value == NULL) {
++ xmlSchemaVErrMemory(vctxt,
++ "allocating string for decoded attribute",
++ NULL);
++ goto internal_error;
++ }
++ for (k = 0, l = 0; k < valueLen; l++) {
++ if (k < valueLen - 4 &&
++ attributes[j+3][k+0] == '&' &&
++ attributes[j+3][k+1] == '#' &&
++ attributes[j+3][k+2] == '3' &&
++ attributes[j+3][k+3] == '8' &&
++ attributes[j+3][k+4] == ';') {
++ value[l] = '&';
++ k += 5;
++ } else {
++ value[l] = attributes[j+3][k];
++ k++;
++ }
++ }
++ value[l] = '\0';
+ /*
+ * TODO: Set the node line.
+ */
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild
new file mode 100644
index 00000000000..22b6dec79b0
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r2.ebuild
@@ -0,0 +1,231 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+ dev-util/gtk-doc-am
+ virtual/pkgconfig
+ hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+src_unpack() {
+ # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${P/_rc/-rc}.tar.gz
+ cd "${S}" || die
+
+ if use test; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ default
+
+ DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+ # Patches needed for prefix support
+ eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+ eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+ # Fix build for Windows platform
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760456
+ eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+ # Disable programs that we don't actually install.
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760457
+ eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+ # Fix python detection, bug #567066
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760458
+ eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+ # Apply round of security patches wrt bugs
+ # 589816, 597112, 597114, 597116. This will be included
+ # in the next upstream release
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+ # Apply round of security patches wrt bugs:
+ # 599192, 586886, 618604, 622914, 605208, 623206
+ # This will be included in the next upstream release
+ eapply "${FILESDIR}"/${P}-CVE-2017-5969.patch
+ eapply "${FILESDIR}"/${P}-osd-validation.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-9049-9050.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-9047-9048.patch
+ eapply "${FILESDIR}"/${P}-heap-buffer-overflow.patch
+ eapply "${FILESDIR}"/${P}-CVE-2016-9318.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-7375.patch
+
+ # Avoid final linking arguments for python modules
+ if [[ ${CHOST} == *-darwin* ]] ; then
+ sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+ fi
+
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ # We now need to run eautoreconf at the end to prevent maintainer mode.
+# elibtoolize
+# epunt_cxx # if we don't eautoreconf
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # filter seemingly problematic CFLAGS (#26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # USE zlib support breaks gnome2
+ # (libgnomeprint for instance fails to compile with
+ # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+ # The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+
+ # --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-html-subdir=${PF}/html \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable ipv6) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ libxml2_py_configure() {
+ mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+ run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+ }
+
+ libxml2_configure --without-python # build python bindings separately
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_configure
+ fi
+}
+
+multilib_src_compile() {
+ default
+ if multilib_is_native_abi && use python; then
+ local native_builddir=${BUILD_DIR}
+ python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+ fi
+}
+
+multilib_src_test() {
+ default
+ multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" \
+ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_emake \
+ DESTDIR="${D}" \
+ docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+ exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+ install
+ python_foreach_impl python_optimize
+ fi
+}
+
+multilib_src_install_all() {
+ # on windows, xmllint is installed by interix libxml2 in parent prefix.
+ # this is the version to use. the native winnt version does not support
+ # symlinks, which makes repoman fail if the portage tree is linked in
+ # from another location (which is my default). -- mduft
+ if [[ ${CHOST} == *-winnt* ]]; then
+ rm -rf "${ED}"/usr/bin/xmllint
+ rm -rf "${ED}"/usr/bin/xmlcatalog
+ fi
+
+ rm -rf "${ED}"/usr/share/doc/${P}
+ einstalldocs
+
+ if ! use examples; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+ fi
+
+ prune_libtool_files --modules
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ "${ROOT}" != "/" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}etc/xml/catalog"
+
+ # we dont want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e ${CATALOG} ]]; then
+ [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}/python" > /dev/null || die
+ emake "$@"
+ popd > /dev/null
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2017-08-24 22:47 Gilles Dartiguelongue
0 siblings, 0 replies; 14+ messages in thread
From: Gilles Dartiguelongue @ 2017-08-24 22:47 UTC (permalink / raw
To: gentoo-commits
commit: 28aec45d6aa5d68e5de17feae733ec5497d7c0b8
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 24 22:34:16 2017 +0000
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org>
CommitDate: Thu Aug 24 22:47:44 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28aec45d
dev-libs/libxml2: add more security patches
Fix typo in patch changing test target and re-enable running
unittests in src_test.
Package-Manager: Portage-2.3.8, Repoman-2.3.3
.../files/libxml2-2.9.2-disable-tests.patch | 2 +-
.../files/libxml2-2.9.4-CVE-2017-0663.patch | 43 ++++
.../files/libxml2-2.9.4-CVE-2017-7376.patch | 31 +++
.../files/libxml2-2.9.4-fix-root-node-cmp.patch | 34 +++
dev-libs/libxml2/libxml2-2.9.4-r3.ebuild | 239 +++++++++++++++++++++
5 files changed, 348 insertions(+), 1 deletion(-)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
index a996bf64a18..a231269b4b8 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
@@ -25,7 +25,7 @@ do not build test programs as we don't install them
#testOOM_LDADD= $(LDADDS)
-runtests:
-+runtests: check_PROGRAMS
++runtests: $(check_PROGRAMS)
[ -d test ] || $(LN_S) $(srcdir)/test .
[ -d result ] || $(LN_S) $(srcdir)/result .
$(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch
new file mode 100644
index 00000000000..517e178a533
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch
@@ -0,0 +1,43 @@
+From d815758b6a8c9dee8155268e49b5ef3b80135a14 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 6 Jun 2017 12:56:28 +0200
+Subject: [PATCH 1/3] Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
+namespace declarations make no practical sense anyway.
+
+Fixes bug 780228.
+
+Found with libFuzzer and ASan.
+---
+ valid.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/valid.c b/valid.c
+index 8075d3a0..c51ea290 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ }
+ }
+
++ /*
++ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++ * xmlAddID and xmlAddRef for namespace declarations, but it makes
++ * no practical sense to use ID types anyway.
++ */
++#if 0
+ /* Validity Constraint: ID uniqueness */
+ if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+ if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ ret = 0;
+ }
++#endif
+
+ /* Validity Constraint: Notation Attributes */
+ if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch
new file mode 100644
index 00000000000..14ec773608b
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch
@@ -0,0 +1,31 @@
+From 43cd3b6222bda2332e963eb1c9ead78f29912b0a Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 7 Apr 2017 17:13:28 +0200
+Subject: [PATCH 2/3] Increase buffer space for port in HTTP redirect support
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780690
+
+nanohttp.c: the code wrongly assumed a short int port value.
