Revision: 6487
http://ipcop.svn.sourceforge.net/ipcop/?rev=6487&view=rev
Author: gespinasse
Date: 2012-03-17 09:23:20 +0000 (Sat, 17 Mar 2012)
Log Message:
-----------
Fix more CVE.
I try using debian package, but that broke all tests. So I used Gentoo patches
from the repository.
Maybe I should have copied them into our tree.
PATCH8 change configure.in and that trigger some auto... running with ugly AC_
warning.
By luck the patch just add AC_CHECK_FUNCS(rand srand time), that's doable to
add those function check in configure.
Silent the configure 'cannot remove' errors using ac_cv_path_RM='rm -f'
Remove usr/lib/libxml2.so from include list
Modified Paths:
--------------
ipcop/trunk/config/rootfiles/common/libxml2
ipcop/trunk/lfs/libxml2
ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
ipcop/trunk/updates/2.1.0/information.xml
ipcop/trunk/updates/2.1.0/setup
Modified: ipcop/trunk/config/rootfiles/common/libxml2
===================================================================
--- ipcop/trunk/config/rootfiles/common/libxml2 2012-03-16 20:56:24 UTC (rev
6486)
+++ ipcop/trunk/config/rootfiles/common/libxml2 2012-03-17 09:23:20 UTC (rev
6487)
@@ -51,7 +51,7 @@
#usr/include/libxml2/libxml/xpathInternals.h
#usr/include/libxml2/libxml/xpointer.h
#usr/lib/libxml2.la
-usr/lib/libxml2.so
+#usr/lib/libxml2.so
usr/lib/libxml2.so.2
usr/lib/libxml2.so.2.7.8
#usr/lib/pkgconfig/libxml-2.0.pc
Modified: ipcop/trunk/lfs/libxml2
===================================================================
--- ipcop/trunk/lfs/libxml2 2012-03-16 20:56:24 UTC (rev 6486)
+++ ipcop/trunk/lfs/libxml2 2012-03-17 09:23:20 UTC (rev 6487)
@@ -43,22 +43,60 @@
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
+GENTOO-PATCHES :=
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libxml2/files
+
XMLTEST = xmlts20080827.tar.gz
-PATCH1 = $(THISAPP)-fixes-1.patch
+# Gentoo 2.7.8-r5 borrowed (Debian package does not allow us to run tests)
+# Patches needed for prefix support
+# skipped 2.7.1-catalog_path.patch
+# skipped 2.7.2-winnt.patch
+# Reactivate the shared library versionning script
+# skipped reactivate-script.patch
+# Fix a potential memory access error
+PATCH1 := $(THISAPP)-xpath-memory.patch
+# Fix a potential freeing error in XPath
+PATCH2 := $(THISAPP)-xpath-freeing.patch
+PATCH3 := $(THISAPP)-xpath-freeing2.patch
+# Fix some potential problems on reallocation failures
+PATCH4 :=$(THISAPP)-reallocation-failures.patch
+# IPCop don't build python part
+# skipped disable_static_modules.patch
+# Hardening of XPath evaluation
+PATCH5 := $(THISAPP)-hardening-xpath.patch
+# Fix missing error status in XPath evaluation
+PATCH6 := $(THISAPP)-error-xpath.patch
+# Heap-based overflow in parsing long entity references
+PATCH7 := $(THISAPP)-allocation-error-copying-entities.patch
+# Make hash functions less predictable to prevent DoS
+PATCH8 := $(THISAPP)-hash-randomization.patch
###############################################################################
# Top-level Rules
###############################################################################
-objects = $(DL_FILE) $(XMLTEST) $(PATCH1)
+objects = $(DL_FILE) $(XMLTEST) $(PATCH1) $(PATCH2) $(PATCH3) $(PATCH4)
$(PATCH5) $(PATCH6) $(PATCH7) $(PATCH8)
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(XMLTEST) = http://www.w3.org/XML/Test/$(XMLTEST)
-$(PATCH1) = $(URL_LFS)/$(PKG_NAME)/$(PATCH1)
+$(DL_FILE) := $(DL_FROM)/$(DL_FILE)
+$(XMLTEST) := http://www.w3.org/XML/Test/$(XMLTEST)
+$(PATCH1) := $(GENTOO-PATCHES)/$(PATCH1)
+$(PATCH2) := $(GENTOO-PATCHES)/$(PATCH2)
+$(PATCH3) := $(GENTOO-PATCHES)/$(PATCH3)
+$(PATCH4) := $(GENTOO-PATCHES)/$(PATCH4)
+$(PATCH5) := $(GENTOO-PATCHES)/$(PATCH5)
+$(PATCH6) := $(GENTOO-PATCHES)/$(PATCH6)
+$(PATCH7) := $(GENTOO-PATCHES)/$(PATCH7)
+$(PATCH8) := $(GENTOO-PATCHES)/$(PATCH8)
-$(DL_FILE)_MD5 = 8127a65e8c3b08856093099b52599c86
