commit: 119d10f79db171fa19b5ebee44d38a05b8c57108 Author: Felix Janda <felix.janda <AT> posteo <DOT> de> AuthorDate: Thu Oct 30 21:17:51 2014 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Sat Nov 1 16:15:25 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=119d10f7
dev-libs/libxml2-2.9.1: sync with r4 Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> --- .../libxml2-2.9.1-external-param-entities.patch | 39 +++++++ .../files/libxml2-2.9.1-icu-pkgconfig.patch | 26 +++++ .../files/libxml2-2.9.1-xmllint-postvalid.patch | 32 ++++++ ...-2.9.1-r99.ebuild => libxml2-2.9.1-r999.ebuild} | 116 ++++++++++++--------- 4 files changed, 166 insertions(+), 47 deletions(-) diff --git a/dev-libs/libxml2/files/libxml2-2.9.1-external-param-entities.patch b/dev-libs/libxml2/files/libxml2-2.9.1-external-param-entities.patch new file mode 100644 index 0000000..81f692f --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.1-external-param-entities.patch @@ -0,0 +1,39 @@ +From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <[email protected]> +Date: Tue, 22 Apr 2014 15:30:56 +0800 +Subject: [PATCH] Do not fetch external parameter entities + +Unless explicitely asked for when validating or replacing entities +with their value. Problem pointed out by Daniel Berrange <[email protected]> +--- + parser.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/parser.c b/parser.c +index 9347ac9..c0dea05 100644 +--- a/parser.c ++++ b/parser.c +@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { + xmlCharEncoding enc; + + /* ++ * Note: external parsed entities will not be loaded, it is ++ * not required for a non-validating parser, unless the ++ * option of validating, or substituting entities were ++ * given. Doing so is far more secure as the parser will ++ * only process data coming from the document entity by ++ * default. ++ */ ++ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ++ ((ctxt->options & XML_PARSE_NOENT) == 0) && ++ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && ++ (ctxt->validate == 0)) ++ return; ++ ++ /* + * handle the extra spaces added before and after + * c.f. http://www.w3.org/TR/REC-xml#as-PE + * this is done independently. +-- +1.9.2 + diff --git a/dev-libs/libxml2/files/libxml2-2.9.1-icu-pkgconfig.patch b/dev-libs/libxml2/files/libxml2-2.9.1-icu-pkgconfig.patch new file mode 100644 index 0000000..ab33038 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.1-icu-pkgconfig.patch @@ -0,0 +1,26 @@ +diff --git a/configure.in b/configure.in +index 7374564..13c8d4e 100644 +--- a/configure.in ++++ b/configure.in +@@ -1444,19 +1444,11 @@ XML_LIBTOOLLIBS="libxml2.la" + AC_SUBST(WITH_ICONV) + + WITH_ICU=0 +-ICU_LIBS="" + if test "$with_icu" != "yes" ; then + echo Disabling ICU support + else +- ICU_CONFIG=icu-config +- if ${ICU_CONFIG} --cflags >/dev/null 2>&1 +- then +- ICU_LIBS=`${ICU_CONFIG} --ldflags` +- WITH_ICU=1 +- echo Enabling ICU support +- else +- AC_MSG_ERROR([libicu config program icu-config not found]) +- fi ++ PKG_CHECK_MODULES(ICU, icu-i18n) ++ WITH_ICU=1 + fi + AC_SUBST(WITH_ICU) + AC_SUBST(ICU_LIBS) diff --git a/dev-libs/libxml2/files/libxml2-2.9.1-xmllint-postvalid.patch b/dev-libs/libxml2/files/libxml2-2.9.1-xmllint-postvalid.patch new file mode 100644 index 0000000..7ce2f3b --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.1-xmllint-postvalid.patch @@ -0,0 +1,32 @@ +From 7c3c663e4f844aaecbb0cfc29567fe2ee9506fc4 Mon Sep 17 00:00:00 2001 +From: Alexandre Rostovtsev <[email protected]> +Date: Fri, 16 May 2014 22:46:00 -0400 +Subject: [PATCH] xmllint: a posteriori validation needs to load exernal + entities + +For https://bugzilla.gnome.org/show_bug.cgi?id=730290 +--- + xmllint.