system/{libxml2,libxslt}: bump to Adélie-vendored versions temporarily. fixes #359, #463, #464.

3 files changed, 17 insertions, 80 deletions

diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD
index 73b6eb2a0..9c294b6e7 100644
--- a/system/libxml2/APKBUILD
+++ b/system/libxml2/APKBUILD
@@ -1,23 +1,23 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=libxml2
-pkgver=2.9.10
-pkgrel=1
+pkgver=2.9.13_pre1
+pkgdate=20220112
+pkgrel=0
 pkgdesc="XML parsing library"
 url="http://www.xmlsoft.org/"
 arch="all"
-options="!check !strip"  # Impossible to run on Python 3
+options="!strip"  # Impossible to run on Python 3
 license="MIT"
 depends=""
 depends_dev="zlib-dev icu-dev"
-checkdepends="perl tar"
-makedepends="$depends_dev python3-dev"
+checkdepends="perl libarchive"
+makedepends="$depends_dev python3-dev autoconf automake libtool"
 subpackages="$pkgname-doc $pkgname-dev py-libxml2:py"
 provides="$pkgname-utils=$pkgver-r$pkgrel"
-source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+#source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver-$pkgdate.tar.gz
 	python-segfault-fix.patch
-	CVE-2019-20388.patch
-	CVE-2020-7595.patch
 	"
 
 # secfixes:
@@ -31,14 +31,14 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
 #     - CVE-2019-20388
 #     - CVE-2020-7595
 
+builddir="$srcdir/$pkgname-$pkgver-$pkgdate"
+
 prepare() {
 	default_prepare
-	# setup.py is generated
-	rm python/setup.py
 }
 
 build() {
-	./configure \
+	./autogen.sh \
 		--build=$CBUILD \
 		--host=$CHOST \
 		--prefix=/usr \
@@ -50,6 +50,10 @@ build() {
 	make
 }
 
+check() {
+	make -ik check # FIXME: #465
+}
+
 package() {
 	make -j1 DESTDIR="$pkgdir" install
 }
@@ -66,7 +70,5 @@ py() {
 	mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed  libxml2-2.9.10.tar.gz
-384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c  python-segfault-fix.patch
-48ea30bd8035f3b60825ce24185fbec1e7423e683f64626405fd96daaaa14011e7f7c180a7a87d7ff8f73983b0e221974cbce619d04b932c1db2110a13be014e  CVE-2019-20388.patch
-90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9  CVE-2020-7595.patch"
+sha512sums="fed9e35478f169411700e5216ebf9735afbde5bcc2a6f9ad81959d11907d28d9ed4281613af31ef410aeef6acbd6e62dd168268f75454a9942261a86db3933ff  libxml2-2.9.13_pre1-20220112.tar.gz
+384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c  python-segfault-fix.patch"
diff --git a/system/libxml2/CVE-2019-20388.patch b/system/libxml2/CVE-2019-20388.patch
deleted file mode 100644
index 49ff6fbe0..000000000
--- a/system/libxml2/CVE-2019-20388.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- a/xmlschemas.c
-+++ b/xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
-     vctxt->nberrors = 0;
-     vctxt->depth = -1;
-     vctxt->skipDepth = -1;
--    vctxt->xsiAssemble = 0;
-     vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
-     vctxt->createIDCNodeTables = 1;
--- 
-2.24.1
-
diff --git a/system/libxml2/CVE-2020-7595.patch b/system/libxml2/CVE-2020-7595.patch
deleted file mode 100644
index 3dd677497..000000000
--- a/system/libxml2/CVE-2020-7595.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
-     else
-         c = 0;
-     while ((c != 0) && (c != end) && /* non input consuming loop */
--	   (c != end2) && (c != end3)) {
-+           (c != end2) && (c != end3) &&
-+           (ctxt->instate != XML_PARSER_EOF)) {
- 
- 	if (c == 0) break;
-         if ((c == '&') && (str[1] == '#')) {
--- 
-2.24.1
-