diff options
| -rw-r--r-- | dev-libs/libxml2/ChangeLog | 10 | ||||
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.7.8-hash-randomization.patch | 297 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.7.8-r1.ebuild | 219 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.7.8-r2.ebuild | 225 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.7.8-r5.ebuild (renamed from dev-libs/libxml2/libxml2-2.7.8-r3.ebuild) | 12 |
5 files changed, 315 insertions, 448 deletions
diff --git a/dev-libs/libxml2/ChangeLog b/dev-libs/libxml2/ChangeLog index 7e664c8f537e..31b799cad69d 100644 --- a/dev-libs/libxml2/ChangeLog +++ b/dev-libs/libxml2/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for dev-libs/libxml2 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.328 2012/02/20 09:08:18 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.329 2012/02/23 01:00:54 tetromino Exp $ + +*libxml2-2.7.8-r5 (23 Feb 2012) + + 23 Feb 2012; Alexandre Rostovtsev <tetromino@gentoo.org> + -libxml2-2.7.8-r1.ebuild, -libxml2-2.7.8-r2.ebuild, -libxml2-2.7.8-r3.ebuild, + +libxml2-2.7.8-r5.ebuild, +files/libxml2-2.7.8-hash-randomization.patch: + Add hashing randomization to prevent DoS vulnerability (CVE-2012-0841, bug + #405261, thanks to Michael Harrison for reporting). Drop old. 20 Feb 2012; Patrick Lauer <patrick@gentoo.org> libxml2-2.7.8-r1.ebuild, libxml2-2.7.8-r2.ebuild, libxml2-2.7.8-r3.ebuild, libxml2-2.7.8-r4.ebuild: diff --git a/dev-libs/libxml2/files/libxml2-2.7.8-hash-randomization.patch b/dev-libs/libxml2/files/libxml2-2.7.8-hash-randomization.patch new file mode 100644 index 000000000000..47db59d07604 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.7.8-hash-randomization.patch @@ -0,0 +1,297 @@ +From 8973d58b7498fa5100a876815476b81fd1a2412a Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Sat, 4 Feb 2012 19:07:44 +0800 +Subject: [PATCH] Add hash randomization to hash and dict structures + +Following http://www.ocert.org/advisories/ocert-2011-003.html +it seems that having hash randomization might be a good idea +when using XML with untrusted data +* configure.in: lookup for rand, srand and time +* dict.c: add randomization to dictionaries hash tables +* hash.c: add randomization to normal hash tables +--- + configure.in | 1 + + dict.c | 81 ++++++++++++++++++++++++++++++++++++++++----------------- + hash.c | 38 ++++++++++++++++++++++++++- + 3 files changed, 95 insertions(+), 25 deletions(-) + +diff --git a/configure.in b/configure.in +index fa80375..828b66a 100644 +--- a/configure.in ++++ b/configure.in +@@ -512,6 +512,7 @@ AC_CHECK_FUNCS(strdup strndup strerror) + AC_CHECK_FUNCS(finite isnand fp_class class fpclass) + AC_CHECK_FUNCS(strftime localtime gettimeofday ftime) + AC_CHECK_FUNCS(stat _stat signal) ++AC_CHECK_FUNCS(rand srand time) + + dnl Checking the standard string functions availability + AC_CHECK_FUNCS(printf sprintf fprintf snprintf vfprintf vsprintf vsnprintf sscanf,, +diff --git a/dict.c b/dict.c +index 3eff231..ae4966b 100644 +--- a/dict.c ++++ b/dict.c +@@ -2,7 +2,7 @@ + * dict.c: dictionary of reusable strings, just used to avoid allocation + * and freeing operations. + * +- * Copyright (C) 2003 Daniel Veillard. ++ * Copyright (C) 2003-2012 Daniel Veillard. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -19,6 +19,28 @@ + #define IN_LIBXML + #include "libxml.h" + ++#ifdef HAVE_STDLIB_H ++#include <stdlib.h> ++#endif ++#ifdef HAVE_TIME_H ++#include <time.h> ++#endif ++ ++/* ++ * Following http://www.ocert.org/advisories/ocert-2011-003.html ++ * it seems that having hash randomization might be a good idea ++ * when using XML with untrusted data ++ * Note1: that it works correctly only if compiled with WITH_BIG_KEY ++ * which is the default. ++ * Note2: the fast function used for a small dict won't protect very ++ * well but since the attack is based on growing a very big hash ++ * list we will use the BigKey algo as soon as the hash size grows ++ * over MIN_DICT_SIZE so this actually works ++ */ ++#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME) ++#define