summaryrefslogtreecommitdiff
path: root/system/libxml2
diff options
context:
space:
mode:
Diffstat (limited to 'system/libxml2')
-rw-r--r--system/libxml2/APKBUILD32
-rw-r--r--system/libxml2/CVE-2019-20388.patch33
-rw-r--r--system/libxml2/CVE-2020-7595.patch32
3 files changed, 17 insertions, 80 deletions
diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD
index 73b6eb2a0..9c294b6e7 100644
--- a/system/libxml2/APKBUILD
+++ b/system/libxml2/APKBUILD
@@ -1,23 +1,23 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libxml2
-pkgver=2.9.10
-pkgrel=1
+pkgver=2.9.13_pre1
+pkgdate=20220112
+pkgrel=0
pkgdesc="XML parsing library"
url="http://www.xmlsoft.org/"
arch="all"
-options="!check !strip" # Impossible to run on Python 3
+options="!strip" # Impossible to run on Python 3
license="MIT"
depends=""
depends_dev="zlib-dev icu-dev"
-checkdepends="perl tar"
-makedepends="$depends_dev python3-dev"
+checkdepends="perl libarchive"
+makedepends="$depends_dev python3-dev autoconf automake libtool"
subpackages="$pkgname-doc $pkgname-dev py-libxml2:py"
provides="$pkgname-utils=$pkgver-r$pkgrel"
-source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+#source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver-$pkgdate.tar.gz
python-segfault-fix.patch
- CVE-2019-20388.patch
- CVE-2020-7595.patch
"
# secfixes:
@@ -31,14 +31,14 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
# - CVE-2019-20388
# - CVE-2020-7595
+builddir="$srcdir/$pkgname-$pkgver-$pkgdate"
+
prepare() {
default_prepare
- # setup.py is generated
- rm python/setup.py
}
build() {
- ./configure \
+ ./autogen.sh \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
@@ -50,6 +50,10 @@ build() {
make
}
+check() {
+ make -ik check # FIXME: #465
+}
+
package() {
make -j1 DESTDIR="$pkgdir" install
}
@@ -66,7 +70,5 @@ py() {
mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
}
-sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz
-384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch
-48ea30bd8035f3b60825ce24185fbec1e7423e683f64626405fd96daaaa14011e7f7c180a7a87d7ff8f73983b0e221974cbce619d04b932c1db2110a13be014e CVE-2019-20388.patch
-90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 CVE-2020-7595.patch"
+sha512sums="fed9e35478f169411700e5216ebf9735afbde5bcc2a6f9ad81959d11907d28d9ed4281613af31ef410aeef6acbd6e62dd168268f75454a9942261a86db3933ff libxml2-2.9.13_pre1-20220112.tar.gz
+384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch"
diff --git a/system/libxml2/CVE-2019-20388.patch b/system/libxml2/CVE-2019-20388.patch
deleted file mode 100644
index 49ff6fbe0..000000000
--- a/system/libxml2/CVE-2019-20388.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- a/xmlschemas.c
-+++ b/xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
- vctxt->nberrors = 0;
- vctxt->depth = -1;
- vctxt->skipDepth = -1;
-- vctxt->xsiAssemble = 0;
- vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
- vctxt->createIDCNodeTables = 1;
---
-2.24.1
-
diff --git a/system/libxml2/CVE-2020-7595.patch b/system/libxml2/CVE-2020-7595.patch
deleted file mode 100644
index 3dd677497..000000000
--- a/system/libxml2/CVE-2020-7595.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- else
- c = 0;
- while ((c != 0) && (c != end) && /* non input consuming loop */
-- (c != end2) && (c != end3)) {
-+ (c != end2) && (c != end3) &&
-+ (ctxt->instate != XML_PARSER_EOF)) {
-
- if (c == 0) break;
- if ((c == '&') && (str[1] == '#')) {
---
-2.24.1
-