diff options
Diffstat (limited to 'system/libxml2')
-rw-r--r-- | system/libxml2/APKBUILD | 77 | ||||
-rw-r--r-- | system/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch | 12 | ||||
-rw-r--r-- | system/libxml2/python-segfault-fix.patch | 36 |
3 files changed, 125 insertions, 0 deletions
diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD new file mode 100644 index 000000000..8f7207c16 --- /dev/null +++ b/system/libxml2/APKBUILD @@ -0,0 +1,77 @@ +# Contributor: Carlo Landmeter <clandmeter@gmail.com> +# Maintainer: Carlo Landmeter <clandmeter@gmail.com> +pkgname=libxml2 +pkgver=2.9.7 +pkgrel=2 +pkgdesc="XML parsing library, version 2" +url="http://www.xmlsoft.org/" +arch="all" +license="MIT" +depends= +depends_dev="zlib-dev icu-dev" +checkdepends="perl tar" +makedepends="$depends_dev python3-dev" +subpackages="$pkgname-doc $pkgname-dev $pkgname-utils py-libxml2:py" +options="!check !strip" # Impossible to run on Python 3 +source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz + libxml2-2.9.4-remove-pyverify_fd.patch + python-segfault-fix.patch + " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 2.9.4-r1: +# - CVE-2016-5131 +# 2.9.4-r2: +# - CVE-2016-9318 +# 2.9.4-r4: +# - CVE-2017-5969 + +prepare() { + default_prepare + # setup.py is generated + rm python/setup.py +} + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --with-icu \ + --with-python=/usr/bin/python3 + make +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir" install +} + +dev() { + default_dev + mv "$pkgdir"/usr/lib/*.sh "$subpkgdir"/usr/lib/ +} + +py() { + cd "$builddir" + + pkgdesc="$pkgname Python bindings" + provides="py3-libxml2=$pkgver-r$pkgrel" + install -d "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/ +} + +utils() { + pkgdesc="XML utilities" + replaces="libxml2" + mkdir -p "$subpkgdir"/usr + mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ +} + +sha512sums="da06cb7c5032ef4b7c8e902fabb9d2c74634c42c161be07a7c66a00d53a68029f89b0d4de32a6b9d4ff338c2d1d9c4e53aefb9cf50cb1c2d6c6b06b442ef42d5 libxml2-2.9.7.tar.gz +271e701daf08f10a8b591c5128f596105901a29ecc9ee72f088afab266eaec7932a4a7d2194baa07c69e1aa93f3e9dc01a4a890456f53416c45d490598be41d9 libxml2-2.9.4-remove-pyverify_fd.patch +384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch" diff --git a/system/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch b/system/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch new file mode 100644 index 000000000..d05d4cb60 --- /dev/null +++ b/system/libxml2/libxml2-2.9.4-remove-pyverify_fd.patch @@ -0,0 +1,12 @@ +diff -Nur libxml2-2.9.4.orig/python/types.c libxml2-2.9.4/python/types.c +--- libxml2-2.9.4.orig/python/types.c 2016-02-09 03:17:33.000000000 -0700 ++++ libxml2-2.9.4/python/types.c 2016-12-21 12:34:06.755650986 -0700 +@@ -31,8 +31,6 @@ + const char *mode; + + fd = PyObject_AsFileDescriptor(f); +- if (!_PyVerify_fd(fd)) +- return(NULL); + /* + * Get the flags on the fd to understand how it was opened + */ diff --git a/system/libxml2/python-segfault-fix.patch b/system/libxml2/python-segfault-fix.patch new file mode 100644 index 000000000..f1f7554eb --- /dev/null +++ b/system/libxml2/python-segfault-fix.patch @@ -0,0 +1,36 @@ +Upstream: https://bugzilla.gnome.org/show_bug.cgi?id=791691 + +From d1ea6250dd00a3b7a92b52a743ec53f7751196e5 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Sat, 16 Dec 2017 19:22:23 -0600 +Subject: [PATCH] Python: if message is NULL, use Py_None instead + +If the error message is malformed / invalid UTF-8, and the Python 3 +binding is being used, then message may be NULL. This will cause the +Python interpreter to crash (Segmentation fault) trying to unpack the +argument list into local variables. + +This uses Py_None for message if message is NULL, so that the +interpreter does not crash. +--- + python/libxml.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/python/libxml.c b/python/libxml.c +index 5b1ff6e8..dae77b88 100644 +--- a/python/libxml.c ++++ b/python/libxml.c +@@ -1640,6 +1640,10 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); + message = libxml_charPtrConstWrap(str); ++ if (message == NULL) { ++ Py_INCREF(Py_None); ++ message = Py_None; ++ } + PyTuple_SetItem(list, 1, message); + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); + Py_XDECREF(list); +-- +2.14.1 + |