diff options
Diffstat (limited to 'system/libxml2')
-rw-r--r-- | system/libxml2/APKBUILD | 32 | ||||
-rw-r--r-- | system/libxml2/CVE-2019-20388.patch | 33 | ||||
-rw-r--r-- | system/libxml2/CVE-2020-7595.patch | 32 |
3 files changed, 17 insertions, 80 deletions
diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD index 73b6eb2a0..9c294b6e7 100644 --- a/system/libxml2/APKBUILD +++ b/system/libxml2/APKBUILD @@ -1,23 +1,23 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libxml2 -pkgver=2.9.10 -pkgrel=1 +pkgver=2.9.13_pre1 +pkgdate=20220112 +pkgrel=0 pkgdesc="XML parsing library" url="http://www.xmlsoft.org/" arch="all" -options="!check !strip" # Impossible to run on Python 3 +options="!strip" # Impossible to run on Python 3 license="MIT" depends="" depends_dev="zlib-dev icu-dev" -checkdepends="perl tar" -makedepends="$depends_dev python3-dev" +checkdepends="perl libarchive" +makedepends="$depends_dev python3-dev autoconf automake libtool" subpackages="$pkgname-doc $pkgname-dev py-libxml2:py" provides="$pkgname-utils=$pkgver-r$pkgrel" -source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz +#source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz" +source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver-$pkgdate.tar.gz python-segfault-fix.patch - CVE-2019-20388.patch - CVE-2020-7595.patch " # secfixes: @@ -31,14 +31,14 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz # - CVE-2019-20388 # - CVE-2020-7595 +builddir="$srcdir/$pkgname-$pkgver-$pkgdate" + prepare() { default_prepare - # setup.py is generated - rm python/setup.py } build() { - ./configure \ + ./autogen.sh \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ @@ -50,6 +50,10 @@ build() { make } +check() { + make -ik check # FIXME: #465 +} + package() { make -j1 DESTDIR="$pkgdir" install } @@ -66,7 +70,5 @@ py() { mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/ } -sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz -384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch -48ea30bd8035f3b60825ce24185fbec1e7423e683f64626405fd96daaaa14011e7f7c180a7a87d7ff8f73983b0e221974cbce619d04b932c1db2110a13be014e CVE-2019-20388.patch -90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 CVE-2020-7595.patch" +sha512sums="fed9e35478f169411700e5216ebf9735afbde5bcc2a6f9ad81959d11907d28d9ed4281613af31ef410aeef6acbd6e62dd168268f75454a9942261a86db3933ff libxml2-2.9.13_pre1-20220112.tar.gz +384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch" diff --git a/system/libxml2/CVE-2019-20388.patch b/system/libxml2/CVE-2019-20388.patch deleted file mode 100644 index 49ff6fbe0..000000000 --- a/system/libxml2/CVE-2019-20388.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 -From: Zhipeng Xie <xiezhipeng1@huawei.com> -Date: Tue, 20 Aug 2019 16:33:06 +0800 -Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream - -When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun -alloc a new schema for ctxt->schema and set vctxt->xsiAssemble -to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize -vctxt->xsiAssemble to 0 again which cause the alloced schema -can not be freed anymore. - -Found with libFuzzer. - -Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> ---- - xmlschemas.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/xmlschemas.c b/xmlschemas.c -index 301c8449..39d92182 100644 ---- a/xmlschemas.c -+++ b/xmlschemas.c -@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { - vctxt->nberrors = 0; - vctxt->depth = -1; - vctxt->skipDepth = -1; -- vctxt->xsiAssemble = 0; - vctxt->hasKeyrefs = 0; - #ifdef ENABLE_IDC_NODE_TABLES_TEST - vctxt->createIDCNodeTables = 1; --- -2.24.1 - diff --git a/system/libxml2/CVE-2020-7595.patch b/system/libxml2/CVE-2020-7595.patch deleted file mode 100644 index 3dd677497..000000000 --- a/system/libxml2/CVE-2020-7595.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 -From: Zhipeng Xie <xiezhipeng1@huawei.com> -Date: Thu, 12 Dec 2019 17:30:55 +0800 -Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities - -When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef -return NULL which cause a infinite loop in xmlStringLenDecodeEntities - -Found with libFuzzer. - -Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> ---- - parser.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index d1c31963..a34bb6cd 100644 ---- a/parser.c -+++ b/parser.c -@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - else - c = 0; - while ((c != 0) && (c != end) && /* non input consuming loop */ -- (c != end2) && (c != end3)) { -+ (c != end2) && (c != end3) && -+ (ctxt->instate != XML_PARSER_EOF)) { - - if (c == 0) break; - if ((c == '&') && (str[1] == '#')) { --- -2.24.1 - |