+---
+ nanohttp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nanohttp.c b/nanohttp.c
+index 26e4290e..9c17530e 100644
+--- a/nanohttp.c
++++ b/nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+ if (ctxt->port != 80) {
+ /* reserve space for ':xxxxx', incl. potential proxy */
+ if (proxy)
+- blen += 12;
++ blen += 17;
+ else
+- blen += 6;
++ blen += 11;
+ }
+ bp = (char*)xmlMallocAtomic(blen);
+ if ( bp == NULL ) {
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch b/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch
new file mode 100644
index 00000000000..224d60ff052
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch
@@ -0,0 +1,34 @@
+From a1fb9a4f511d89f0738b62cabd6d92bfd9eb94a9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:19:58 +0200
+Subject: [PATCH 3/3] Fix comparison with root node in xmlXPathCmpNodes
+
+This change has already been made in xmlXPathCmpNodesExt but not in
+xmlXPathCmpNodes.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 67afbca5..5a01b1b3 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
+ * compute depth to root
+ */
+ for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
+- if (cur == node1)
++ if (cur->parent == node1)
+ return(1);
+ depth2++;
+ }
+ root = cur;
+ for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
+- if (cur == node2)
++ if (cur->parent == node2)
+ return(-1);
+ depth1++;
+ }
+--
+2.14.1
+
diff --git a/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild
new file mode 100644
index 00000000000..4c2fa243d2a
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.4-r3.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+PYTHON_REQ_USE="xml"
+
+inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
+
+DESCRIPTION="Version 2 of the library to manipulate XML files"
+HOMEPAGE="http://www.xmlsoft.org/"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="debug examples icu ipv6 lzma python readline static-libs test"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20080827.tar.gz"
+
+SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
+
+RDEPEND="
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+DEPEND="${EDEPEND}
+ dev-util/gtk-doc-am
+ virtual/pkgconfig
+ hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
+"
+
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+src_unpack() {
+ # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${P/_rc/-rc}.tar.gz
+ cd "${S}" || die
+
+ if use test; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ default
+
+ DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
+
+ # Patches needed for prefix support
+ eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+ eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+ # Fix build for Windows platform
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760456
+ eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
+
+ # Disable programs that we don't actually install.
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760457
+ eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
+
+ # Fix python detection, bug #567066
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760458
+ eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+ # Apply round of security patches wrt bugs
+ # 589816, 597112, 597114, 597116. This will be included
+ # in the next upstream release
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
+ eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
+
+ # Apply round of security patches wrt bugs:
+ # 599192, 586886, 618604, 622914, 605208, 623206
+ # This will be included in the next upstream release
+ eapply "${FILESDIR}"/${P}-CVE-2017-5969.patch
+ eapply "${FILESDIR}"/${P}-osd-validation.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-9049-9050.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-9047-9048.patch
+ eapply "${FILESDIR}"/${P}-heap-buffer-overflow.patch
+ eapply "${FILESDIR}"/${P}-CVE-2016-9318.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-7375.patch
+ eapply "${FILESDIR}"/${P}-CVE-2017-0663.patch
+
+ # More patche stolen from Debian patch stack
+ eapply "${FILESDIR}"/${P}-CVE-2017-7376.patch
+ eapply "${FILESDIR}"/${P}-fix-root-node-cmp.patch
+
+ # After all the patching this test still fails:
+ rm "${S}"/test/errors10/781205.xml || die
+
+ # Avoid final linking arguments for python modules
+ if [[ ${CHOST} == *-darwin* ]] ; then
+ sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+ fi
+
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ # We now need to run eautoreconf at the end to prevent maintainer mode.
+# elibtoolize
+# epunt_cxx # if we don't eautoreconf
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # filter seemingly problematic CFLAGS (#26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # USE zlib support breaks gnome2
+ # (libgnomeprint for instance fails to compile with
+ # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+
+ # The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+
+ # --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-html-subdir=${PF}/html \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable ipv6) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ libxml2_py_configure() {
+ mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
+ run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
+ }
+
+ libxml2_configure --without-python # build python bindings separately
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_configure
+ fi
+}
+
+multilib_src_compile() {
+ default
+ if multilib_is_native_abi && use python; then
+ local native_builddir=${BUILD_DIR}
+ python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
+ fi
+}
+
+multilib_src_test() {
+ emake check
+ multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" \
+ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
+
+ if multilib_is_native_abi && use python; then
+ python_foreach_impl libxml2_py_emake \
+ DESTDIR="${D}" \
+ docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+ exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+ install
+ python_foreach_impl python_optimize
+ fi
+}
+
+multilib_src_install_all() {
+ # on windows, xmllint is installed by interix libxml2 in parent prefix.
+ # this is the version to use. the native winnt version does not support
+ # symlinks, which makes repoman fail if the portage tree is linked in
+ # from another location (which is my default). -- mduft
+ if [[ ${CHOST} == *-winnt* ]]; then
+ rm -rf "${ED}"/usr/bin/xmllint
+ rm -rf "${ED}"/usr/bin/xmlcatalog
+ fi
+
+ rm -rf "${ED}"/usr/share/doc/${P}
+ einstalldocs
+
+ if ! use examples; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+ fi
+
+ prune_libtool_files --modules
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ "${ROOT}" != "/" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}etc/xml/catalog"
+
+ # we dont want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e ${CATALOG} ]]; then
+ [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}/python" > /dev/null || die
+ emake "$@"
+ popd > /dev/null
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2018-03-02 16:09 Mart Raudsepp
0 siblings, 0 replies; 14+ messages in thread
From: Mart Raudsepp @ 2018-03-02 16:09 UTC (permalink / raw
To: gentoo-commits
commit: 783baf3271249d8e234cd806650191181ef03c9c
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 2 14:32:11 2018 +0000
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Mar 2 16:08:50 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=783baf32
dev-libs/libxml2: security cleanup
Bug: https://bugs.gentoo.org/644574
Package-Manager: Portage-2.3.19, Repoman-2.3.6
dev-libs/libxml2/Manifest | 1 -
.../files/libxml2-2.9.2-disable-tests.patch | 68 ------
.../files/libxml2-2.9.4-CVE-2016-4658.patch | 249 ---------------------
.../files/libxml2-2.9.4-CVE-2016-5131.patch | 174 --------------
.../libxml2/files/libxml2-2.9.4-nullptrderef.patch | 50 -----
.../files/libxml2-2.9.4-nullptrderef2.patch | 57 -----
dev-libs/libxml2/libxml2-2.9.4-r1.ebuild | 220 ------------------
7 files changed, 819 deletions(-)
diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index a4a9a1eed8c..97855caaa55 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,4 +1,3 @@
-DIST libxml2-2.9.4.tar.gz 5374830 BLAKE2B eb0df2310a7a92084475ccd9bf538cc1c85861b2a8c766e91267b671c18eae3113016abd7bb198b6a239230cb2b9b908b9618fec11d36db10fd5cf6eac03ad3f SHA512 f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9
DIST libxml2-2.9.6.tar.gz 5469624 BLAKE2B cb8fc74044876b2ddf9742a4a84d685ce6cd1e41a991ee79fd70a9175c54d2a9a3d3a2c3229a4ce177fcd4e30b0cee08c7cf3a36fef68b179db0ce521fbbf3b0 SHA512 5ef80f895374bd5dd3bcd5f00c715795f026bf45d998f8f762c0cdb739b8755e01de40cf853d98a3826eacef95c4adebe4777db11020e8d98d0bda921f55a0ed
DIST libxml2-2.9.7.tar.gz 5467389 BLAKE2B e15082fb87fb41a7aab6f39120b1d1bbd0325af8009bb3b74c69a98bf7347a39f59055762df157dcf223a79ac84f17535cb40af0a9a461ee3d2c1d55f4832e1b SHA512 da06cb7c5032ef4b7c8e902fabb9d2c74634c42c161be07a7c66a00d53a68029f89b0d4de32a6b9d4ff338c2d1d9c4e53aefb9cf50cb1c2d6c6b06b442ef42d5
DIST xmlts20080827.tar.gz 638940 BLAKE2B c5aab959c6e0698acd5b9be82b48a8ac26f4d01cc03f9acfff20d344f97f4711fc6d4a524ae70457147e8e30c72e27b6726829e1dd21896286aa974ed60774e7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d
diff --git a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
deleted file mode 100644
index a231269b4b8..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.2-disable-tests.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-do not build test programs as we don't install them
-
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -10,7 +10,7 @@
-
- AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS)
-
--noinst_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
-+check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \
- testThreads testC14N testAutomata testRegexp \
- testReader testapi testModule runtest runsuite testchar \
- testdict runxmlconf testrecurse testlimits
-@@ -170,7 +170,7 @@
- testModule_DEPENDENCIES = $(DEPS)
- testModule_LDADD= $(LDADDS)
-
--noinst_LTLIBRARIES = testdso.la
-+check_LTLIBRARIES = testdso.la
- testdso_la_SOURCES = testdso.c
- testdso_la_LDFLAGS = -module -no-undefined -avoid-version -rpath $(libdir)
-
-@@ -202,7 +202,7 @@ runxmlconf_LDADD= $(LDADDS)
- #testOOM_DEPENDENCIES = $(DEPS)
- #testOOM_LDADD= $(LDADDS)
-
--runtests:
-+runtests: $(check_PROGRAMS)
- [ -d test ] || $(LN_S) $(srcdir)/test .