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index 9d46ac5..b142b3b 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -3530,7 +3530,12 @@ main(int argc, char **argv) { + xmlLoadExtDtdDefaultValue |= XML_COMPLETE_ATTRS; + if (noent != 0) xmlSubstituteEntitiesDefault(1); + #ifdef LIBXML_VALID_ENABLED +- if (valid != 0) xmlDoValidityCheckingDefaultValue = 1; ++ /* If we will validate only a posteriori, ensure that entities get loaded, ++ * but suppress validation messages during initial parsing */ ++ if (postvalid != 0 && valid == 0) ++ options |= XML_PARSE_DTDVALID | XML_PARSE_NOERROR | XML_PARSE_NOWARNING; ++ else if (valid != 0) ++ xmlDoValidityCheckingDefaultValue = 1; + #endif /* LIBXML_VALID_ENABLED */ + if ((htmlout) && (!nowrap)) { + xmlGenericError(xmlGenericErrorContext, +-- +1.9.3 + diff --git a/dev-libs/libxml2/libxml2-2.9.1-r99.ebuild b/dev-libs/libxml2/libxml2-2.9.1-r999.ebuild similarity index 65% rename from dev-libs/libxml2/libxml2-2.9.1-r99.ebuild rename to dev-libs/libxml2/libxml2-2.9.1-r999.ebuild index 8c72170..e6b597d 100644 --- a/dev-libs/libxml2/libxml2-2.9.1-r99.ebuild +++ b/dev-libs/libxml2/libxml2-2.9.1-r999.ebuild @@ -1,12 +1,12 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.9.1-r1.ebuild,v 1.11 2013/07/21 17:55:22 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.9.1-r4.ebuild,v 1.12 2014/06/24 19:59:48 vapier Exp $ EAPI="5" -PYTHON_COMPAT=( python{2_5,2_6,2_7,3_1,3_2,3_3} ) +PYTHON_COMPAT=( python{2_6,2_7,3_2,3_3,3_4} ) PYTHON_REQ_USE="xml" -inherit libtool flag-o-matic eutils python-r1 autotools prefix +inherit libtool flag-o-matic eutils python-r1 autotools prefix multilib-minimal DESCRIPTION="Version 2 of the library to manipulate XML files" HOMEPAGE="http://www.xmlsoft.org/"; @@ -29,15 +29,21 @@ SRC_URI="ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} http://www.w3.org/XML/Test/${XMLCONF_TARBALL} )" -RDEPEND="sys-libs/zlib:= - icu? ( dev-libs/icu:= ) - lzma? ( app-arch/xz-utils:= ) +COMMON_DEPEND=">=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] + icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:= )" - -DEPEND="${RDEPEND} + readline? ( sys-libs/readline:= ) +" +RDEPEND="${COMMON_DEPEND} + abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r6 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) +" +DEPEND="${COMMON_DEPEND} dev-util/gtk-doc-am - hppa? ( >=sys-devel/binutils-2.15.92.0.2 )" + virtual/pkgconfig + hppa? ( >=sys-devel/binutils-2.15.92.0.2 ) +" S="${WORKDIR}/${PN}-${PV%_rc*}" @@ -57,6 +63,8 @@ src_unpack() { } src_prepare() { + DOCS=( AUTHORS ChangeLog NEWS README* TODO* ) + # Patches needed for prefix support epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch epatch "${FILESDIR}"/${PN}-2.8.0_rc1-winnt.patch @@ -73,19 +81,25 @@ src_prepare() { "${FILESDIR}/${PN}-2.9.1-python3.patch" \ "${FILESDIR}/${PN}-2.9.1-python3a.patch" + # Security fixes from 2.9.2 + epatch "${FILESDIR}/${P}-external-param-entities.patch" + + # https://bugzilla.gnome.org/show_bug.cgi?id=730290 + epatch "${FILESDIR}/${PN}-2.9.1-xmllint-postvalid.patch" + # Please do not remove, as else we get references to PORTAGE_TMPDIR # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. # We now need to run eautoreconf at the end to prevent maintainer mode. # elibtoolize - # Python bindings are built/tested/installed