From 48a597699d66820c0bd3755087ede52100d5becc Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sun, 10 Dec 2023 01:12:17 +0000 Subject: Sun Dec 10 01:12:17 UTC 2023 l/libxml2-2.12.2-x86_64-2.txz: Rebuilt. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *) --- .../libxml2-2.12.0-python3-unicode-errors.patch | 34 ++++++++++++++++ source/l/libxml2/libxml2.SlackBuild | 45 +++++++++++++--------- source/l/libxml2/libxml2.do-not-check-crc.diff | 35 ----------------- .../l/libxml2/libxml2.python3-unicode-errors.patch | 34 ---------------- source/l/libxml2/libxml2.url | 3 +- source/l/libxslt/libxslt.SlackBuild | 1 + 6 files changed, 64 insertions(+), 88 deletions(-) create mode 100644 source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch delete mode 100644 source/l/libxml2/libxml2.do-not-check-crc.diff delete mode 100644 source/l/libxml2/libxml2.python3-unicode-errors.patch (limited to 'source') diff --git a/source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch b/source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch new file mode 100644 index 000000000..b07e4049f --- /dev/null +++ b/source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch @@ -0,0 +1,34 @@ +diff --git a/python/libxml.c b/python/libxml.c +index bf048006..5f42e5b7 100644 +--- a/python/libxml.c ++++ b/python/libxml.c +@@ -1505,6 +1505,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, + PyObject *message; + PyObject *result; + char str[1000]; ++ unsigned char *ptr = (unsigned char *)str; + + if (libxml_xmlPythonErrorFuncHandler == NULL) { + va_start(ap, msg); +@@ -1516,12 +1517,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, + str[999] = 0; + va_end(ap); + ++#if PY_MAJOR_VERSION >= 3 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ ++ while (*ptr && (*ptr & 0xc0) == 0x80) ++ ptr++; ++#endif ++ + list = PyTuple_New(2); + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); +- message = libxml_charPtrConstWrap(str); ++ message = libxml_charPtrConstWrap(ptr); + PyTuple_SetItem(list, 1, message); + result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); ++ /* Forget any errors caused in the error handler. */ ++ PyErr_Clear(); + Py_XDECREF(list); + Py_XDECREF(result); + } diff --git a/source/l/libxml2/libxml2.SlackBuild b/source/l/libxml2/libxml2.SlackBuild index b7a49084e..79b5bab02 100755 --- a/source/l/libxml2/libxml2.SlackBuild +++ b/source/l/libxml2/libxml2.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2022, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libxml2 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -60,7 +60,7 @@ else LIBDIRSUFFIX="" fi -PYTHONLIB=$( python -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) +PYTHONLIB=$( python2 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) PYTHON3LIB=$( python3 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) TMP=${TMP:-/tmp} @@ -79,14 +79,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -zcat $CWD/libxml2.do-not-check-crc.diff.gz | patch -p1 --verbose || exit 1 -zcat $CWD/libxml2.python3-unicode-errors.patch.gz | patch -p1 --verbose || exit 1 - -# Fixes for python-3.9.x: -sed -i '/if Py/{s/Py/(Py/;s/)/))/}' python/{types.c,libxml.c} -sed -i '/_PyVerify_fd/,+1d' python/types.c -sed -i 's/test.test/#&/' python/tests/tstLastError.py - if [ ! -r configure ]; then if [ -x ./autogen.sh ]; then NOCONFIGURE=1 ./autogen.sh @@ -94,39 +86,57 @@ if [ ! -r configure ]; then autoreconf -vif fi fi + +# Build for python2, for now... + +PYTHON=/usr/bin/python2 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --docdir=/usr/doc/$PKGNAM-$VERSION \ --disable-static \ - --with-python=/usr/bin/python3 \ + --with-python \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 -python3 -m compileall "${PKG}$PYTHON3LIB" -python3 -O -m compileall "${PKG}$PYTHON3LIB" +python2 -m compileall "${PKG}$PYTHONLIB" +python2 -O -m compileall "${PKG}$PYTHONLIB" make clean +# Next build for python3... + +## Fixes for python-3.9.x: +#sed -i '/if Py/{s/Py/(Py/;s/)/))/}' python/{types.c,libxml.c} +#sed -i '/_PyVerify_fd/,+1d' python/types.c +#sed -i 's/test.test/#&/' python/tests/tstLastError.py + +# Patch from openSUSE. +# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 +cat $CWD/libxml2-2.12.0-python3-unicode-errors.patch | patch -p1 --verbose || exit 1 + +PYTHON=/usr/bin/python3 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --docdir=/usr/doc/$PKGNAM-$VERSION \ --disable-static \ - --with-python=/usr/bin/python \ + --with-python \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 -python -m compileall "${PKG}$PYTHONLIB" -python -O -m compileall "${PKG}$PYTHONLIB" +python3 -m compileall "${PKG}$PYTHON3LIB" +python3 -O -m compileall "${PKG}$PYTHON3LIB" # Don't ship .la files: rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la @@ -153,4 +163,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG /sbin/makepkg -l y -c n $TMP/libxml2-$VERSION-$ARCH-$BUILD.txz - diff --git a/source/l/libxml2/libxml2.do-not-check-crc.diff b/source/l/libxml2/libxml2.do-not-check-crc.diff deleted file mode 100644 index 3e6507764..000000000 --- a/source/l/libxml2/libxml2.do-not-check-crc.diff +++ /dev/null @@ -1,35 +0,0 @@ -diff -up libxml2-2.9.0/xzlib.c.do-not-check-crc libxml2-2.9.0/xzlib.c ---- libxml2-2.9.0/xzlib.c.do-not-check-crc 2012-09-11 05:52:46.000000000 +0200 -+++ libxml2-2.9.0/xzlib.c 2012-11-19 19:28:42.431700534 +0100 -@@ -552,17 +552,20 @@ xz_decomp(xz_statep state) - #ifdef HAVE_ZLIB_H - if (state->how == GZIP) { - if (gz_next4(state, &crc) == -1 || gz_next4(state, &len) == -1) { -- xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -- return -1; -- } -- if (crc != state->zstrm.adler) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -- return -1; -- } -- if (len != (state->zstrm.total_out & 0xffffffffL)) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -- return -1; -- } -+ /* -+ xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -+ return -1; -+ */ -+ } else { -+ if (crc != state->zstrm.adler) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -+ return -1; -+ } -+ if (len != (state->zstrm.total_out & 0xffffffffL)) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -+ return -1; -+ } -+ } - state->strm.avail_in = 0; - state->strm.next_in = NULL; - state->strm.avail_out = 0; diff --git a/source/l/libxml2/libxml2.python3-unicode-errors.patch b/source/l/libxml2/libxml2.python3-unicode-errors.patch deleted file mode 100644 index e87dcdedf..000000000 --- a/source/l/libxml2/libxml2.python3-unicode-errors.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: libxml2-2.9.5/python/libxml.c -=================================================================== ---- libxml2-2.9.5.orig/python/libxml.c -+++ libxml2-2.9.5/python/libxml.c -@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU - PyObject *message; - PyObject *result; - char str[1000]; -+ unsigned char *ptr = (unsigned char *)str; - - #ifdef DEBUG_ERROR - printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); -@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU - str[999] = 0; - va_end(ap); - -+#if PY_MAJOR_VERSION >= 3 -+ /* Ensure the error string doesn't start at UTF8 continuation. */ -+ while (*ptr && (*ptr & 0xc0) == 0x80) -+ ptr++; -+#endif -+ - list = PyTuple_New(2); - PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); - Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); -- message = libxml_charPtrConstWrap(str); -+ message = libxml_charPtrConstWrap(ptr); - PyTuple_SetItem(list, 1, message); - result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); -+ /* Forget any errors caused in the error handler. */ -+ PyErr_Clear(); - Py_XDECREF(list); - Py_XDECREF(result); - } diff --git a/source/l/libxml2/libxml2.url b/source/l/libxml2/libxml2.url index 937f078cf..47808cb85 100644 --- a/source/l/libxml2/libxml2.url +++ b/source/l/libxml2/libxml2.url @@ -1,2 +1,3 @@ #ftp://ftp.xmlsoft.org/libxml2 -https://gitlab.gnome.org/GNOME/libxml2 +#https://gitlab.gnome.org/GNOME/libxml2 +https://download.gnome.org/sources/libxml2 diff --git a/source/l/libxslt/libxslt.SlackBuild b/source/l/libxslt/libxslt.SlackBuild index 0216ab702..2e735ac94 100755 --- a/source/l/libxslt/libxslt.SlackBuild +++ b/source/l/libxslt/libxslt.SlackBuild @@ -93,6 +93,7 @@ PYTHON=/usr/bin/python3 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --disable-static \ -- cgit v1.2.3-80-g2a13