diff options
author | Sebastian Pipping <sping@gentoo.org> | 2016-07-26 21:23:09 +0200 |
---|---|---|
committer | Sebastian Pipping <sping@gentoo.org> | 2016-07-26 21:23:32 +0200 |
commit | 16a87b549461e49ac8b7915d892d4d8ca187c1b1 (patch) | |
tree | 90d604b90e0b21bfbc2570e69a5f307d59d5f29e | |
parent | Merge remote-tracking branch 'github/pr/1633', bug 527306 by Ettore Di Giacinto (diff) | |
download | gentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.tar.gz gentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.tar.bz2 gentoo-16a87b549461e49ac8b7915d892d4d8ca187c1b1.zip |
dev-libs/expat: CVE-2016-0718 regression fix
Package-Manager: portage-2.2.28
-rw-r--r-- | dev-libs/expat/expat-2.1.1-r3.ebuild | 98 | ||||
-rw-r--r-- | dev-libs/expat/expat-2.2.0-r1.ebuild (renamed from dev-libs/expat/expat-2.2.0.ebuild) | 4 | ||||
-rw-r--r-- | dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch | 27 |
3 files changed, 129 insertions, 0 deletions
diff --git a/dev-libs/expat/expat-2.1.1-r3.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild new file mode 100644 index 000000000000..cd97f7ac6b4e --- /dev/null +++ b/dev-libs/expat/expat-2.1.1-r3.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils libtool multilib toolchain-funcs multilib-minimal + +DESCRIPTION="Stream-oriented XML parser library" +HOMEPAGE="http://expat.sourceforge.net/" +SRC_URI="mirror://sourceforge/expat/${P}.tar.bz2" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="elibc_FreeBSD examples static-libs unicode" +RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" + +src_prepare() { + # https://bugs.gentoo.org/show_bug.cgi?id=583268 + epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch + epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch + epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch + + # https://bugs.gentoo.org/show_bug.cgi?id=577928 + epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch +} + +multilib_src_configure() { + local myconf="$(use_enable static-libs static)" + + mkdir -p "${BUILD_DIR}"{u,w} || die + + ECONF_SOURCE="${S}" econf ${myconf} + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + CPPFLAGS="${CPPFLAGS} -DXML_UNICODE" ECONF_SOURCE="${S}" econf ${myconf} + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + CPPFLAGS="${CPPFLAGS} -DXML_UNICODE_WCHAR_T" ECONF_SOURCE="${S}" econf ${myconf} + popd >/dev/null + fi +} + +multilib_src_compile() { + emake + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + emake buildlib LIBRARY=libexpatu.la + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + emake buildlib LIBRARY=libexpatw.la + popd >/dev/null + fi +} + +multilib_src_install() { + emake install DESTDIR="${D}" + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + emake installlib DESTDIR="${D}" LIBRARY=libexpatu.la + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + emake installlib DESTDIR="${D}" LIBRARY=libexpatw.la + popd >/dev/null + + pushd "${ED}"/usr/$(get_libdir)/pkgconfig >/dev/null + cp expat.pc expatu.pc + sed -i -e '/^Libs/s:-lexpat:&u:' expatu.pc || die + cp expat.pc expatw.pc + sed -i -e '/^Libs/s:-lexpat:&w:' expatw.pc || die + popd >/dev/null + fi + + if multilib_is_native_abi ; then + # libgeom in /lib and ifconfig in /sbin require libexpat on FreeBSD since + # we stripped the libbsdxml copy starting from freebsd-lib-8.2-r1 + use elibc_FreeBSD && gen_usr_ldscript -a expat + fi +} + +multilib_src_install_all() { + dodoc Changes README + dohtml doc/* + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/*.c + fi + + prune_libtool_files +} diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild index e373b864f58f..55efcb468741 100644 --- a/dev-libs/expat/expat-2.2.0.ebuild +++ b/dev-libs/expat/expat-2.2.0-r1.ebuild @@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode" RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch +} + multilib_src_configure() { local myconf="$(use_enable static-libs static)" diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch new file mode 100644 index 000000000000..03ea42def99b --- /dev/null +++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch @@ -0,0 +1,27 @@ +From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Sun, 17 Jul 2016 20:22:29 +0200 +Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug + #539) + +Tag names were cut off in some cases; reported by Andy Wang +--- + expat/lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 13e080d..2630310 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, + &fromPtr, rawNameEnd, + (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); + convLen = (int)(toPtr - (XML_Char *)tag->buf); +- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { ++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { + tag->name.strLen = convLen; + break; + } +-- +2.9.2 + |