manually. - epatch "${FILESDIR}/${PN}-2.9.0-manual-python.patch" + # Use pkgconfig to find icu to properly support multilib + epatch "${FILESDIR}/${PN}-2.9.1-icu-pkgconfig.patch" epatch "${FILESDIR}/${PN}-2.9.0-remove-redundant-pthread-defs.patch" eautoreconf } -src_configure() { +multilib_src_configure() { # filter seemingly problematic CFLAGS (#26320) filter-flags -fprefetch-loop-arrays -funroll-loops @@ -97,36 +111,57 @@ src_configure() { # switch (enabling the libxml2 debug module). See bug #100898. # --with-mem-debug causes unusual segmentation faults (bug #105120). - econf \ - -with-html-subdir=${PF}/html \ - --docdir="${EPREFIX}/usr/share/doc/${PF}" \ - $(use_with debug run-debug) \ - $(use_with icu) \ - $(use_with lzma) \ - $(use_with python) \ - $(use_with readline) \ - $(use_with readline history) \ - $(use_enable ipv6) \ - $(use_enable static-libs static) + + libxml2_configure() { + ECONF_SOURCE="${S}" econf \ + --with-html-subdir=${PF}/html \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + $(use_with debug run-debug) \ + $(use_with icu) \ + $(use_with lzma) \ + $(use_enable ipv6) \ + $(use_enable static-libs static) \ + $(multilib_native_use_with readline) \ + $(multilib_native_use_with readline history) \ + "$@" + } + + libxml2_py_configure() { + mkdir -p "${BUILD_DIR}" || die # ensure python build dirs exist + run_in_build_dir libxml2_configure "--with-python=${PYTHON}" # odd build system + } + + libxml2_configure --without-python # build python bindings separately + + if multilib_is_native_abi && use python; then + python_parallel_foreach_impl libxml2_py_configure + fi } -src_compile() { +multilib_src_compile() { default - if use python; then - python_copy_sources - python_foreach_impl libxml2_py_emake + if multilib_is_native_abi && use python; then + local native_builddir=${BUILD_DIR} + python_foreach_impl libxml2_py_emake top_builddir="${native_builddir}" all fi } -src_test() { +multilib_src_test() { default - use python && python_foreach_impl libxml2_py_emake test + multilib_is_native_abi && use python && python_foreach_impl libxml2_py_emake test } -src_install() { +multilib_src_install() { emake DESTDIR="${D}" \ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples install + if multilib_is_native_abi && use python; then + python_foreach_impl libxml2_py_emake DESTDIR="${D}" install + python_foreach_impl python_optimize + fi +} + +multilib_src_install_all() { # on windows, xmllint is installed by interix libxml2 in parent prefix. # this is the version to use. the native winnt version does not support # symlinks, which makes repoman fail if the portage tree is linked in @@ -136,16 +171,8 @@ src_install() { rm -rf "${ED}"/usr/bin/xmlcatalog fi - if use python; then - python_foreach_impl libxml2_py_emake DESTDIR="${D}" \ - docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \ - exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \ - install - python_foreach_impl python_optimize - fi - rm -rf "${ED}"/usr/share/doc/${P} - dodoc AUTHORS ChangeLog Copyright NEWS README* TODO* + einstalldocs if ! use python; then rm -rf "${ED}"/usr/share/doc/${PF}/python @@ -182,11 +209,6 @@ pkg_postinst() { libxml2_py_emake() { pushd "${BUILD_DIR}/python" > /dev/null || die - emake \ - PYTHON="${PYTHON}" \ - PYTHON_INCLUDES="${EPREFIX}/usr/include/${EPYTHON}" \ - PYTHON_LIBS="$(python-config --ldflags)" \ - PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \ - pythondir="$(python_get_sitedir)" "$@" + emake "$@" popd > /dev/null }