- [ -d result ] || $(LN_S) $(srcdir)/result .
- $(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
---- a/doc/examples/Makefile.am
-+++ b/doc/examples/Makefile.am
-@@ -13,7 +13,7 @@
- rebuild: examples.xml index.html
- .PHONY: rebuild
-
--examples.xml: index.py $(noinst_PROGRAMS:=.c)
-+examples.xml: index.py $(check_PROGRAMS:=.c)
- cd $(srcdir) && $(PYTHON) index.py
- $(MAKE) Makefile
-
-@@ -49,7 +49,7 @@
- xpath1.res \
- xpath2.res
-
--noinst_PROGRAMS = \
-+check_PROGRAMS = \
- io1 \
- io2 \
- parse1 \
-@@ -99,7 +99,7 @@
- valgrind:
- $(MAKE) CHECKER='valgrind' tests
-
--tests: $(noinst_PROGRAMS)
-+tests: $(check_PROGRAMS)
- test -f Makefile.am || test -f test1.xml || $(LN_S) $(srcdir)/test?.xml .
- @(echo '## examples regression tests')
- @(echo > .memdump)
---- a/example/Makefile.am
-+++ b/example/Makefile.am
-@@ -1,4 +1,4 @@
--noinst_PROGRAMS = gjobread
-+check_PROGRAMS = gjobread
-
- AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/include
- AM_CFLAGS = $(THREAD_CFLAGS) $(Z_CFLAGS)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
deleted file mode 100644
index 2ef22ce7a0d..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-4658.patch
+++ /dev/null
@@ -1,249 +0,0 @@
-From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 18:34:52 +0200
-Subject: Disallow namespace nodes in XPointer ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-4658.
----
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 56 insertions(+), 93 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index a7b03fb..694d120 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
---
-cgit v0.12
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
deleted file mode 100644
index 9ce3fb9d871..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-5131.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-cgit v0.12
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
deleted file mode 100644
index d2a9c3e2add..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From e905f08123e4a6e7731549e6f09dadff4cab65bd Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sun, 26 Jun 2016 12:38:28 +0200
-Subject: Fix more NULL pointer derefs in xpointer.c
-
-Found with afl-fuzz.
----
- xpointer.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index 694d120..e643ee9 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -542,7 +542,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- /*
- * Empty set ...
- */
-- if (end->nodesetval->nodeNr <= 0)
-+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- return(NULL);
- endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
- endIndex = -1;
-@@ -1361,7 +1361,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- */
- xmlNodeSetPtr set;
- set = tmp->nodesetval;
-- if ((set->nodeNr != 1) ||
-+ if ((set == NULL) || (set->nodeNr != 1) ||
- (set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- stack++;
- } else
-@@ -2034,9 +2034,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- xmlXPathFreeObject(set);
- XP_ERROR(XPATH_MEMORY_ERROR);
- }
-- for (i = 0;i < oldset->locNr;i++) {
-- xmlXPtrLocationSetAdd(newset,
-- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ if (oldset != NULL) {
-+ for (i = 0;i < oldset->locNr;i++) {
-+ xmlXPtrLocationSetAdd(newset,
-+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+ }
- }
-
- /*
---
-cgit v0.12
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
deleted file mode 100644
index 2484f76e7b0..00000000000
--- a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 25 Jun 2016 12:35:50 +0200
-Subject: Fix NULL pointer deref in XPointer range-to
-
-- Check for errors after evaluating first operand.
-- Add sanity check for empty stack.
-
-Found with afl-fuzz.
----
- result/XPath/xptr/viderror | 4 ++++
- test/XPath/xptr/viderror | 1 +
- xpath.c | 7 ++++++-
- 3 files changed, 11 insertions(+), 1 deletion(-)
- create mode 100644 result/XPath/xptr/viderror
- create mode 100644 test/XPath/xptr/viderror
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..751665b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- xmlNodeSetPtr oldset;
- int i, j;
-
-- if (op->ch1 != -1)
-+ if (op->ch1 != -1) {
- total +=
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+ CHECK_ERROR0;
-+ }
-+ if (ctxt->value == NULL) {
-+ XP_ERROR0(XPATH_INVALID_OPERAND);
-+ }
- if (op->ch2 == -1)
- return (total);
-
---
-cgit v0.12
-
diff --git a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
deleted file mode 100644
index 8df1fd22c8e..00000000000
--- a/dev-libs/libxml2/libxml2-2.9.4-r1.ebuild
+++ /dev/null
@@ -1,220 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-PYTHON_REQ_USE="xml"
-
-inherit libtool flag-o-matic ltprune python-r1 autotools prefix multilib-minimal
-
-DESCRIPTION="Version 2 of the library to manipulate XML files"
-HOMEPAGE="http://www.xmlsoft.org/"
-
-LICENSE="MIT"
-SLOT="2"
-KEYWORDS="arm64 m68k s390 sh"
-IUSE="debug examples icu ipv6 lzma python readline static-libs test"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
-XSTS_NAME_1="xmlschema2002-01-16"
-XSTS_NAME_2="xmlschema2004-01-14"
-XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
-XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
-XMLCONF_TARBALL="xmlts20080827.tar.gz"
-
-SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
- test? (
- ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
- ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
- http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )"
-
-RDEPEND="
- >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
- icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
- python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
-"
-DEPEND="${RDEPEND}
- dev-util/gtk-doc-am
- virtual/pkgconfig
- hppa? ( >=sys-devel/binutils-2.15.92.0.2 )
-"
-
-S="${WORKDIR}/${PN}-${PV%_rc*}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/xml2-config
-)
-
-src_unpack() {
- # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR,
- # as they are needed as tarballs in ${S}/xstc instead and not unpacked
- unpack ${P/_rc/-rc}.tar.gz
- cd "${S}" || die
-
- if use test; then
- cp "${DISTDIR}/${XSTS_TARBALL_1}" \
- "${DISTDIR}/${XSTS_TARBALL_2}" \
- "${S}"/xstc/ \
- || die "Failed to install test tarballs"
- unpack ${XMLCONF_TARBALL}
- fi
-}
-
-src_prepare() {
- default
-
- DOCS=( AUTHORS ChangeLog NEWS README* TODO* )
-
- # Patches needed for prefix support
- eapply "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
-
- eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
-
- # Fix build for Windows platform
- # https://bugzilla.gnome.org/show_bug.cgi?id=760456
- eapply "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch
-
- # Disable programs that we don't actually install.