DICT_RANDOMIZATION ++#endif ++ + #include <string.h> + #ifdef HAVE_STDINT_H + #include <stdint.h> +@@ -44,23 +66,23 @@ typedef unsigned __int32 uint32_t; + #define WITH_BIG_KEY + + #ifdef WITH_BIG_KEY +-#define xmlDictComputeKey(dict, name, len) \ +- (((dict)->size == MIN_DICT_SIZE) ? \ +- xmlDictComputeFastKey(name, len) : \ +- xmlDictComputeBigKey(name, len)) +- +-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \ +- (((prefix) == NULL) ? \ +- (xmlDictComputeKey(dict, name, len)) : \ +- (((dict)->size == MIN_DICT_SIZE) ? \ +- xmlDictComputeFastQKey(prefix, plen, name, len) : \ +- xmlDictComputeBigQKey(prefix, plen, name, len))) ++#define xmlDictComputeKey(dict, name, len) \ ++ (((dict)->size == MIN_DICT_SIZE) ? \ ++ xmlDictComputeFastKey(name, len, (dict)->seed) : \ ++ xmlDictComputeBigKey(name, len, (dict)->seed)) ++ ++#define xmlDictComputeQKey(dict, prefix, plen, name, len) \ ++ (((prefix) == NULL) ? \ ++ (xmlDictComputeKey(dict, name, len)) : \ ++ (((dict)->size == MIN_DICT_SIZE) ? \ ++ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed) : \ ++ xmlDictComputeBigQKey(prefix, plen, name, len, (dict)->seed))) + + #else /* !WITH_BIG_KEY */ +-#define xmlDictComputeKey(dict, name, len) \ +- xmlDictComputeFastKey(name, len) +-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \ +- xmlDictComputeFastQKey(prefix, plen, name, len) ++#define xmlDictComputeKey(dict, name, len) \ ++ xmlDictComputeFastKey(name, len, (dict)->seed) ++#define xmlDictComputeQKey(dict, prefix, plen, name, len) \ ++ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed) + #endif /* WITH_BIG_KEY */ + + /* +@@ -98,6 +120,8 @@ struct _xmlDict { + xmlDictStringsPtr strings; + + struct _xmlDict *subdict; ++ /* used for randomization */ ++ int seed; + }; + + /* +@@ -125,6 +149,9 @@ static int xmlInitializeDict(void) { + if ((xmlDictMutex = xmlNewRMutex()) == NULL) + return(0); + ++#ifdef DICT_RANDOMIZATION ++ srand(time(NULL)); ++#endif + xmlDictInitialized = 1; + return(1); + } +@@ -277,13 +304,13 @@ found_pool: + */ + + static uint32_t +-xmlDictComputeBigKey(const xmlChar* data, int namelen) { ++xmlDictComputeBigKey(const xmlChar* data, int namelen, int seed) { + uint32_t hash; + int i; + + if (namelen <= 0 || data == NULL) return(0); + +- hash = 0; ++ hash = seed; + + for (i = 0;i < namelen; i++) { + hash += data[i]; +@@ -310,12 +337,12 @@ xmlDictComputeBigKey(const xmlChar* data, int namelen) { + */ + static unsigned long + xmlDictComputeBigQKey(const xmlChar *prefix, int plen, +- const xmlChar *name, int len) ++ const xmlChar *name, int len, int seed) + { + uint32_t hash; + int i; + +- hash = 0; ++ hash = seed; + + for (i = 0;i < plen; i++) { + hash += prefix[i]; +@@ -346,8 +373,8 @@ xmlDictComputeBigQKey(const xmlChar *prefix, int plen, + * for low hash table fill. + */ + static unsigned long +-xmlDictComputeFastKey(const xmlChar *name, int namelen) { +- unsigned long value = 0L; ++xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { ++ unsigned long value = seed; + + if (name == NULL) return(0); + value = *name; +@@ -381,9 +408,9 @@ xmlDictComputeFastKey(const xmlChar *name, int namelen) { + */ + static unsigned long + xmlDictComputeFastQKey(const xmlChar *prefix, int plen, +- const xmlChar *name, int len) ++ const xmlChar *name, int len, int seed) + { +- unsigned long value = 0L; ++ unsigned long value = (unsigned long) seed; + + if (plen == 0) + value += 30 * (unsigned long) ':'; +@@ -460,6 +487,11 @@ xmlDictCreate(void) { + dict->subdict = NULL; + if (dict->dict) { + memset(dict->dict, 0, MIN_DICT_SIZE * sizeof(xmlDictEntry)); ++#ifdef DICT_RANDOMIZATION ++ dict->seed = rand(); ++#else ++ dict->seed = 0; ++#endif + return(dict); + } + xmlFree(dict); +@@ -486,6 +518,7 @@ xmlDictCreateSub(xmlDictPtr sub) { + #ifdef DICT_DEBUG_PATTERNS + fprintf(stderr, "R"); + #endif ++ dict->seed = sub->seed; + dict->subdict = sub; + xmlDictReference(dict->subdict); + } +diff --git a/hash.c b/hash.c +index b78bc2d..fe1424f 100644 +--- a/hash.c ++++ b/hash.c +@@ -3,7 +3,7 @@ + * + * Reference: Your favorite introductory book on algorithms + * +- * Copyright (C) 2000 Bjorn Reese and Daniel Veillard. ++ * Copyright (C) 2000,2012 Bjorn Reese and Daniel Veillard. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -21,6 +21,22 @@ + #include "libxml.h" + + #include <string.h> ++#ifdef HAVE_STDLIB_H ++#include <stdlib.h> ++#endif ++#ifdef HAVE_TIME_H ++#include <time.h> ++#endif ++ ++/* ++ * Following http://www.ocert.org/advisories/ocert-2011-003.html ++ * it seems that having hash randomization might be a good idea ++ * when using XML with untrusted data ++ */ ++#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME) ++#define HASH_RANDOMIZATION ++#endif ++ + #include <libxml/parser.h> + #include <libxml/hash.h> + #include <libxml/xmlmemory.h> +@@ -31,6 +47,10 @@ + + /* #define DEBUG_GROW */ + ++#ifdef HASH_RANDOMIZATION ++static int hash_initialized = 0; ++#endif ++ + /* + * A single entry in the hash table + */ +@@ -53,6 +73,9 @@ struct _xmlHashTable { + int size; + int nbElems; + xmlDictPtr dict; ++#ifdef HASH_RANDOMIZATION ++ int random_seed; ++#endif + }; + + /* +@@ -65,6 +88,9 @@ xmlHashComputeKey(xmlHashTablePtr table, const xmlChar *name, + unsigned long value = 0L; + char ch; + ++#ifdef HASH_RANDOMIZATION ++ value = table->random_seed; ++#endif + if (name != NULL) { + value += 30 * (*name); + while ((ch = *name++) != 0) { +@@ -92,6 +118,9 @@ xmlHashComputeQKey(xmlHashTablePtr table, + unsigned long value = 0L; + char ch; + ++#ifdef HASH_RANDOMIZATION ++ value = table->random_seed; ++#endif + if (prefix != NULL) + value += 30 * (*prefix); + else +@@ -156,6 +185,13 @@ xmlHashCreate(int size) { + table->table = xmlMalloc(size * sizeof(xmlHashEntry)); + if (table->table) { + memset(table->table, 0, size * sizeof(xmlHashEntry)); ++#ifdef HASH_RANDOMIZATION ++ if (!hash_initialized) { ++ srand(time(NULL)); ++ hash_initialized = 1; ++ } ++ table->random_seed = rand(); ++#endif + return(table); + } + xmlFree(table); +-- +1.7.8.4 + diff --git a/dev-libs/libxml2/libxml2-2.7.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.7.8-r1.ebuild deleted file mode 100644 index 8285d9b34e9b..000000000000 --- a/dev-libs/libxml2/libxml2-2.7.8-r1.ebuild +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.8-r1.ebuild,v 1.8 2012/02/20 09:08:18 patrick Exp $ - -EAPI="3" -PYTHON_DEPEND="python? 2" -PYTHON_USE_WITH="-build xml" -PYTHON_USE_WITH_OPT="python" -SUPPORT_PYTHON_ABIS="1" -RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*" - -inherit libtool flag-o-matic eutils python autotools prefix - -DESCRIPTION="Version 2 of the library to manipulate XML files" -HOMEPAGE="http://www.xmlsoft.org/" - -LICENSE="MIT" -SLOT="2" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="debug doc examples icu ipv6 python readline test" - -XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" -XSTS_NAME_1="xmlschema2002-01-16" -XSTS_NAME_2="xmlschema2004-01-14" -XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" -XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" - -SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz - test? ( - ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} - ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} )" - -RDEPEND="sys-libs/zlib - icu? ( dev-libs/icu ) - readline? ( sys-libs/readline )" - -DEPEND="${RDEPEND} - hppa? ( >=sys-devel/binutils-2.15.92.0.2 )" - -pkg_setup() { - if use python; then - python_pkg_setup - fi -} - -src_unpack() { - # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR, - # as they are needed as tarballs in ${S}/xstc instead and not unpacked - unpack ${P}.tar.gz - cd "${S}" - - if use test; then - cp "${DISTDIR}/${XSTS_TARBALL_1}" \ - "${DISTDIR}/${XSTS_TARBALL_2}" \ - "${S}"/xstc/ \ - || die "Failed to install test tarballs" - fi -} - -src_prepare() { - # Patches needed for prefix support - epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch - epatch "${FILESDIR}"/${PN}-2.7.2-winnt.patch - - eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c - - epunt_cxx - - # Reactivate the shared library versionning script - epatch "${FILESDIR}/${P}-reactivate-script.patch" - - # Fix a potential memory access error - epatch "${FILESDIR}/${P}-xpath-memory.patch" - - # Fix a potential freeing error in XPath - epatch "${FILESDIR}/${P}-xpath-freeing.patch" - epatch "${FILESDIR}/${P}-xpath-freeing2.patch" - - # Fix some potential problems on reallocation failures - epatch "${FILESDIR}/${P}-reallocation-failures.patch" - - epatch "${FILESDIR}/${P}-disable_static_modules.patch" - - # Please do not remove, as else we get references to PORTAGE_TMPDIR - # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. - # We now need to run eautoreconf at the end to prevent maintainer mode. -# elibtoolize - - # Python bindings are built/tested/installed manually. - sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed" - - eautoreconf -} - -src_configure() { - # USE zlib support breaks gnome2 - # (libgnomeprint for instance fails to compile with - # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002). - - # The meaning of the 'debug' USE flag does not apply to the --with-debug - # switch (enabling the libxml2 debug module). See bug #100898. - - # --with-mem-debug causes unusual segmentation faults (bug #105120). - - local myconf="--with-html-subdir=${PF}/html - --docdir=${EPREFIX}/usr/share/doc/${PF} - $(use_with debug run-debug) - $(use_with icu) - $(use_with python) - $(use_with readline) - $(use_with readline history) - $(use_enable ipv6)" - - # filter seemingly problematic CFLAGS (#26320) - filter-flags -fprefetch-loop-arrays -funroll-loops - - econf ${myconf} -} - -src_compile() { - default - - if use python; then - python_copy_sources python - building() { - emake PYTHON_INCLUDES="${EPREFIX}$(python_get_includedir)" \ - PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" - } - python_execute_function -s --source-dir python building - fi -} - -src_test() { - default - - if use python; then - testing() { - emake test - } - python_execute_function -s --source-dir python testing - fi -} - -src_install() { - emake DESTDIR="${D}" \ - EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples \ - install || die "Installation failed" - - # on windows, xmllint is installed by interix libxml2 in parent prefix. - # this is the version to use. the native winnt version does not support - # symlinks, which makes repoman fail if the portage tree is linked in - # from another location (which is my default). -- mduft - if [[ ${CHOST} == *-winnt* ]]; then - rm -rf "${ED}"/usr/bin/xmllint - rm -rf "${ED}"/usr/bin/xmlcatalog - fi - - if use python; then - installation() { - emake DESTDIR="${D}" \ - PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" \ - docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \ - exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \ - install - } - python_execute_function -s --source-dir python installation - - python_clean_installation_image - fi - - rm -rf "${ED}"/usr/share/doc/${P} - dodoc AUTHORS ChangeLog Copyright NEWS README* TODO* || die "dodoc failed" - - if ! use python; then - rm -rf "${ED}"/usr/share/doc/${PF}/python - rm -rf "${ED}"/usr/share/doc/${PN}-python-${PV} - fi - - if ! use doc; then - rm -rf "${ED}"/usr/share/gtk-doc - rm -rf "${ED}"/usr/share/doc/${PF}/html - fi - - if ! use examples; then - rm -rf "${ED}/usr/share/doc/${PF}/examples" - rm -rf "${ED}/usr/share/doc/${PF}/python/examples" - fi -} - -pkg_postinst() { - if use python; then - python_mod_optimize drv_libxml2.py libxml2.py - fi - - # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not - # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. - if [ "${ROOT}" != "/" ] - then - elog "Skipping XML catalog creation for stage building (bug #208887)." - else - # need an XML catalog, so no-one writes to a non-existent one - CATALOG="${EROOT}etc/xml/catalog" - - # we dont want to clobber an existing catalog though, - # only ensure that one is there - # <obz@gentoo.org> - if [ ! -e ${CATALOG} ]; then - [ -d "${EROOT}etc/xml" ] || mkdir -p "${EROOT}etc/xml" - "${EPREFIX}"/usr/bin/xmlcatalog --create > ${CATALOG} - einfo "Created XML catalog in ${CATALOG}" - fi - fi -} - -pkg_postrm() { - if use python; then - python_mod_cleanup drv_libxml2.py libxml2.py - fi -} diff --git a/dev-libs/libxml2/libxml2-2.7.8-r2.ebuild b/dev-libs/libxml2/libxml2-2.7.8-r2.ebuild deleted file mode 100644 index 757fb206e459..000000000000 --- a/dev-libs/libxml2/libxml2-2.7.8-r2.ebuild +++ /dev/null @@ -1,225 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.8-r2.ebuild,v 1.4 2012/02/20 09:08:18 patrick Exp $ - -EAPI="3" -PYTHON_DEPEND="python? 