summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/libxml2/APKBUILD32
-rw-r--r--system/libxml2/CVE-2019-20388.patch33
-rw-r--r--system/libxml2/CVE-2020-7595.patch32
-rw-r--r--system/libxslt/APKBUILD16
4 files changed, 27 insertions, 86 deletions
diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD
index 73b6eb2a0..9c294b6e7 100644
--- a/system/libxml2/APKBUILD
+++ b/system/libxml2/APKBUILD
@@ -1,23 +1,23 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libxml2
-pkgver=2.9.10
-pkgrel=1
+pkgver=2.9.13_pre1
+pkgdate=20220112
+pkgrel=0
pkgdesc="XML parsing library"
url="http://www.xmlsoft.org/"
arch="all"
-options="!check !strip" # Impossible to run on Python 3
+options="!strip" # Impossible to run on Python 3
license="MIT"
depends=""
depends_dev="zlib-dev icu-dev"
-checkdepends="perl tar"
-makedepends="$depends_dev python3-dev"
+checkdepends="perl libarchive"
+makedepends="$depends_dev python3-dev autoconf automake libtool"
subpackages="$pkgname-doc $pkgname-dev py-libxml2:py"
provides="$pkgname-utils=$pkgver-r$pkgrel"
-source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+#source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver-$pkgdate.tar.gz
python-segfault-fix.patch
- CVE-2019-20388.patch
- CVE-2020-7595.patch
"
# secfixes:
@@ -31,14 +31,14 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
# - CVE-2019-20388
# - CVE-2020-7595
+builddir="$srcdir/$pkgname-$pkgver-$pkgdate"
+
prepare() {
default_prepare
- # setup.py is generated
- rm python/setup.py
}
build() {
- ./configure \
+ ./autogen.sh \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
@@ -50,6 +50,10 @@ build() {
make
}
+check() {
+ make -ik check # FIXME: #465
+}
+
package() {
make -j1 DESTDIR="$pkgdir" install
}
@@ -66,7 +70,5 @@ py() {
mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
}
-sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz
-384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch
-48ea30bd8035f3b60825ce24185fbec1e7423e683f64626405fd96daaaa14011e7f7c180a7a87d7ff8f73983b0e221974cbce619d04b932c1db2110a13be014e CVE-2019-20388.patch
-90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 CVE-2020-7595.patch"
+sha512sums="fed9e35478f169411700e5216ebf9735afbde5bcc2a6f9ad81959d11907d28d9ed4281613af31ef410aeef6acbd6e62dd168268f75454a9942261a86db3933ff libxml2-2.9.13_pre1-20220112.tar.gz
+384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch"
diff --git a/system/libxml2/CVE-2019-20388.patch b/system/libxml2/CVE-2019-20388.patch
deleted file mode 100644
index 49ff6fbe0..000000000
--- a/system/libxml2/CVE-2019-20388.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- a/xmlschemas.c
-+++ b/xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
- vctxt->nberrors = 0;
- vctxt->depth = -1;
- vctxt->skipDepth = -1;
-- vctxt->xsiAssemble = 0;
- vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
- vctxt->createIDCNodeTables = 1;
---
-2.24.1
-
diff --git a/system/libxml2/CVE-2020-7595.patch b/system/libxml2/CVE-2020-7595.patch
deleted file mode 100644
index 3dd677497..000000000
--- a/system/libxml2/CVE-2020-7595.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1@huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- else
- c = 0;
- while ((c != 0) && (c != end) && /* non input consuming loop */
-- (c != end2) && (c != end3)) {
-+ (c != end2) && (c != end3) &&
-+ (ctxt->instate != XML_PARSER_EOF)) {
-
- if (c == 0) break;
- if ((c == '&') && (str[1] == '#')) {
---
-2.24.1
-
diff --git a/system/libxslt/APKBUILD b/system/libxslt/APKBUILD
index 752f2a8a5..37e85a523 100644
--- a/system/libxslt/APKBUILD
+++ b/system/libxslt/APKBUILD
@@ -1,16 +1,18 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libxslt
-pkgver=1.1.34
+pkgver=1.1.35_pre1
+pkgdate=20220112
pkgrel=0
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/"
arch="all"
license="SGI-B-2.0"
depends=""
-makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python3-dev"
+makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python3-dev autoconf automake libtool"
subpackages="$pkgname-doc $pkgname-dev"
-source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz"
+#source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver-$pkgdate.tar.gz"
# secfixes:
# 1.1.29-r1:
@@ -21,8 +23,10 @@ source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz"
# - CVE-2019-13117
# - CVE-2019-13118
+builddir="$pkgname-$pkgver-$pkgdate"
+
build() {
- ./configure \
+ ./autogen.sh \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr
@@ -34,7 +38,7 @@ check() {
}
package() {
- make DESTDIR="$pkgdir" install
+ make -C "$srcdir/$builddir" DESTDIR="$pkgdir" install
}
-sha512sums="1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b libxslt-1.1.34.tar.gz"
+sha512sums="f34a7a36596b48a2ee0d169bace750a5f5ca5ee1413606a5f23855875d35275bf60269ccb5e92d315639faf3fdf9600964b4c85a3bbbe02ccdc91dcb834e7508 libxslt-1.1.35_pre1-20220112.tar.gz"