summaryrefslogtreecommitdiff
path: root/harmony/libxml2
diff options
context:
space:
mode:
Diffstat (limited to 'harmony/libxml2')
-rw-r--r--harmony/libxml2/APKBUILD78
-rw-r--r--harmony/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch12
-rw-r--r--harmony/libxml2/python-segfault-fix.patch36
3 files changed, 126 insertions, 0 deletions
diff --git a/harmony/libxml2/APKBUILD b/harmony/libxml2/APKBUILD
new file mode 100644
index 000000000..a67c2b550
--- /dev/null
+++ b/harmony/libxml2/APKBUILD
@@ -0,0 +1,78 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=libxml2
+pkgver=2.9.7
+pkgrel=1
+pkgdesc="XML parsing library, version 2"
+url="http://www.xmlsoft.org/"
+arch="all"
+license="MIT"
+depends=
+depends_dev="zlib-dev icu-dev"
+checkdepends="perl tar"
+makedepends="$depends_dev python3-dev"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-utils py-libxml2:py"
+options="!check !strip" # Impossible to run on Python 3
+source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ libxml2-2.9.4-remove-pyverify_fd.patch
+ python-segfault-fix.patch
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 2.9.4-r1:
+# - CVE-2016-5131
+# 2.9.4-r2:
+# - CVE-2016-9318
+# 2.9.4-r4:
+# - CVE-2017-5969
+
+prepare() {
+ default_prepare
+ # setup.py is generated
+ rm python/setup.py
+}
+
+build() {
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --with-icu \
+ --with-python=/usr/bin/python3 \
+ --disable-static
+ make
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir" install
+}
+
+dev() {
+ default_dev
+ mv "$pkgdir"/usr/lib/*.sh "$subpkgdir"/usr/lib/
+}
+
+py() {
+ cd "$builddir"
+
+ pkgdesc="$pkgname Python bindings"
+ provides="py3-libxml2=$pkgver-r$pkgrel"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
+}
+
+utils() {
+ pkgdesc="XML utilities"
+ replaces="libxml2"
+ mkdir -p "$subpkgdir"/usr
+ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+sha512sums="da06cb7c5032ef4b7c8e902fabb9d2c74634c42c161be07a7c66a00d53a68029f89b0d4de32a6b9d4ff338c2d1d9c4e53aefb9cf50cb1c2d6c6b06b442ef42d5 libxml2-2.9.7.tar.gz
+271e701daf08f10a8b591c5128f596105901a29ecc9ee72f088afab266eaec7932a4a7d2194baa07c69e1aa93f3e9dc01a4a890456f53416c45d490598be41d9 libxml2-2.9.4-remove-pyverify_fd.patch
+384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch"
diff --git a/harmony/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch b/harmony/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch
new file mode 100644
index 000000000..d05d4cb60
--- /dev/null
+++ b/harmony/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch
@@ -0,0 +1,12 @@
+diff -Nur libxml2-2.9.4.orig/python/types.c libxml2-2.9.4/python/types.c
+--- libxml2-2.9.4.orig/python/types.c 2016-02-09 03:17:33.000000000 -0700
++++ libxml2-2.9.4/python/types.c 2016-12-21 12:34:06.755650986 -0700
+@@ -31,8 +31,6 @@
+ const char *mode;
+
+ fd = PyObject_AsFileDescriptor(f);
+- if (!_PyVerify_fd(fd))
+- return(NULL);
+ /*
+ * Get the flags on the fd to understand how it was opened
+ */
diff --git a/harmony/libxml2/python-segfault-fix.patch b/harmony/libxml2/python-segfault-fix.patch
new file mode 100644
index 000000000..f1f7554eb
--- /dev/null
+++ b/harmony/libxml2/python-segfault-fix.patch
@@ -0,0 +1,36 @@
+Upstream: https://bugzilla.gnome.org/show_bug.cgi?id=791691
+
+From d1ea6250dd00a3b7a92b52a743ec53f7751196e5 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Sat, 16 Dec 2017 19:22:23 -0600
+Subject: [PATCH] Python: if message is NULL, use Py_None instead
+
+If the error message is malformed / invalid UTF-8, and the Python 3
+binding is being used, then message may be NULL. This will cause the
+Python interpreter to crash (Segmentation fault) trying to unpack the
+argument list into local variables.
+
+This uses Py_None for message if message is NULL, so that the
+interpreter does not crash.
+---
+ python/libxml.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/python/libxml.c b/python/libxml.c
+index 5b1ff6e8..dae77b88 100644
+--- a/python/libxml.c
++++ b/python/libxml.c
+@@ -1640,6 +1640,10 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg,
+ PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
+ Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
+ message = libxml_charPtrConstWrap(str);
++ if (message == NULL) {
++ Py_INCREF(Py_None);
++ message = Py_None;
++ }
+ PyTuple_SetItem(list, 1, message);
+ result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
+ Py_XDECREF(list);
+--
+2.14.1
+