From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L2FJd-0006u5-St for garchives@archives.gentoo.org; Tue, 18 Nov 2008 01:23:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2FEE1E0403; Tue, 18 Nov 2008 01:23:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id DA795E0403 for ; Tue, 18 Nov 2008 01:23:41 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id CDBE364E62 for ; Tue, 18 Nov 2008 01:23:39 +0000 (UTC) Received: from leio by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1L2FJb-0007hf-08 for gentoo-commits@lists.gentoo.org; Tue, 18 Nov 2008 01:23:39 +0000 From: "Mart Raudsepp (leio)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, leio@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/libxml2: ChangeLog libxml2-2.7.2-r1.ebuild X-VCS-Repository: gentoo-x86 X-VCS-Files: ChangeLog libxml2-2.7.2-r1.ebuild X-VCS-Directories: dev-libs/libxml2 X-VCS-Committer: leio X-VCS-Committer-Name: Mart Raudsepp Content-Type: text/plain; charset=utf8 Message-Id: Sender: Mart Raudsepp Date: Tue, 18 Nov 2008 01:23:39 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 66834c76-3772-4c16-9016-976a84e62891 X-Archives-Hash: b26cb361561163373e40175e5ec7c478 leio 08/11/18 01:23:38 Modified: ChangeLog Added: libxml2-2.7.2-r1.ebuild Log: Fix for CVE-2008-4225 - possible infinite loop. Fix for CVE-2008-4226 -= possible integer overflow leading to memory corruption and potential arb= itrary code execution with huge XML files. Bug 245960 (Portage version: 2.2_rc14/cvs/Linux 2.6.27-gentoo-r2 x86_64) Revision Changes Path 1.236 dev-libs/libxml2/ChangeLog file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/libxml2/C= hangeLog?rev=3D1.236&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/libxml2/C= hangeLog?rev=3D1.236&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/libxml2/C= hangeLog?r1=3D1.235&r2=3D1.236 Index: ChangeLog =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v retrieving revision 1.235 retrieving revision 1.236 diff -u -r1.235 -r1.236 --- ChangeLog 13 Nov 2008 18:55:33 -0000 1.235 +++ ChangeLog 18 Nov 2008 01:23:38 -0000 1.236 @@ -1,6 +1,14 @@ # ChangeLog for dev-libs/libxml2 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.235 20= 08/11/13 18:55:33 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.236 20= 08/11/18 01:23:38 leio Exp $ + +*libxml2-2.7.2-r1 (18 Nov 2008) + + 18 Nov 2008; Mart Raudsepp + +files/libxml2-2.7.2-CVE-2008-422x.patch, +libxml2-2.7.2-r1.ebuild: + Fix for CVE-2008-4225 - possible infinite loop. Fix for CVE-2008-4226 = - + possible integer overflow leading to memory corruption and potential + arbitrary code execution with huge XML files. Bug 245960 =20 13 Nov 2008; Brent Baude libxml2-2.6.32.ebuild: Marking libxml2-2.6.32 ppc64 stable for bug 236971 1.1 dev-libs/libxml2/libxml2-2.7.2-r1.ebuild file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/libxml2/l= ibxml2-2.7.2-r1.ebuild?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/libxml2/l= ibxml2-2.7.2-r1.ebuild?rev=3D1.1&content-type=3Dtext/plain Index: libxml2-2.7.2-r1.ebuild =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.2-r1.ebui= ld,v 1.1 2008/11/18 01:23:38 leio Exp $ inherit libtool flag-o-matic eutils DESCRIPTION=3D"Version 2 of the library to manipulate XML files" HOMEPAGE=3D"http://www.xmlsoft.org/" LICENSE=3D"MIT" SLOT=3D"2" KEYWORDS=3D"~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 = ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" IUSE=3D"bootstrap build debug doc examples ipv6 python readline test" XSTS_HOME=3D"http://www.w3.org/XML/2004/xml-schema-test-suite" XSTS_NAME_1=3D"xmlschema2002-01-16" XSTS_NAME_2=3D"xmlschema2004-01-14" XSTS_TARBALL_1=3D"xsts-2002-01-16.tar.gz" XSTS_TARBALL_2=3D"xsts-2004-01-14.tar.gz" SRC_URI=3D"ftp://xmlsoft.org/${PN}/${P}.tar.gz test? ( ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} )" RDEPEND=3D"sys-libs/zlib python? ( dev-lang/python ) readline? ( sys-libs/readline )" DEPEND=3D"${RDEPEND} hppa? ( >=3Dsys-devel/binutils-2.15.92.0.2 )" src_unpack() { unpack ${P}.tar.gz cd "${S}" # Fix for CVE-2008-4225 and CVE-2008-4226, bug 245960 epatch "${FILESDIR}/${P}-CVE-2008-422x.patch" if use test; then cp "${DISTDIR}/${XSTS_TARBALL_1}" \ "${DISTDIR}/${XSTS_TARBALL_2}" \ "${S}"/xstc/ \ || die "Failed to install test tarballs" fi epunt_cxx } src_compile() { # USE zlib support breaks gnome2 # (libgnomeprint for instance fails to compile with # fresh install, and existing) - (22 Dec 2002). # The meaning of the 'debug' USE flag does not apply to the --with-debug # switch (enabling the libxml2 debug module). See bug #100898. # --with-mem-debug causes unusual segmentation faults (bug #105120). local myconf=3D"--with-zlib \ $(use_with debug run-debug) \ $(use_with python) \ $(use_with readline) \ $(use_with readline history) \ $(use_enable ipv6)" # Please do not remove, as else we get references to PORTAGE_TMPDIR # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. elibtoolize # filter seemingly problematic CFLAGS (#26320) filter-flags -fprefetch-loop-arrays -funroll-loops econf $myconf || die "Configuration failed" # Patching the Makefiles to respect get_libdir # Fixes BUG #86766, please keep this. # Danny van Dyk 2005/03/26 for x in $(find "${S}" -name "Makefile") ; do sed \ -e "s|^\(PYTHON_SITE_PACKAGES\ =3D\ \/usr\/\).*\(\/python.*\)|\1$(get_= libdir)\2|g" \ -i ${x} \ || die "sed failed" done emake || die "Compilation failed" } src_install() { emake DESTDIR=3D"${D}" install || die "Installation failed" dodoc AUTHORS ChangeLog Copyright NEWS README* TODO* if ! use doc; then rm -rf "${D}"/usr/share/gtk-doc rm -rf "${D}"/usr/share/doc/${P}/html fi if ! use examples; then rm -rf "${D}/usr/share/doc/${P}/examples" rm -rf "${D}/usr/share/doc/${PN}-python-${PV}/examples" fi } pkg_postinst() { # We don't want to do the xmlcatalog during stage1, as xmlcatalog will n= ot # be in / and stage1 builds to ROOT=3D/tmp/stage1root. This fixes bug #2= 08887. if [[ "${ROOT}" !=3D "/" ]] then elog "Skipping XML catalog creation for stage building (bug #208887)." else # need an XML catalog, so no-one writes to a non-existent one CATALOG=3D"${ROOT}etc/xml/catalog" # we dont want to clobber an existing catalog though, # only ensure that one is there # if [ ! -e ${CATALOG} ]; then [ -d "${ROOT}etc/xml" ] || mkdir -p "${ROOT}etc/xml" /usr/bin/xmlcatalog --create > ${CATALOG} einfo "Created XML catalog in ${CATALOG}" fi fi }