diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-12-10 01:12:17 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-12-10 02:58:55 +0100 |
commit | 48a597699d66820c0bd3755087ede52100d5becc (patch) | |
tree | 0a68ef0f5214d3469e96283aed283b1095c0f39c /testing | |
parent | 4f2f8fa3a5c832eb964c3e46084a072ecc592aa4 (diff) | |
download | current-48a597699d66820c0bd3755087ede52100d5becc.tar.gz current-48a597699d66820c0bd3755087ede52100d5becc.tar.xz |
Sun Dec 10 01:12:17 UTC 202320231210011217
l/libxml2-2.12.2-x86_64-2.txz: Rebuilt.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
Diffstat (limited to 'testing')
-rw-r--r-- | testing/source/libxml2/libxml2-2.12.0-python3-unicode-errors.patch | 34 | ||||
-rwxr-xr-x | testing/source/libxml2/libxml2.SlackBuild | 163 | ||||
-rw-r--r-- | testing/source/libxml2/libxml2.url | 3 | ||||
-rw-r--r-- | testing/source/libxml2/slack-desc | 19 |
4 files changed, 0 insertions, 219 deletions
diff --git a/testing/source/libxml2/libxml2-2.12.0-python3-unicode-errors.patch b/testing/source/libxml2/libxml2-2.12.0-python3-unicode-errors.patch deleted file mode 100644 index b07e4049f..000000000 --- a/testing/source/libxml2/libxml2-2.12.0-python3-unicode-errors.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/python/libxml.c b/python/libxml.c -index bf048006..5f42e5b7 100644 ---- a/python/libxml.c -+++ b/python/libxml.c -@@ -1505,6 +1505,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, - PyObject *message; - PyObject *result; - char str[1000]; -+ unsigned char *ptr = (unsigned char *)str; - - if (libxml_xmlPythonErrorFuncHandler == NULL) { - va_start(ap, msg); -@@ -1516,12 +1517,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, - str[999] = 0; - va_end(ap); - -+#if PY_MAJOR_VERSION >= 3 -+ /* Ensure the error string doesn't start at UTF8 continuation. */ -+ while (*ptr && (*ptr & 0xc0) == 0x80) -+ ptr++; -+#endif -+ - list = PyTuple_New(2); - PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); - Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); -- message = libxml_charPtrConstWrap(str); -+ message = libxml_charPtrConstWrap(ptr); - PyTuple_SetItem(list, 1, message); - result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); -+ /* Forget any errors caused in the error handler. */ -+ PyErr_Clear(); - Py_XDECREF(list); - Py_XDECREF(result); - } diff --git a/testing/source/libxml2/libxml2.SlackBuild b/testing/source/libxml2/libxml2.SlackBuild deleted file mode 100755 index a102c23f6..000000000 --- a/testing/source/libxml2/libxml2.SlackBuild +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash - -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2022, 2023 Patrick J. Volkerding, Sebeka, MN, USA -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -cd $(dirname $0) ; CWD=$(pwd) - -PKGNAM=libxml2 -VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} - -# Automatically determine the architecture we're building on: -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) export ARCH=i586 ;; - arm*) export ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) export ARCH=$( uname -m ) ;; - esac -fi - -# If the variable PRINT_PACKAGE_NAME is set, then this script will report what -# the name of the created package would be, and then exit. This information -# could be useful to other scripts. -if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then - echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" - exit 0 -fi - -NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} - -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -PYTHONLIB=$( python2 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) -PYTHON3LIB=$( python3 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) - -TMP=${TMP:-/tmp} -PKG=$TMP/package-libxml2 -rm -rf $PKG -mkdir -p $TMP $PKG - -cd $TMP -rm -rf libxml2-$VERSION -tar xvf $CWD/libxml2-$VERSION.tar.?z || exit 1 -cd libxml2-$VERSION || exit 1 -chown -R root:root . -find . \ - \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \+ -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \+ - -if [ ! -r configure ]; then - if [ -x ./autogen.sh ]; then - NOCONFIGURE=1 ./autogen.sh - else - autoreconf -vif - fi -fi - -# Build for python2, for now... - -PYTHON=/usr/bin/python2 \ -CFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --mandir=/usr/man \ - --docdir=/usr/doc/$PKGNAM-$VERSION \ - --disable-static \ - --with-python \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 - -python2 -m compileall "${PKG}$PYTHONLIB" -python2 -O -m compileall "${PKG}$PYTHONLIB" - -make clean - -# Next build for python3... - -## Fixes for python-3.9.x: -#sed -i '/if Py/{s/Py/(Py/;s/)/))/}' python/{types.c,libxml.c} -#sed -i '/_PyVerify_fd/,+1d' python/types.c -#sed -i 's/test.test/#&/' python/tests/tstLastError.py - -# Patch from openSUSE. -# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 -cat $CWD/libxml2-2.12.0-python3-unicode-errors.patch | patch -p1 --verbose || exit 1 - -PYTHON=/usr/bin/python3 \ -CFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --mandir=/usr/man \ - --docdir=/usr/doc/$PKGNAM-$VERSION \ - --disable-static \ - --with-python \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 - -python3 -m compileall "${PKG}$PYTHON3LIB" -python3 -O -m compileall "${PKG}$PYTHON3LIB" - -# Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la - -find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null - -mv $PKG/usr/share/doc/libxml2-python-$VERSION $PKG/usr/doc/libxml2-$VERSION -rmdir $PKG/usr/share/doc -cp -a \ - AUTHORS* COPYING* Copyright* INSTALL* NEWS* README* TODO* \ - $PKG/usr/doc/libxml2-$VERSION -find $PKG/usr/doc/libxml2-$VERSION -type f | xargs chmod 644 - -# Compress manual pages: -find $PKG/usr/man -type f -exec gzip -9 {} \+ -for i in $( find $PKG/usr/man -type l ) ; do - ln -s $( readlink $i ).gz $i.gz - rm $i -done - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -cd $PKG -/sbin/makepkg -l y -c n $TMP/libxml2-$VERSION-$ARCH-$BUILD.txz diff --git a/testing/source/libxml2/libxml2.url b/testing/source/libxml2/libxml2.url deleted file mode 100644 index 47808cb85..000000000 --- a/testing/source/libxml2/libxml2.url +++ /dev/null @@ -1,3 +0,0 @@ -#ftp://ftp.xmlsoft.org/libxml2 -#https://gitlab.gnome.org/GNOME/libxml2 -https://download.gnome.org/sources/libxml2 diff --git a/testing/source/libxml2/slack-desc b/testing/source/libxml2/slack-desc deleted file mode 100644 index 5b72d9970..000000000 --- a/testing/source/libxml2/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' on -# the right side marks the last column you can put a character in. You must make -# exactly 11 lines for the formatting to be correct. It's also customary to -# leave one space after the ':'. - - |-----handy-ruler------------------------------------------------------| -libxml2: libxml2 (XML parser library) -libxml2: -libxml2: Libxml2 is the XML C parser library and toolkit. XML itself is a -libxml2: metalanguage to design markup languages - i.e. a text language where -libxml2: structures are added to the content using extra "markup" information -libxml2: enclosed between angle brackets. HTML is the most well-known markup -libxml2: language. Though the library is written in C, a variety of language -libxml2: bindings make it available in other environments. -libxml2: -libxml2: -libxml2: |