- # https://bugzilla.gnome.org/show_bug.cgi?id=760457
- eapply "${FILESDIR}"/${PN}-2.9.2-disable-tests.patch
-
- # Fix python detection, bug #567066
- # https://bugzilla.gnome.org/show_bug.cgi?id=760458
- eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
-
- # Apply latest round of security patches wrt bugs
- # 589816, 597112, 597114, 597116. This will be included
- # in the next upstream release
- eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-4658.patch
- eapply "${FILESDIR}"/${PN}-2.9.4-CVE-2016-5131.patch
- eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef.patch
- eapply "${FILESDIR}"/${PN}-2.9.4-nullptrderef2.patch
-
- # Avoid final linking arguments for python modules
- if [[ ${CHOST} == *-darwin* ]] ; then
- sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
- fi
-
- # Please do not remove, as else we get references to PORTAGE_TMPDIR
- # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
- # We now need to run eautoreconf at the end to prevent maintainer mode.
-# elibtoolize
-# epunt_cxx # if we don't eautoreconf
-
- eautoreconf
-}
-
-multilib_src_configure() {
- # filter seemingly problematic CFLAGS (#26320)
- filter-flags -fprefetch-loop-arrays -funroll-loops
-
- # USE zlib support breaks gnome2
- # (libgnomeprint for instance fails to compile with
- # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
-
- # The meaning of the 'debug' USE flag does not apply to the --with-debug
- # switch (enabling the libxml2 debug module). See bug #100898.
-
- # --with-mem-debug causes unusual segmentation faults (bug #105120).
-
- libxml2_configure() {
- ECONF_SOURCE="${S}" econf \
- --with-html-subdir=${PF}/html \
- $(use_with debug run-debug) \
- $(use_with icu) \
- $(use_with lzma) \
- $(use_enable ipv6) \
- $(use_enable static-libs static) \
- $(multilib_native_use_with readline) \
- $(multilib_native_use_with readline history) \
- "$@"
- }
-
- libxml2_py_configure() {
- mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist
- run_in_build_dir libxml2_configure "--with-python=${ROOT%/}${PYTHON}" # odd build system, also see bug #582130
- }
-
- libxml2_configure --without-python # build python bindings separately
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_configure
- fi
-}
-
-multilib_src_compile() {
- default
- if multilib_is_native_abi && use python; then
- local native_builddir=${BUILD_DIR}
- python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all
- fi
-}
-
-multilib_src_test() {
- default
- multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test
-}
-
-multilib_src_install() {
- emake DESTDIR="${D}" \
- EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install
-
- if multilib_is_native_abi && use python; then
- python_foreach_impl libxml2_py_emake \
- DESTDIR="${D}" \
- docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
- exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
- install
- python_foreach_impl python_optimize
- fi
-}
-
-multilib_src_install_all() {
- # on windows, xmllint is installed by interix libxml2 in parent prefix.
- # this is the version to use. the native winnt version does not support
- # symlinks, which makes repoman fail if the portage tree is linked in
- # from another location (which is my default). -- mduft
- if [[ ${CHOST} == *-winnt* ]]; then
- rm -rf "${ED}"/usr/bin/xmllint
- rm -rf "${ED}"/usr/bin/xmlcatalog
- fi
-
- rm -rf "${ED}"/usr/share/doc/${P}
- einstalldocs
-
- if ! use examples; then
- rm -rf "${ED}"/usr/share/doc/${PF}/examples
- rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
- fi
-
- prune_libtool_files --modules
-}
-
-pkg_postinst() {
- # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
- # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
- if [[ "${ROOT}" != "/" ]]; then
- elog "Skipping XML catalog creation for stage building (bug #208887)."
- else
- # need an XML catalog, so no-one writes to a non-existent one
- CATALOG="${EROOT}etc/xml/catalog"
-
- # we dont want to clobber an existing catalog though,
- # only ensure that one is there
- # <obz@gentoo.org>
- if [[ ! -e ${CATALOG} ]]; then
- [[ -d "${EROOT}etc/xml" ]] || mkdir -p "${EROOT}etc/xml"
- "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
- einfo "Created XML catalog in ${CATALOG}"
- fi
- fi
-}
-
-libxml2_py_emake() {
- pushd "${BUILD_DIR}/python" > /dev/null || die
- emake "$@"
- popd > /dev/null
-}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2019-01-03 10:54 Mike Frysinger
0 siblings, 0 replies; 14+ messages in thread
From: Mike Frysinger @ 2019-01-03 10:54 UTC (permalink / raw
To: gentoo-commits
commit: c00985c576a4af05b6cc871fe63f93a6537bb20e
Author: Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Thu Jan 3 10:52:31 2019 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 3 10:54:21 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c00985c5
dev-libs/libxml2: fix reader5.py test #565576
Closes: https://bugs.gentoo.org/565576
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
.../files/libxml2-2.9.8-out-of-tree-test.patch | 40 ++++++++++++++++++++++
dev-libs/libxml2/libxml2-2.9.8.ebuild | 3 ++
2 files changed, 43 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
new file mode 100644
index 00000000000..fcc441d05de
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
@@ -0,0 +1,40 @@
+https://gitlab.gnome.org/GNOME/libxml2/merge_requests/14
+
+From 54878c018af979b20ca1bfbf12599973484cae5b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Thu, 3 Jan 2019 05:44:03 -0500
+Subject: [PATCH] fix reader5.py test when building out of tree
+
+When building out of tree, the relative path this test uses doesn't
+work. Resolve the path relative to the test script itself instead.
+
+Url: https://bugs.gentoo.org/565576
+---
+ python/tests/reader5.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/python/tests/reader5.py b/python/tests/reader5.py
+index 82d0daea474a..da5355ffc4c6 100755
+--- a/python/tests/reader5.py
++++ b/python/tests/reader5.py
+@@ -4,6 +4,7 @@
+ # this extract the Dragon bibliography entries from the XML specification
+ #
+ import libxml2
++import os
+ import sys
+
+ # Memory debug specific
+@@ -14,7 +15,8 @@ Ravi Sethi, and Jeffrey D. Ullman.
+ <emph>Compilers: Principles, Techniques, and Tools</emph>.