-$(XMLTEST)_MD5 = ae3d1ebe000a3972afa104ca7f0e1b4a
-$(PATCH1)_MD5 = 39c526c0a5d467383dd4100299d39a65
+$(DL_FILE)_MD5 := 8127a65e8c3b08856093099b52599c86
+$(XMLTEST)_MD5 := ae3d1ebe000a3972afa104ca7f0e1b4a
+$(PATCH1)_MD5 := bec456883fa9c91b0e7d2ad91283eeb1
+$(PATCH2)_MD5 := 8e3374d282fc12c7e40a3c5fb4b62978
+$(PATCH3)_MD5 := d1eff47d3bc99b38a09744345eaf3434
+$(PATCH4)_MD5 := a5bc99ca6c1e25fc72fc58764f0dffa5
+$(PATCH5)_MD5 := 9027cbb76b112629cb5fa84ffcfc44bd
+$(PATCH6)_MD5 := 8bf2bd2422b9aab015fb7a8ca993eef3
+$(PATCH7)_MD5 := de02f584b928d3e25babc5c90aa800be
+$(PATCH8)_MD5 := 1f94463d974058c8f7bca8bf4f9fc608
install : $(TARGET)
@@ -88,14 +126,30 @@
$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_DL)/$(PATCH1)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH1)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH2)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH3)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH4)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH5)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH6)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH7)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_DL)/$(PATCH8)
+ @cd $(DIR_APP) && rm -f *.orig
+
+ # PATCH8 change configure.in. To avoid running autoreconf ( that
trigger many warnings),
+ # this is doable here to change configure only
+ # To find files where tweaking timestamp is required, run configure &&
make -d /usr/src/libxml2-2.2.8/config.h.in 2>/dev/null | grep 'Must remake'
+ cd $(DIR_APP) && touch --reference=Makefile.in configure.in aclocal.m4
config.h.in
+ cd $(DIR_APP) && sed -i 's/stat _stat signal/stat _stat signal rand
srand time/' configure
+
# --docdir does nothing on 2.7.8
# --with-minimum is broken on 2.7.8, not on 2.7.7 but hard to know what
to test
# maybe we could reduce more the lib, who know?
# Removing version from --with-html-subdir limit the noise on upgrade
# --without-python is for when we rebuild libxml2 after a full build
- cd $(DIR_APP) && ./configure --prefix=/usr \
+ # ac_cv_path_RM='rm -f' prevent "cannot remove" messages, explanation
at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523750
+ cd $(DIR_APP) && ac_cv_path_RM='rm -f' ./configure --prefix=/usr \
--disable-static \
--with-html-subdir=$(PKG_NAME)/html \
--without-debug \
Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2012-03-16 20:56:24 UTC
(rev 6486)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2012-03-17 09:23:20 UTC
(rev 6487)
@@ -124,6 +124,10 @@
/usr/lib/libltdl.so.7
/usr/lib/libltdl.so.7.3.0
##
+## libxml2-2.7.8 patched
+/usr/lib/libxml2.so.2
+/usr/lib/libxml2.so.2.7.8
+##
## linux-3.0-1 (3.0.24)
/boot/vmlinuz
/boot/vmlinuz-3.0-1
Modified: ipcop/trunk/updates/2.1.0/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.0/information.xml 2012-03-16 20:56:24 UTC (rev
6486)
+++ ipcop/trunk/updates/2.1.0/information.xml 2012-03-17 09:23:20 UTC (rev
6487)
@@ -3,7 +3,7 @@
<version>2.1.0</version>
<releasedate>2012-04-dd</releasedate>
<size>0</size>
- <description>gettext patch<br />
+ <description>libxml2 and gettext patch<br />
Add URL filter.<br />
Language updates.<br />
Upgrade arping to 2.11, bash to 4.2.24, dhcpcd to 5.5.4, e2fsprogs
to 1.42.1, ethtool to 3.2,
Modified: ipcop/trunk/updates/2.1.0/setup
===================================================================
--- ipcop/trunk/updates/2.1.0/setup 2012-03-16 20:56:24 UTC (rev 6486)
+++ ipcop/trunk/updates/2.1.0/setup 2012-03-17 09:23:20 UTC (rev 6487)
@@ -112,6 +112,9 @@
/bin/rm -f /usr/lib/libpixman-1.so.0
/bin/rm -f /usr/lib/libpixman-1.so.0.22.2
+# Remove devel lib that should not be needed
+/bin/rm -f /usr/lib/libxml2.so
+
# For new shared libs. May not always be required, but makes sure we do not
forget
/sbin/ldconfig
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
