diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-12-10 01:12:17 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-12-10 02:58:55 +0100 |
commit | 48a597699d66820c0bd3755087ede52100d5becc (patch) | |
tree | 0a68ef0f5214d3469e96283aed283b1095c0f39c /source | |
parent | 4f2f8fa3a5c832eb964c3e46084a072ecc592aa4 (diff) | |
download | current-48a597699d66820c0bd3755087ede52100d5becc.tar.gz current-48a597699d66820c0bd3755087ede52100d5becc.tar.xz |
Sun Dec 10 01:12:17 UTC 202320231210011217
l/libxml2-2.12.2-x86_64-2.txz: Rebuilt.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
Diffstat (limited to 'source')
-rw-r--r-- | source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch (renamed from source/l/libxml2/libxml2.python3-unicode-errors.patch) | 18 | ||||
-rwxr-xr-x | source/l/libxml2/libxml2.SlackBuild | 45 | ||||
-rw-r--r-- | source/l/libxml2/libxml2.do-not-check-crc.diff | 35 | ||||
-rw-r--r-- | source/l/libxml2/libxml2.url | 3 | ||||
-rwxr-xr-x | source/l/libxslt/libxslt.SlackBuild | 1 |
5 files changed, 39 insertions, 63 deletions
diff --git a/source/l/libxml2/libxml2.python3-unicode-errors.patch b/source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch index e87dcdedf..b07e4049f 100644 --- a/source/l/libxml2/libxml2.python3-unicode-errors.patch +++ b/source/l/libxml2/libxml2-2.12.0-python3-unicode-errors.patch @@ -1,16 +1,16 @@ -Index: libxml2-2.9.5/python/libxml.c -=================================================================== ---- libxml2-2.9.5.orig/python/libxml.c -+++ libxml2-2.9.5/python/libxml.c -@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU +diff --git a/python/libxml.c b/python/libxml.c +index bf048006..5f42e5b7 100644 +--- a/python/libxml.c ++++ b/python/libxml.c +@@ -1505,6 +1505,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, PyObject *message; PyObject *result; char str[1000]; + unsigned char *ptr = (unsigned char *)str; - #ifdef DEBUG_ERROR - printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); -@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU + if (libxml_xmlPythonErrorFuncHandler == NULL) { + va_start(ap, msg); +@@ -1516,12 +1517,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg, str[999] = 0; va_end(ap); @@ -26,7 +26,7 @@ Index: libxml2-2.9.5/python/libxml.c - message = libxml_charPtrConstWrap(str); + message = libxml_charPtrConstWrap(ptr); PyTuple_SetItem(list, 1, message); - result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); + result = PyObject_CallObject(libxml_xmlPythonErrorFuncHandler, list); + /* Forget any errors caused in the error handler. */ + PyErr_Clear(); Py_XDECREF(list); diff --git a/source/l/libxml2/libxml2.SlackBuild b/source/l/libxml2/libxml2.SlackBuild index b7a49084e..79b5bab02 100755 --- a/source/l/libxml2/libxml2.SlackBuild +++ b/source/l/libxml2/libxml2.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2022, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libxml2 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -60,7 +60,7 @@ else LIBDIRSUFFIX="" fi -PYTHONLIB=$( python -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) +PYTHONLIB=$( python2 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) PYTHON3LIB=$( python3 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) TMP=${TMP:-/tmp} @@ -79,14 +79,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -zcat $CWD/libxml2.do-not-check-crc.diff.gz | patch -p1 --verbose || exit 1 -zcat $CWD/libxml2.python3-unicode-errors.patch.gz | patch -p1 --verbose || exit 1 - -# Fixes for python-3.9.x: -sed -i '/if Py/{s/Py/(Py/;s/)/))/}' python/{types.c,libxml.c} -sed -i '/_PyVerify_fd/,+1d' python/types.c -sed -i 's/test.test/#&/' python/tests/tstLastError.py - if [ ! -r configure ]; then if [ -x ./autogen.sh ]; then NOCONFIGURE=1 ./autogen.sh @@ -94,39 +86,57 @@ if [ ! -r configure ]; then autoreconf -vif fi fi + +# Build for python2, for now... + +PYTHON=/usr/bin/python2 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --docdir=/usr/doc/$PKGNAM-$VERSION \ --disable-static \ - --with-python=/usr/bin/python3 \ + --with-python \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 -python3 -m compileall "${PKG}$PYTHON3LIB" -python3 -O -m compileall "${PKG}$PYTHON3LIB" +python2 -m compileall "${PKG}$PYTHONLIB" +python2 -O -m compileall "${PKG}$PYTHONLIB" make clean +# Next build for python3... + +## Fixes for python-3.9.x: +#sed -i '/if Py/{s/Py/(Py/;s/)/))/}' python/{types.c,libxml.c} +#sed -i '/_PyVerify_fd/,+1d' python/types.c +#sed -i 's/test.test/#&/' python/tests/tstLastError.py + +# Patch from openSUSE. +# See: https://bugzilla.gnome.org/show_bug.cgi?id=789714 +cat $CWD/libxml2-2.12.0-python3-unicode-errors.patch | patch -p1 --verbose || exit 1 + +PYTHON=/usr/bin/python3 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --docdir=/usr/doc/$PKGNAM-$VERSION \ --disable-static \ - --with-python=/usr/bin/python \ + --with-python \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 -python -m compileall "${PKG}$PYTHONLIB" -python -O -m compileall "${PKG}$PYTHONLIB" +python3 -m compileall "${PKG}$PYTHON3LIB" +python3 -O -m compileall "${PKG}$PYTHON3LIB" # Don't ship .la files: rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la @@ -153,4 +163,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG /sbin/makepkg -l y -c n $TMP/libxml2-$VERSION-$ARCH-$BUILD.txz - diff --git a/source/l/libxml2/libxml2.do-not-check-crc.diff b/source/l/libxml2/libxml2.do-not-check-crc.diff deleted file mode 100644 index 3e6507764..000000000 --- a/source/l/libxml2/libxml2.do-not-check-crc.diff +++ /dev/null @@ -1,35 +0,0 @@ -diff -up libxml2-2.9.0/xzlib.c.do-not-check-crc libxml2-2.9.0/xzlib.c ---- libxml2-2.9.0/xzlib.c.do-not-check-crc 2012-09-11 05:52:46.000000000 +0200 -+++ libxml2-2.9.0/xzlib.c 2012-11-19 19:28:42.431700534 +0100 -@@ -552,17 +552,20 @@ xz_decomp(xz_statep state) - #ifdef HAVE_ZLIB_H - if (state->how == GZIP) { - if (gz_next4(state, &crc) == -1 || gz_next4(state, &len) == -1) { -- xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -- return -1; -- } -- if (crc != state->zstrm.adler) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -- return -1; -- } -- if (len != (state->zstrm.total_out & 0xffffffffL)) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -- return -1; -- } -+ /* -+ xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -+ return -1; -+ */ -+ } else { -+ if (crc != state->zstrm.adler) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -+ return -1; -+ } -+ if (len != (state->zstrm.total_out & 0xffffffffL)) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -+ return -1; -+ } -+ } - state->strm.avail_in = 0; - state->strm.next_in = NULL; - state->strm.avail_out = 0; diff --git a/source/l/libxml2/libxml2.url b/source/l/libxml2/libxml2.url index 937f078cf..47808cb85 100644 --- a/source/l/libxml2/libxml2.url +++ b/source/l/libxml2/libxml2.url @@ -1,2 +1,3 @@ #ftp://ftp.xmlsoft.org/libxml2 -https://gitlab.gnome.org/GNOME/libxml2 +#https://gitlab.gnome.org/GNOME/libxml2 +https://download.gnome.org/sources/libxml2 diff --git a/source/l/libxslt/libxslt.SlackBuild b/source/l/libxslt/libxslt.SlackBuild index 0216ab702..2e735ac94 100755 --- a/source/l/libxslt/libxslt.SlackBuild +++ b/source/l/libxslt/libxslt.SlackBuild @@ -93,6 +93,7 @@ PYTHON=/usr/bin/python3 \ CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --mandir=/usr/man \ --disable-static \ |