+ Reading: Addison-Wesley, 1986, rpt. corr. 1988.</bibl>"""
+
+-f = open('../../test/valid/REC-xml-19980210.xml', 'rb')
++basedir = os.path.dirname(os.path.realpath(__file__))
++f = open(os.path.join(basedir, '../../test/valid/REC-xml-19980210.xml'), 'rb')
+ input = libxml2.inputBuffer(f)
+ reader = input.newTextReader("REC")
+ res=""
+--
+2.19.1
+
diff --git a/dev-libs/libxml2/libxml2-2.9.8.ebuild b/dev-libs/libxml2/libxml2-2.9.8.ebuild
index 1917e19e628..fbb37285cb7 100644
--- a/dev-libs/libxml2/libxml2-2.9.8.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.8.ebuild
@@ -81,6 +81,9 @@ src_prepare() {
# https://bugzilla.gnome.org/show_bug.cgi?id=760458
eapply "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+ # Fix python tests when building out of tree #565576
+ eapply "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+
if [[ ${CHOST} == *-darwin* ]] ; then
# Avoid final linking arguments for python modules
sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2021-03-11 17:47 Sam James
0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2021-03-11 17:47 UTC (permalink / raw
To: gentoo-commits
commit: cf3128be852f26ac32c5dd67e904012b094b9496
Author: Benjamin Gordon <bmgordon <AT> chromium <DOT> org>
AuthorDate: Fri Mar 5 16:25:29 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 11 17:47:44 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf3128be
dev-libs/libxml2: Add upstream patch for xmllint
This fixes an out-of-bounds read in xmllint when built with icu. See
CVE-2020-24977 and https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
for more info.
Signed-off-by: Benjamin Gordon <bmgordon <AT> chromium.org>
Bug: https://bugs.gentoo.org/749849
Closes: https://github.com/gentoo/gentoo/pull/19835
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/libxml2-2.9.10-xmllint-utf8.patch | 36 ++++++++++++++++++++++
...2-2.9.10-r4.ebuild => libxml2-2.9.10-r5.ebuild} | 3 ++
2 files changed, 39 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
new file mode 100644
index 00000000000..7807b32cce5
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
@@ -0,0 +1,36 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+---
+ xmllint.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++ /*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++ memset(&buffer[sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+GitLab
+
diff --git a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
similarity index 98%
rename from dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
rename to dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
index 9db3902e430..1e48320e3fd 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
@@ -92,6 +92,9 @@ src_prepare() {
# bug #745162
eapply "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch
+ # https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
+ eapply "${FILESDIR}"/${PN}-2.9.10-xmllint-utf8.patch
+
if [[ ${CHOST} == *-darwin* ]] ; then
# Avoid final linking arguments for python modules
sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2021-03-11 17:47 Sam James
0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2021-03-11 17:47 UTC (permalink / raw
To: gentoo-commits
commit: 3c89772e764f988c990d87a3fd3428894317512e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 11 17:30:06 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 11 17:47:45 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c89772e
dev-libs/libxml2: split CVE patch into new revbump (2.9.10-r5), restore old
Bug: https://bugs.gentoo.org/749849
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch | 2 ++
.../libxml2/{libxml2-2.9.10-r5.ebuild => libxml2-2.9.10-r4.ebuild} | 3 ---
dev-libs/libxml2/libxml2-2.9.10-r5.ebuild | 2 +-
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
index 7807b32cce5..179f3a8c384 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch
@@ -1,3 +1,5 @@
+https://bugs.gentoo.org/749849
+
From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 7 Aug 2020 21:54:27 +0200
diff --git a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
similarity index 98%
copy from dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
copy to dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
index 1e48320e3fd..9db3902e430 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild
@@ -92,9 +92,6 @@ src_prepare() {
# bug #745162
eapply "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch
- # https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
- eapply "${FILESDIR}"/${PN}-2.9.10-xmllint-utf8.patch
-
if [[ ${CHOST} == *-darwin* ]] ; then
# Avoid final linking arguments for python modules
sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
diff --git a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
index 1e48320e3fd..cc5323b91d7 100644
--- a/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
LICENSE="MIT"
SLOT="2"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="debug examples icu ipv6 lzma +python readline static-libs test"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RESTRICT="!test? ( test )"
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2022-04-23 0:27 Mike Gilbert
0 siblings, 0 replies; 14+ messages in thread
From: Mike Gilbert @ 2022-04-23 0:27 UTC (permalink / raw
To: gentoo-commits
commit: 1962521dfb13aae2f73a0fddaba1c0a68e5b5670
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 23 00:27:27 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Apr 23 00:27:27 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1962521d
dev-libs/libxml2: avoid creating /missing.xml in tests
Closes: https://bugs.gentoo.org/839804
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../files/libxml2-2.9.13-testapi-missing-xml.patch | 28 ++++++++++++++++++++++
dev-libs/libxml2/libxml2-2.9.13-r1.ebuild | 3 +++
2 files changed, 31 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
new file mode 100644
index 000000000000..adbb3db72a5a
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
@@ -0,0 +1,28 @@
+From b31e07dbf40c3998dd466829e818f5870296272d Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 22 Apr 2022 20:14:05 -0400
+Subject: [PATCH] testapi: remove leading slash from "/missing.xml"
+
+Fixes an error when running tests in a sandbox on Gentoo Linux.