2" -PYTHON_USE_WITH="-build xml" -PYTHON_USE_WITH_OPT="python" -SUPPORT_PYTHON_ABIS="1" -RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*" - -inherit libtool flag-o-matic eutils python autotools prefix - -DESCRIPTION="Version 2 of the library to manipulate XML files" -HOMEPAGE="http://www.xmlsoft.org/" - -LICENSE="MIT" -SLOT="2" -KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="debug doc examples icu ipv6 python readline static-libs test" - -XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" -XSTS_NAME_1="xmlschema2002-01-16" -XSTS_NAME_2="xmlschema2004-01-14" -XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" -XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" - -SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz - test? ( - ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} - ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} )" - -RDEPEND="sys-libs/zlib - icu? ( dev-libs/icu ) - readline? ( sys-libs/readline )" - -DEPEND="${RDEPEND} - hppa? ( >=sys-devel/binutils-2.15.92.0.2 )" - -pkg_setup() { - if use python; then - python_pkg_setup - fi -} - -src_unpack() { - # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR, - # as they are needed as tarballs in ${S}/xstc instead and not unpacked - unpack ${P}.tar.gz - cd "${S}" - - if use test; then - cp "${DISTDIR}/${XSTS_TARBALL_1}" \ - "${DISTDIR}/${XSTS_TARBALL_2}" \ - "${S}"/xstc/ \ - || die "Failed to install test tarballs" - fi -} - -src_prepare() { - # Patches needed for prefix support - epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch - epatch "${FILESDIR}"/${PN}-2.7.2-winnt.patch - - eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c - - epunt_cxx - - # Reactivate the shared library versionning script - epatch "${FILESDIR}/${P}-reactivate-script.patch" - - # Fix a potential memory access error - epatch "${FILESDIR}/${P}-xpath-memory.patch" - - # Fix a potential freeing error in XPath - epatch "${FILESDIR}/${P}-xpath-freeing.patch" - epatch "${FILESDIR}/${P}-xpath-freeing2.patch" - - # Fix some potential problems on reallocation failures - epatch "${FILESDIR}/${P}-reallocation-failures.patch" - - epatch "${FILESDIR}/${P}-disable_static_modules.patch" - - # Please do not remove, as else we get references to PORTAGE_TMPDIR - # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. - # We now need to run eautoreconf at the end to prevent maintainer mode. -# elibtoolize - - # Python bindings are built/tested/installed manually. - sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed" - - eautoreconf -} - -src_configure() { - # USE zlib support breaks gnome2 - # (libgnomeprint for instance fails to compile with - # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002). - - # The meaning of the 'debug' USE flag does not apply to the --with-debug - # switch (enabling the libxml2 debug module). See bug #100898. - - # --with-mem-debug causes unusual segmentation faults (bug #105120). - - local myconf="--with-html-subdir=${PF}/html - --docdir=${EPREFIX}/usr/share/doc/${PF} - $(use_with debug run-debug) - $(use_with icu) - $(use_with python) - $(use_with readline) - $(use_with readline history) - $(use_enable ipv6) - $(use_enable static-libs static)" - - # filter seemingly problematic CFLAGS (#26320) - filter-flags -fprefetch-loop-arrays -funroll-loops - - econf ${myconf} -} - -src_compile() { - default - - if use python; then - python_copy_sources python - building() { - emake PYTHON_INCLUDES="${EPREFIX}$(python_get_includedir)" \ - PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" - } - python_execute_function -s --source-dir python building - fi -} - -src_test() { - default - - if use python; then - testing() { - emake test - } - python_execute_function -s --source-dir python testing - fi -} - -src_install() { - emake DESTDIR="${D}" \ - EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples \ - install || die "Installation failed" - - # on windows, xmllint is installed by interix libxml2 in parent prefix. - # this is the version to use. the native winnt version does not support - # symlinks, which makes repoman fail if the portage tree is linked in - # from another location (which is my default). -- mduft - if [[ ${CHOST} == *-winnt* ]]; then - rm -rf "${ED}"/usr/bin/xmllint - rm -rf "${ED}"/usr/bin/xmlcatalog - fi - - if use python; then - installation() { - emake DESTDIR="${D}" \ - PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" \ - docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \ - exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \ - install - } - python_execute_function -s --source-dir python installation - - python_clean_installation_image - fi - - rm -rf "${ED}"/usr/share/doc/${P} - dodoc AUTHORS ChangeLog Copyright NEWS README* TODO* || die "dodoc failed" - - if ! use python; then - rm -rf "${ED}"/usr/share/doc/${PF}/python - rm -rf "${ED}"/usr/share/doc/${PN}-python-${PV} - fi - - if ! use doc; then - rm -rf "${ED}"/usr/share/gtk-doc - rm -rf "${ED}"/usr/share/doc/${PF}/html - fi - - if ! use examples; then - rm -rf "${ED}/usr/share/doc/${PF}/examples" - rm -rf "${ED}/usr/share/doc/${PF}/python/examples" - fi - - if ! use static-libs; then - # Remove useless .la files - find "${D}" -name '*.la' -exec rm -f {} + || die "la file removal failed" - fi -} - -pkg_postinst() { - if use python; then - python_mod_optimize drv_libxml2.py libxml2.py - fi - - # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not - # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. - if [ "${ROOT}" != "/" ] - then - elog "Skipping XML catalog creation for stage building (bug #208887)." - else - # need an XML catalog, so no-one writes to a non-existent one - CATALOG="${EROOT}etc/xml/catalog" - - # we dont want to clobber an existing catalog though, - # only ensure that one is there - # <obz@gentoo.org> - if [ ! -e ${CATALOG} ]; then - [ -d "${EROOT}etc/xml" ] || mkdir -p "${EROOT}etc/xml" - "${EPREFIX}"/usr/bin/xmlcatalog --create > ${CATALOG} - einfo "Created XML catalog in ${CATALOG}" - fi - fi -} - -pkg_postrm() { - if use python; then - python_mod_cleanup drv_libxml2.py libxml2.py - fi -} diff --git a/dev-libs/libxml2/libxml2-2.7.8-r3.ebuild b/dev-libs/libxml2/libxml2-2.7.8-r5.ebuild index 48beebe9af99..5528dba634db 100644 --- a/dev-libs/libxml2/libxml2-2.7.8-r3.ebuild +++ b/dev-libs/libxml2/libxml2-2.7.8-r5.ebuild @@ -1,10 +1,10 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.8-r3.ebuild,v 1.8 2012/02/20 09:08:18 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.8-r5.ebuild,v 1.1 2012/02/23 01:00:54 tetromino Exp $ EAPI="3" PYTHON_DEPEND="python? 2" -PYTHON_USE_WITH="-build xml" +PYTHON_USE_WITH="xml" PYTHON_USE_WITH_OPT="python" SUPPORT_PYTHON_ABIS="1" RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*" @@ -16,7 +16,7 @@ HOMEPAGE="http://www.xmlsoft.org/" LICENSE="MIT" SLOT="2" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" IUSE="debug doc examples icu ipv6 python readline static-libs test" XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" @@ -87,6 +87,12 @@ src_prepare() { # Fix missing error status in XPath evaluation epatch "${FILESDIR}/${P}-error-xpath.patch" + # Heap-based overflow in parsing long entity references + epatch "${FILESDIR}/${P}-allocation-error-copying-entities.patch" + + # Make hash functions less predictable to prevent DoS + epatch "${FILESDIR}/${P}-hash-randomization.patch" + # Please do not remove, as else we get references to PORTAGE_TMPDIR # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. # We now need to run eautoreconf at the end to prevent maintainer mode. |