summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Pipping <sping@gentoo.org>2016-07-26 21:23:09 +0200
committerSebastian Pipping <sping@gentoo.org>2016-07-26 21:23:32 +0200
commit16a87b549461e49ac8b7915d892d4d8ca187c1b1 (patch)
tree90d604b90e0b21bfbc2570e69a5f307d59d5f29e
parentMerge remote-tracking branch 'github/pr/1633', bug 527306 by Ettore Di Giacinto (diff)
downloadgentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.tar.gz
gentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.tar.bz2
gentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.zip
dev-libs/expat: CVE-2016-0718 regression fix
Package-Manager: portage-2.2.28
-rw-r--r--dev-libs/expat/expat-2.1.1-r3.ebuild98
-rw-r--r--dev-libs/expat/expat-2.2.0-r1.ebuild (renamed from dev-libs/expat/expat-2.2.0.ebuild)4
-rw-r--r--dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch27
3 files changed, 129 insertions, 0 deletions
diff --git a/dev-libs/expat/expat-2.1.1-r3.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild
new file mode 100644
index 000000000000..cd97f7ac6b4e
--- /dev/null
+++ b/dev-libs/expat/expat-2.1.1-r3.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils libtool multilib toolchain-funcs multilib-minimal
+
+DESCRIPTION="Stream-oriented XML parser library"
+HOMEPAGE="http://expat.sourceforge.net/"
+SRC_URI="mirror://sourceforge/expat/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="elibc_FreeBSD examples static-libs unicode"
+RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+src_prepare() {
+ # https://bugs.gentoo.org/show_bug.cgi?id=583268
+ epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch
+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch
+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch
+
+ # https://bugs.gentoo.org/show_bug.cgi?id=577928
+ epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch
+}
+
+multilib_src_configure() {
+ local myconf="$(use_enable static-libs static)"
+
+ mkdir -p "${BUILD_DIR}"{u,w} || die
+
+ ECONF_SOURCE="${S}" econf ${myconf}
+
+ if use unicode; then
+ pushd "${BUILD_DIR}"u >/dev/null
+ CPPFLAGS="${CPPFLAGS} -DXML_UNICODE" ECONF_SOURCE="${S}" econf ${myconf}
+ popd >/dev/null
+
+ pushd "${BUILD_DIR}"w >/dev/null
+ CPPFLAGS="${CPPFLAGS} -DXML_UNICODE_WCHAR_T" ECONF_SOURCE="${S}" econf ${myconf}
+ popd >/dev/null
+ fi
+}
+
+multilib_src_compile() {
+ emake
+
+ if use unicode; then
+ pushd "${BUILD_DIR}"u >/dev/null
+ emake buildlib LIBRARY=libexpatu.la
+ popd >/dev/null
+
+ pushd "${BUILD_DIR}"w >/dev/null
+ emake buildlib LIBRARY=libexpatw.la
+ popd >/dev/null
+ fi
+}
+
+multilib_src_install() {
+ emake install DESTDIR="${D}"
+
+ if use unicode; then
+ pushd "${BUILD_DIR}"u >/dev/null
+ emake installlib DESTDIR="${D}" LIBRARY=libexpatu.la
+ popd >/dev/null
+
+ pushd "${BUILD_DIR}"w >/dev/null
+ emake installlib DESTDIR="${D}" LIBRARY=libexpatw.la
+ popd >/dev/null
+
+ pushd "${ED}"/usr/$(get_libdir)/pkgconfig >/dev/null
+ cp expat.pc expatu.pc
+ sed -i -e '/^Libs/s:-lexpat:&u:' expatu.pc || die
+ cp expat.pc expatw.pc
+ sed -i -e '/^Libs/s:-lexpat:&w:' expatw.pc || die
+ popd >/dev/null
+ fi
+
+ if multilib_is_native_abi ; then
+ # libgeom in /lib and ifconfig in /sbin require libexpat on FreeBSD since
+ # we stripped the libbsdxml copy starting from freebsd-lib-8.2-r1
+ use elibc_FreeBSD && gen_usr_ldscript -a expat
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc Changes README
+ dohtml doc/*
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*.c
+ fi
+
+ prune_libtool_files
+}
diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild
index e373b864f58f..55efcb468741 100644
--- a/dev-libs/expat/expat-2.2.0.ebuild
+++ b/dev-libs/expat/expat-2.2.0-r1.ebuild
@@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode"
RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch
+}
+
multilib_src_configure() {
local myconf="$(use_enable static-libs static)"
diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch
new file mode 100644
index 000000000000..03ea42def99b
--- /dev/null
+++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch
@@ -0,0 +1,27 @@
+From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 17 Jul 2016 20:22:29 +0200
+Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug
+ #539)
+
+Tag names were cut off in some cases; reported by Andy Wang
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 13e080d..2630310 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser,
+ &fromPtr, rawNameEnd,
+ (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
+ convLen = (int)(toPtr - (XML_Char *)tag->buf);
+- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
+ tag->name.strLen = convLen;
+ break;
+ }
+--
+2.9.2
+