+
+Bug: https://bugs.gentoo.org/839804
+---
+ testapi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testapi.c b/testapi.c
+index d4258c43..c7a5b163 100644
+--- a/testapi.c
++++ b/testapi.c
+@@ -442,7 +442,7 @@ static void des_eaten_name(int no ATTRIBUTE_UNUSED, xmlChar *val ATTRIBUTE_UNUSE
+ #define gen_nb_fileoutput 6
+
+ static const char *gen_fileoutput(int no, int nr ATTRIBUTE_UNUSED) {
+- if (no == 0) return("/missing.xml");
++ if (no == 0) return("missing.xml");
+ if (no == 1) return("<foo/>");
+ if (no == 2) return(REMOTE2GOOD);
+ if (no == 3) return(REMOTE1GOOD);
+--
+2.35.1
+
diff --git a/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
index 3378e7fad44d..82dfa95b7b2f 100644
--- a/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.13-r1.ebuild
@@ -77,6 +77,9 @@ PATCHES=(
# Don't bother copying Python's libraries (bug #798942)
"${WORKDIR}"/${PN}-2.9.12-dont-copy-python-ldflags.patch
+
+ # https://bugs.gentoo.org/839804
+ "${FILESDIR}"/libxml2-2.9.13-testapi-missing-xml.patch
)
src_unpack() {
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2022-05-03 0:50 Sam James
0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2022-05-03 0:50 UTC (permalink / raw
To: gentoo-commits
commit: 8bbbe5e4ec96f6c8b2d2858f9c23fa8a24a797f2
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue May 3 00:38:04 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue May 3 00:39:01 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bbbe5e4
dev-libs/libxml2: add 2.9.14
Bug: https://bugs.gentoo.org/842261
Closes: https://bugs.gentoo.org/582130
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/libxml2/Manifest | 1 +
.../files/libxml2-2.9.13-testapi-missing-xml.patch | 9 ----
.../files/libxml2-2.9.8-out-of-tree-test.patch | 31 +++++++++++++
.../{libxml2-9999.ebuild => libxml2-2.9.14.ebuild} | 51 +++++++++++++---------
dev-libs/libxml2/libxml2-9999.ebuild | 51 +++++++++++++---------
5 files changed, 92 insertions(+), 51 deletions(-)
diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index 09beb394762d..ff7171e5e024 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,5 +1,6 @@
DIST libxml2-2.9.12-r5-patchset.tar.bz2 7231 BLAKE2B d9d0d56ebccbfe234a8af04cc5343c1a02d84fbd998c2373fd48be59cf92807a9417db650a6bb6ba309e101994c4ae2b28edda7bf635c7728eb8b8047d0d3391 SHA512 b2db0fe4595c1559d9f8dc836ee6eee469191f6c490fc95d25d9fa99a544e80858894cc35b6e4a6624a38d0309800540badc929e86ef29950c1107caa4656a14
DIST libxml2-2.9.13.tar.xz 3243336 BLAKE2B 845a8283cf1ff9fd9f7926cfe0042c042a9de5ed184520d8057f7b33312687d5ff28abdf30dd2674795d78dc80326203a907f9e22cd261805309403ecdd585f5 SHA512 fc51980cb9222bd3b5242f73d28b55fa15a80e68e52e1c45274f1eda11500ed385853209edb3b2a1f06b9de0be304c159a9bd898c7d84b0899eacb00723d98b5
+DIST libxml2-2.9.14.tar.xz 3129968 BLAKE2B ab584503d5209e4aaf41ae6f44aed5e94c0ae29e28cfba39a9012568aa97515af861b47891b84d2a352a07357626ba50ddb1e344e911fa14ff2ce93c5beff1f1 SHA512 d08e6cafb289c499fdc5b3a12181e032a34f7a249bc66758859f964d3e71e19fd69be79921e1a9d8ab1e692d15b13f5fae95eeb10c3236974d89e218f5107606
DIST xmlts20130923.tar.gz 641522 BLAKE2B 63a47bc69278ef510cd0b3779aed729e1b309e30efa0015d28ed051cc03f9dfddb447ab57b07b3393e8f47393d15473b0e199c34cb1f5f746b15ddfaa55670be SHA512 d5c4d26b324ed21f4e0641cd7f8b76dbf9de80df8b519982e44d41c960df29fd03618e02e9693b2d11ad06d19c4a965274c95a048ec3b9653eacb919a7f8b733
DIST xsts-2002-01-16.tar.gz 6894439 BLAKE2B 1e9ec63d2c104655e64249e07440a04d862fcbcd4d4e19745d81b34994319b510a531c9d6df1491fae1e90b5d0764f0f1a827251ca8df5d613178b0eab01ef25 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288
DIST xsts-2004-01-14.tar.gz 2761085 BLAKE2B 41545995fb3a65d053257c376c07d45ffd1041a433bfbdb46d4dd87a5afb60c18c8629a3d988323f9e7a1d709775b5a7e5930276a7121c0725a22705c0976e36 SHA512 32854388d7e720ad67156baf50bf2bae7bd878ca3e35fd7e44e57cad3f434f69d56bbbedd61509f8a1faf01c9eae74a078df8fe130780b182c05c05cb1c39ebe
diff --git a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
index adbb3db72a5a..fa8e3d392d18 100644
--- a/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
+++ b/dev-libs/libxml2/files/libxml2-2.9.13-testapi-missing-xml.patch
@@ -6,12 +6,6 @@ Subject: [PATCH] testapi: remove leading slash from "/missing.xml"
Fixes an error when running tests in a sandbox on Gentoo Linux.
Bug: https://bugs.gentoo.org/839804
----
- testapi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/testapi.c b/testapi.c
-index d4258c43..c7a5b163 100644
--- a/testapi.c
+++ b/testapi.c
@@ -442,7 +442,7 @@ static void des_eaten_name(int no ATTRIBUTE_UNUSED, xmlChar *val ATTRIBUTE_UNUSE
@@ -23,6 +17,3 @@ index d4258c43..c7a5b163 100644
if (no == 1) return("<foo/>");
if (no == 2) return(REMOTE2GOOD);
if (no == 3) return(REMOTE1GOOD);
---
-2.35.1
-
diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
new file mode 100644
index 000000000000..468214d0bd8b
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-out-of-tree-test.patch
@@ -0,0 +1,31 @@
+https://gitlab.gnome.org/GNOME/libxml2/merge_requests/14
+
+From 54878c018af979b20ca1bfbf12599973484cae5b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Thu, 3 Jan 2019 05:44:03 -0500
+Subject: [PATCH] fix reader5.py test when building out of tree
+
+When building out of tree, the relative path this test uses doesn't
+work. Resolve the path relative to the test script itself instead.
+
+Url: https://bugs.gentoo.org/565576
+--- a/python/tests/reader5.py
++++ b/python/tests/reader5.py
+@@ -4,6 +4,7 @@
+ # this extract the Dragon bibliography entries from the XML specification
+ #
+ import libxml2
++import os
+ import sys
+
+ # Memory debug specific
+@@ -14,7 +15,8 @@ Ravi Sethi, and Jeffrey D. Ullman.
+ <emph>Compilers: Principles, Techniques, and Tools</emph>.
+ Reading: Addison-Wesley, 1986, rpt. corr. 1988.</bibl>"""
+
+-f = open('../../test/valid/REC-xml-19980210.xml', 'rb')
++basedir = os.path.dirname(os.path.realpath(__file__))
++f = open(os.path.join(basedir, '../../test/valid/REC-xml-19980210.xml'), 'rb')
+ input = libxml2.inputBuffer(f)
+ reader = input.newTextReader("REC")
+ res=""
diff --git a/dev-libs/libxml2/libxml2-9999.ebuild b/dev-libs/libxml2/libxml2-2.9.14.ebuild
similarity index 80%
copy from dev-libs/libxml2/libxml2-9999.ebuild
copy to dev-libs/libxml2/libxml2-2.9.14.ebuild
index 3ad0604b6f1e..847a7c331d40 100644
--- a/dev-libs/libxml2/libxml2-9999.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.14.ebuild
@@ -7,7 +7,7 @@ EAPI=8
PYTHON_COMPAT=( python3_{8..10} )
PYTHON_REQ_USE="xml"
-inherit autotools flag-o-matic python-r1 multilib-minimal
+inherit flag-o-matic python-r1 multilib-minimal
XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
XSTS_NAME_1="xmlschema2002-01-16"
@@ -20,10 +20,10 @@ DESCRIPTION="XML C parser and toolkit"
HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
- inherit git-r3
+ inherit autotools git-r3
else
- inherit gnome.org
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+ inherit gnome.org libtool
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi
SRC_URI+="
@@ -40,18 +40,17 @@ IUSE="debug examples icu lzma +python readline static-libs test"
RESTRICT="!test? ( test )"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-BDEPEND="
- dev-util/gtk-doc-am
- virtual/pkgconfig
-"
-RDEPEND="
- >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
-"
+ readline? ( sys-libs/readline:= )"
DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+ BDEPEND+=" dev-util/gtk-doc-am"
+fi
MULTILIB_CHOST_TOOLS=(
/usr/bin/xml2-config
@@ -59,6 +58,10 @@ MULTILIB_CHOST_TOOLS=(
DOCS=( NEWS README.md TODO TODO_SCHEMAS python/TODO )
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+)
+
src_unpack() {
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
@@ -67,7 +70,11 @@ src_unpack() {
# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
# as they are needed as tarballs in ${S}/xstc instead and not unpacked
- unpack ${tarname} ${PN}-${PATCHSET_VERSION}.tar.bz2
+ unpack ${tarname}
+
+ if [[ -n ${PATCHSET_VERSION} ]] ; then
+ unpack ${PN}-${PATCHSET_VERSION}.tar.bz2
+ fi
fi
cd "${S}" || die
@@ -84,22 +91,22 @@ src_unpack() {
src_prepare() {
default
- # Please do not remove, as else we get references to PORTAGE_TMPDIR
- # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
- # We now need to run eautoreconf at the end to prevent maintainer mode.
- #elibtoolize
- # Needed for https://gitlab.gnome.org/GNOME/libxml2/-/issues/338 too in 2.9.13
- eautoreconf
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ else
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ elibtoolize
+ fi
}
multilib_src_configure() {
- # Filter seemingly problematic CFLAGS (#26320)
+ # Filter seemingly problematic CFLAGS (bug #26320)
filter-flags -fprefetch-loop-arrays -funroll-loops
# Notes:
# The meaning of the 'debug' USE flag does not apply to the --with-debug
# switch (enabling the libxml2 debug module). See bug #100898.
-
libxml2_configure() {
ECONF_SOURCE="${S}" econf \
--enable-ipv6 \
@@ -160,6 +167,8 @@ multilib_src_install_all() {
rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
fi
+ rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
find "${ED}" -name '*.la' -delete || die
}
diff --git a/dev-libs/libxml2/libxml2-9999.ebuild b/dev-libs/libxml2/libxml2-9999.ebuild
index 3ad0604b6f1e..847a7c331d40 100644
--- a/dev-libs/libxml2/libxml2-9999.ebuild
+++ b/dev-libs/libxml2/libxml2-9999.ebuild
@@ -7,7 +7,7 @@ EAPI=8
PYTHON_COMPAT=( python3_{8..10} )
PYTHON_REQ_USE="xml"
-inherit autotools flag-o-matic python-r1 multilib-minimal
+inherit flag-o-matic python-r1 multilib-minimal
XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
XSTS_NAME_1="xmlschema2002-01-16"
@@ -20,10 +20,10 @@ DESCRIPTION="XML C parser and toolkit"
HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
- inherit git-r3
+ inherit autotools git-r3
else
- inherit gnome.org
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+ inherit gnome.org libtool
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi
SRC_URI+="
@@ -40,18 +40,17 @@ IUSE="debug examples icu lzma +python readline static-libs test"
RESTRICT="!test? ( test )"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-BDEPEND="
- dev-util/gtk-doc-am
- virtual/pkgconfig
-"
-RDEPEND="
- >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+RDEPEND=">=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
- readline? ( sys-libs/readline:= )
-"
+ readline? ( sys-libs/readline:= )"
DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+ BDEPEND+=" dev-util/gtk-doc-am"
+fi
MULTILIB_CHOST_TOOLS=(
/usr/bin/xml2-config
@@ -59,6 +58,10 @@ MULTILIB_CHOST_TOOLS=(
DOCS=( NEWS README.md TODO TODO_SCHEMAS python/TODO )
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+)
+
src_unpack() {
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
@@ -67,7 +70,11 @@ src_unpack() {
# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
# as they are needed as tarballs in ${S}/xstc instead and not unpacked
- unpack ${tarname} ${PN}-${PATCHSET_VERSION}.tar.bz2
+ unpack ${tarname}
+
+ if [[ -n ${PATCHSET_VERSION} ]] ; then
+ unpack ${PN}-${PATCHSET_VERSION}.tar.bz2
+ fi
fi
cd "${S}" || die
@@ -84,22 +91,22 @@ src_unpack() {
src_prepare() {
default
- # Please do not remove, as else we get references to PORTAGE_TMPDIR
- # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
- # We now need to run eautoreconf at the end to prevent maintainer mode.
- #elibtoolize
- # Needed for https://gitlab.gnome.org/GNOME/libxml2/-/issues/338 too in 2.9.13
- eautoreconf
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ else
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ elibtoolize
+ fi
}
multilib_src_configure() {
- # Filter seemingly problematic CFLAGS (#26320)
+ # Filter seemingly problematic CFLAGS (bug #26320)
filter-flags -fprefetch-loop-arrays -funroll-loops
# Notes:
# The meaning of the 'debug' USE flag does not apply to the --with-debug
# switch (enabling the libxml2 debug module). See bug #100898.
-
libxml2_configure() {
ECONF_SOURCE="${S}" econf \
--enable-ipv6 \
@@ -160,6 +167,8 @@ multilib_src_install_all() {
rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
fi
+ rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
find "${ED}" -name '*.la' -delete || die
}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2023-10-08 4:48 Sam James
0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2023-10-08 4:48 UTC (permalink / raw
To: gentoo-commits
commit: 5d172c4f999dff461c5401bf97ba83f81390dc55
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 8 04:44:50 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 8 04:48:09 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d172c4f
dev-libs/libxml2: fix CVE-2023-45322
Bug: https://bugs.gentoo.org/915351
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/libxml2-2.11.5-CVE-2023-45322.patch | 71 ++++++++
dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 +++++++++++++++++++++
2 files changed, 271 insertions(+)
diff --git a/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
new file mode 100644
index 000000000000..190218be3a5e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
@@ -0,0 +1,71 @@
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
+https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
+https://bugs.gentoo.org/915351
+
+From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 23 Aug 2023 20:24:24 +0200
+Subject: [PATCH] tree: Fix copying of DTDs
+
+- Don't create multiple DTD nodes.
+- Fix UAF if malloc fails.
+- Skip DTD nodes if tree module is disabled.
+
+Fixes #583.
+--- a/tree.c
++++ b/tree.c
+@@ -4471,29 +4471,28 @@ xmlNodePtr
+ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+ xmlNodePtr ret = NULL;
+ xmlNodePtr p = NULL,q;
++ xmlDtdPtr newSubset = NULL;
+
+ while (node != NULL) {
+-#ifdef LIBXML_TREE_ENABLED
+ if (node->type == XML_DTD_NODE ) {
+- if (doc == NULL) {
++#ifdef LIBXML_TREE_ENABLED
++ if ((doc == NULL) || (doc->intSubset != NULL)) {
+ node = node->next;
+ continue;
+ }
+- if (doc->intSubset == NULL) {
+- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+- if (q == NULL) goto error;
+- q->doc = doc;
+- q->parent = parent;
+- doc->intSubset = (xmlDtdPtr) q;
+- xmlAddChild(parent, q);
+- } else {
+- q = (xmlNodePtr) doc->intSubset;
+- xmlAddChild(parent, q);
+- }
+- } else
++ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
++ if (q == NULL) goto error;
++ q->doc = doc;
++ q->parent = parent;
++ newSubset = (xmlDtdPtr) q;
++#else
++ node = node->next;
++ continue;
+ #endif /* LIBXML_TREE_ENABLED */
++ } else {
+ q = xmlStaticCopyNode(node, doc, parent, 1);
+- if (q == NULL) goto error;
++ if (q == NULL) goto error;
++ }
+ if (ret == NULL) {
+ q->prev = NULL;
+ ret = p = q;
+@@ -4505,6 +4504,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+ }
+ node = node->next;
+ }
++ if (newSubset != NULL)
++ doc->intSubset = newSubset;
+ return(ret);
+ error:
+ xmlFreeNodeList(ret);
+--
+GitLab
diff --git a/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
new file mode 100644
index 000000000000..ad027676e475
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Note: Please bump in sync with dev-libs/libxslt
+
+PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_REQ_USE="xml(+)"
+inherit flag-o-matic python-r1 multilib-minimal
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20130923.tar.gz"
+
+DESCRIPTION="XML C parser and toolkit"
+HOMEPAGE="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
+ inherit autotools git-r3
+else
+ inherit gnome.org libtool
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+SRC_URI+="
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ https://www.w3.org/XML/Test/${XMLCONF_TARBALL}
+ )
+"
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+LICENSE="MIT"
+SLOT="2"
+IUSE="debug examples +ftp icu lzma +python readline static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+ virtual/libiconv
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+ BDEPEND+=" dev-util/gtk-doc-am"
+fi
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.11.5-CVE-2023-45322.patch
+)
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ local tarname=${P/_rc/-rc}.tar.xz
+
+ # ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${tarname}
+
+ if [[ -n ${PATCHSET_VERSION} ]] ; then
+ unpack ${PN}-${PATCHSET_VERSION}.tar.xz
+ fi
+ fi
+
+ cd "${S}" || die
+
+ if use test ; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ default
+
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ else
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ elibtoolize
+ fi
+}
+
+multilib_src_configure() {
+ # Filter seemingly problematic CFLAGS (bug #26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # Notes:
+ # The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --enable-ipv6 \
+ $(use_with ftp) \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ # Build python bindings separately
+ libxml2_configure --without-python
+
+ multilib_is_native_abi && use python &&
+ python_foreach_impl run_in_build_dir libxml2_configure --with-python
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}"/python >/dev/null || die
+
+ emake top_builddir="${NATIVE_BUILD_DIR}" "$@"
+
+ popd >/dev/null || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi && use python ; then
+ NATIVE_BUILD_DIR="${BUILD_DIR}"
+ python_foreach_impl run_in_build_dir libxml2_py_emake all
+ fi
+}
+
+multilib_src_test() {
+ ln -s "${S}"/xmlconf || die
+
+ emake check
+
+ multilib_is_native_abi && use python &&
+ python_foreach_impl run_in_build_dir libxml2_py_emake check
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ multilib_is_native_abi && use python &&
+ python_foreach_impl run_in_build_dir libxml2_py_emake DESTDIR="${D}" install
+
+ # Hack until automake release is made for the optimise fix
+ # https://git.savannah.gnu.org/cgit/automake.git/commit/?id=bde43d0481ff540418271ac37012a574a4fcf097
+ multilib_is_native_abi && use python && python_foreach_impl python_optimize
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ if ! use examples ; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples || die
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
+ fi
+
+ rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ -n "${ROOT}" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # Need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}/etc/xml/catalog"
+
+ # We don't want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e "${CATALOG}" ]]; then
+ [[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/
@ 2024-11-10 21:11 Sam James
0 siblings, 0 replies; 14+ messages in thread
From: Sam James @ 2024-11-10 21:11 UTC (permalink / raw
To: gentoo-commits
commit: 719f8cddede04669939001c30524c53c141f79c4
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 21:10:54 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 21:10:54 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719f8cdd
dev-libs/libxml2: add 2.12.9
Bug: https://bugs.gentoo.org/943198
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch | 20 ++++++++++++++++++++
dev-libs/libxml2/libxml2-2.12.9.ebuild | 2 +-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch b/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch
new file mode 100644
index 000000000000..d00f37bfb681
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch
@@ -0,0 +1,20 @@
+Needed with icu-76.1 at least. Not clear why it worked before.
+
+/var/tmp/portage/dev-libs/libxml2-2.11.9/work/libxml2-2.11.9-abi_x86_32.x86/.libs/runtest:
+ symbol lookup error: /var/tmp/portage/dev-libs/libxml2-2.11.9/work/libxml2-2.11.9-abi_x86_32.x86/.libs/libxml2.so.2: undefined symbol: UCNV_FROM_U_CALLBACK_STOP
+--- a/configure.ac
++++ b/configure.ac
+@@ -1108,10 +1108,10 @@ if test "$with_icu" = "no" || test "$with_icu" = "" ; then
+ else
+ # Try pkg-config first so that static linking works.
+ # If this succeeeds, we ignore the WITH_ICU directory.
+- PKG_CHECK_MODULES([ICU], [icu-i18n], [
+- WITH_ICU=1; XML_PC_REQUIRES="${XML_PC_REQUIRES} icu-i18n"
++ PKG_CHECK_MODULES([ICU], [icu-uc icu-i18n], [
++ WITH_ICU=1; XML_PC_REQUIRES="${XML_PC_REQUIRES} icu-uc icu-i18n"
+ m4_ifdef([PKG_CHECK_VAR],
+- [PKG_CHECK_VAR([ICU_DEFS], [icu-i18n], [DEFS])])
++ [PKG_CHECK_VAR([ICU_DEFS], [icu-uc icu-i18n], [DEFS])])
+ if test "x$ICU_DEFS" != "x"; then
+ ICU_CFLAGS="$ICU_CFLAGS $ICU_DEFS"
+ fi],[:])
diff --git a/dev-libs/libxml2/libxml2-2.12.9.ebuild b/dev-libs/libxml2/libxml2-2.12.9.ebuild
index 4b3f77ea7ca8..1f7c6270c0cd 100644
--- a/dev-libs/libxml2/libxml2-2.12.9.ebuild
+++ b/dev-libs/libxml2/libxml2-2.12.9.ebuild
@@ -61,7 +61,7 @@ MULTILIB_CHOST_TOOLS=(
)
PATCHES=(
- "${FILESDIR}"/${PN}-2.11.9-icu-pkgconfig.patch
+ "${FILESDIR}"/${PN}-2.12.9-icu-pkgconfig.patch
)
src_unpack() {
^ permalink raw reply related [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-11-10 21:11 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-03 0:50 [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/files/, dev-libs/libxml2/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-11-10 21:11 Sam James
2023-10-08 4:48 Sam James
2022-04-23 0:27 Mike Gilbert
2021-03-11 17:47 Sam James
2021-03-11 17:47 Sam James
2019-01-03 10:54 Mike Frysinger
2018-03-02 16:09 Mart Raudsepp
2017-08-24 22:47 Gilles Dartiguelongue
2017-08-23 7:29 Gilles Dartiguelongue
2017-01-17 15:08 Mart Raudsepp
2017-01-02 6:41 Aaron Bauman
2015-11-09 20:31 Gilles Dartiguelongue
2015-10-31 1:42 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox