From 522fa4e6f267ba688a264ceec8d6c79663b61219 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 8 Oct 2023 12:03:01 +0100
Subject: gentoo auto-resync : 08:10:2023 - 12:03:01

---
 dev-libs/libxml2/Manifest                          |   4 +-
 .../files/libxml2-2.11.5-CVE-2023-45322.patch      |  71 ++++++++
 dev-libs/libxml2/libxml2-2.11.5-r1.ebuild          | 200 +++++++++++++++++++++
 dev-libs/libxml2/libxml2-9999.ebuild               |   2 +-
 4 files changed, 275 insertions(+), 2 deletions(-)
 create mode 100644 dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
 create mode 100644 dev-libs/libxml2/libxml2-2.11.5-r1.ebuild

(limited to 'dev-libs/libxml2')

diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index 495ba10ccf99..e16ae58f8ff0 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,4 +1,5 @@
 AUX libxml2-2.10.3-python3-unicode-errors.patch 1208 BLAKE2B 8515db0c9d79c4397c3ef4147660ddf395b863de3658a8db27db20d2274949962172a42637bf9555d3d7bf63ead8f695d19f28ddb5e957b5302c8aed466058c7 SHA512 f2ab7934687ba14bf7541a381317d88c20d9912b424d1b206f8feb60224482f12e03c79ff4e8637025ee8d1bddd870183db932380990eafca833eea1c1373a06
+AUX libxml2-2.11.5-CVE-2023-45322.patch 2030 BLAKE2B 2262b1c532b0b59c4982fdea12946294e58754aaca8b7cf3e1f3fdd912e900735b642362629e63ceb16b469f5a1146387030838ecc7b97d4227ceff089a72a43 SHA512 3e76d8b2608d523f659cbc3f7faf6565a83f8b77dcae0a2c1986c66df25b9baf8a4382d7bde612f7eafb0967e199c84621ec70898481a5b369e6f3818832f9bc
 DIST libxml2-2.10.4.tar.xz 2643600 BLAKE2B 5bbb63c6e58accf434513aeb974fed7349e5458de642ef89db77768c8d1383532614254e0e3f1d9471e2274c6b81a04a0a3afcb602707ce79550c2bd8e9028d9 SHA512 792c1dceb098cd353a7eca4c46d31cce6310b2553d97fd3918cf0b94d93b2480759202036511bde36c24166236bd4616f57e79959eea9afe3f60614bdfe13094
 DIST libxml2-2.11.4.tar.xz 2626756 BLAKE2B 5d7e6388291a8473195131f5cb22aee9a4182f28fd8eed468c449b762d363cfb1713a7466c1f98e96cf819ed8f78e13a6ba930c2fadd8d63869b6efe8e8be8a8 SHA512 c1df7441c729430bdd2de52e9da69b171afc4b776e4a2eb43acbc71ada7a3814a465247fb5fca4c83ecf1c281f7745069ec3d051a7964cb7cc119a3d983f93ba
 DIST libxml2-2.11.5.tar.xz 2628132 BLAKE2B 4af53ef7c19cfcddcf3de5c694a1b03cf4212f8e4c4cb3d873a897fddd8a89d7a52d049a8b85e96c6cdb471689aa385512d87b9710074e90583bf7ad46319172 SHA512 8f087cdaf61957567f04280facc70211c09ca131a532fd13ed4bfc38ddec50e44b1f842b108e635bd4205232036a3e1097904ac016f1fd135bacd17aebb04272
@@ -7,6 +8,7 @@ DIST xsts-2002-01-16.tar.gz 6894439 BLAKE2B 1e9ec63d2c104655e64249e07440a04d862f
 DIST xsts-2004-01-14.tar.gz 2761085 BLAKE2B 41545995fb3a65d053257c376c07d45ffd1041a433bfbdb46d4dd87a5afb60c18c8629a3d988323f9e7a1d709775b5a7e5930276a7121c0725a22705c0976e36 SHA512 32854388d7e720ad67156baf50bf2bae7bd878ca3e35fd7e44e57cad3f434f69d56bbbedd61509f8a1faf01c9eae74a078df8fe130780b182c05c05cb1c39ebe
 EBUILD libxml2-2.10.4.ebuild 5626 BLAKE2B 84a0bdd6b327e1c8232070cbc98a28efbf82f5cdda7677d4b136b46ca80b3b70eea3965f07d7408179109a54d4a8b345d14cd110cb2debccf62646cc5153d620 SHA512 73eb93d00a2772710fa8e89edada77c23f44e877c8fe226aaef8ec20ea57ddda3239be31da6b303f567c2a7638e2b48c3d9c55e15048c96693854b19b0269db4
 EBUILD libxml2-2.11.4.ebuild 5438 BLAKE2B 5465d5035da3e2e10d395972b368d1755a7fe3c36154c202ef1be79f4859edefe4917fc354eb7d6b6cbc8aad2c5af7dcbb9b7f48c5eae28531a610605671e92b SHA512 d88881f3be825ecf874ae492ef551c061c871483b30066b156fc852bf54ed6407799dbb545103e576e6494dbceb19a7ede9cd3952d54d532f6def032317e6c88
+EBUILD libxml2-2.11.5-r1.ebuild 5317 BLAKE2B 7aa83b9f6bdc7728344ff865cbec1aa07137a29287ab3641a11bd4a465a7a3678a5d2914f6db4d9bfdf7fe436cc8b141102b698357d1d291f6330129a8b19bde SHA512 645bc66b2c28b71dbc33f66fb650224d4947b5de8b20c6aa8e0f20c32fb3cfac0d97287c48673087a5388583216effd350b09449118b45ac7672b319042c7554
 EBUILD libxml2-2.11.5.ebuild 5250 BLAKE2B 40c27adaeeb5f643fd1f28216b0c487890b414e3864ed56a389a81ef7f0622965233d0d67347b7912711e7c4b69a1c284255c5eb96bf10d671f8be8d5f60b1ea SHA512 e97779c5ba726cfdddbaff520bb2f484f180b4e422217b4375ae249c9cb2e218897b1f51cb494c7db6a78000af2be1803ca35a41876bf7c2de8d4c4dbeec3046
-EBUILD libxml2-9999.ebuild 5256 BLAKE2B 6ae063d26c31b7fe9ddc30795a5ff5d22a85122ab0411038b4b370da3bf70682dd41650f5545ef8956139657be072bf8cae3047d2daa4adec68ecc9c3918e4f9 SHA512 010721d7e45da7da6441366f5a4e2ecd58bf43acd10deb51d0b4cffb540e2cb649fe091b9afe2aaea76c2b5c66cc23d90ecbbfb00de357e24691f5589df5948b
+EBUILD libxml2-9999.ebuild 5255 BLAKE2B 3b4b7a86a4233e02ea014171583216f664c70e0cf152519f8c72c11909bdac13a55d4f2ffe11a901c602b84299a43032cba82f01c85dae67485cc06a76bb9fdb SHA512 80783246bfce6dfd9b616d83f7e250394fa1895a0b4bae3781a714d90d71e394cb7048736803624e10a3c498ac2691c84f1edcfaea476312569b10e7be923b1f
 MISC metadata.xml 519 BLAKE2B 528be4ec79b54eaed229c84c96656266acffaa2ab68c7b1e6daecdee77bb1109ea56babceff0459125e04326425be28f436a78f697c363920102b94aca25179d SHA512 85804c662dd019e6c4cad05bb691b2058c9b93c190c57a7b4cc2674bee71a805da41159184c1bae9954700e52b41bb104a2d1e66ea4d1799463626befb691d11
diff --git a/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
new file mode 100644
index 000000000000..190218be3a5e
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.11.5-CVE-2023-45322.patch
@@ -0,0 +1,71 @@
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
+https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9
+https://bugs.gentoo.org/915351
+
+From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 23 Aug 2023 20:24:24 +0200
+Subject: [PATCH] tree: Fix copying of DTDs
+
+- Don't create multiple DTD nodes.
+- Fix UAF if malloc fails.
+- Skip DTD nodes if tree module is disabled.
+
+Fixes #583.
+--- a/tree.c
++++ b/tree.c
+@@ -4471,29 +4471,28 @@ xmlNodePtr
+ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+     xmlNodePtr ret = NULL;
+     xmlNodePtr p = NULL,q;
++    xmlDtdPtr newSubset = NULL;
+ 
+     while (node != NULL) {
+-#ifdef LIBXML_TREE_ENABLED
+ 	if (node->type == XML_DTD_NODE ) {
+-	    if (doc == NULL) {
++#ifdef LIBXML_TREE_ENABLED
++	    if ((doc == NULL) || (doc->intSubset != NULL)) {
+ 		node = node->next;
+ 		continue;
+ 	    }
+-	    if (doc->intSubset == NULL) {
+-		q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+-		if (q == NULL) goto error;
+-		q->doc = doc;
+-		q->parent = parent;
+-		doc->intSubset = (xmlDtdPtr) q;
+-		xmlAddChild(parent, q);
+-	    } else {
+-		q = (xmlNodePtr) doc->intSubset;
+-		xmlAddChild(parent, q);
+-	    }
+-	} else
++            q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
++            if (q == NULL) goto error;
++            q->doc = doc;
++            q->parent = parent;
++            newSubset = (xmlDtdPtr) q;
++#else
++            node = node->next;
++            continue;
+ #endif /* LIBXML_TREE_ENABLED */
++	} else {
+ 	    q = xmlStaticCopyNode(node, doc, parent, 1);
+-	if (q == NULL) goto error;
++	    if (q == NULL) goto error;
++        }
+ 	if (ret == NULL) {
+ 	    q->prev = NULL;
+ 	    ret = p = q;
+@@ -4505,6 +4504,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+ 	}
+ 	node = node->next;
+     }
++    if (newSubset != NULL)
++        doc->intSubset = newSubset;
+     return(ret);
+ error:
+     xmlFreeNodeList(ret);
+-- 
+GitLab
diff --git a/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
new file mode 100644
index 000000000000..ad027676e475
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.11.5-r1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Note: Please bump in sync with dev-libs/libxslt
+
+PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_REQ_USE="xml(+)"
+inherit flag-o-matic python-r1 multilib-minimal
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20130923.tar.gz"
+
+DESCRIPTION="XML C parser and toolkit"
+HOMEPAGE="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"
+	inherit autotools git-r3
+else
+	inherit gnome.org libtool
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+SRC_URI+="
+	test? (
+		${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+		${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+		https://www.w3.org/XML/Test/${XMLCONF_TARBALL}
+	)
+"
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+LICENSE="MIT"
+SLOT="2"
+IUSE="debug examples +ftp icu lzma +python readline static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	virtual/libiconv
+	>=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+	icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+if [[ ${PV} == 9999 ]] ; then
+	BDEPEND+=" dev-util/gtk-doc-am"
+fi
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/xml2-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.11.5-CVE-2023-45322.patch
+)
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	else
+		local tarname=${P/_rc/-rc}.tar.xz
+
+		# ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
+		# as they are needed as tarballs in ${S}/xstc instead and not unpacked
+		unpack ${tarname}
+
+		if [[ -n ${PATCHSET_VERSION} ]] ; then
+			unpack ${PN}-${PATCHSET_VERSION}.tar.xz
+		fi
+	fi
+
+	cd "${S}" || die
+
+	if use test ; then
+		cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+			"${DISTDIR}/${XSTS_TARBALL_2}" \
+			"${S}"/xstc/ \
+			|| die "Failed to install test tarballs"
+		unpack ${XMLCONF_TARBALL}
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	else
+		# Please do not remove, as else we get references to PORTAGE_TMPDIR
+		# in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+		elibtoolize
+	fi
+}
+
+multilib_src_configure() {
+	# Filter seemingly problematic CFLAGS (bug #26320)
+	filter-flags -fprefetch-loop-arrays -funroll-loops
+
+	# Notes:
+	# The meaning of the 'debug' USE flag does not apply to the --with-debug
+	# switch (enabling the libxml2 debug module). See bug #100898.
+	libxml2_configure() {
+		ECONF_SOURCE="${S}" econf \
+			--enable-ipv6 \
+			$(use_with ftp) \
+			$(use_with debug run-debug) \
+			$(use_with icu) \
+			$(use_with lzma) \
+			$(use_enable static-libs static) \
+			$(multilib_native_use_with readline) \
+			$(multilib_native_use_with readline history) \
+			"$@"
+	}
+
+	# Build python bindings separately
+	libxml2_configure --without-python
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_configure --with-python
+}
+
+libxml2_py_emake() {
+	pushd "${BUILD_DIR}"/python >/dev/null || die
+
+	emake top_builddir="${NATIVE_BUILD_DIR}" "$@"
+
+	popd >/dev/null || die
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi && use python ; then
+		NATIVE_BUILD_DIR="${BUILD_DIR}"
+		python_foreach_impl run_in_build_dir libxml2_py_emake all
+	fi
+}
+
+multilib_src_test() {
+	ln -s "${S}"/xmlconf || die
+
+	emake check
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_py_emake check
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	multilib_is_native_abi && use python &&
+		python_foreach_impl run_in_build_dir libxml2_py_emake DESTDIR="${D}" install
+
+	# Hack until automake release is made for the optimise fix
+	# https://git.savannah.gnu.org/cgit/automake.git/commit/?id=bde43d0481ff540418271ac37012a574a4fcf097
+	multilib_is_native_abi && use python && python_foreach_impl python_optimize
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	if ! use examples ; then
+		rm -rf "${ED}"/usr/share/doc/${PF}/examples || die
+		rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die
+	fi
+
+	rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	# We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+	# be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+	if [[ -n "${ROOT}" ]]; then
+		elog "Skipping XML catalog creation for stage building (bug #208887)."
+	else
+		# Need an XML catalog, so no-one writes to a non-existent one
+		CATALOG="${EROOT}/etc/xml/catalog"
+
+		# We don't want to clobber an existing catalog though,
+		# only ensure that one is there
+		# <obz@gentoo.org>
+		if [[ ! -e "${CATALOG}" ]]; then
+			[[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml"
+			"${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+			einfo "Created XML catalog in ${CATALOG}"
+		fi
+	fi
+}
diff --git a/dev-libs/libxml2/libxml2-9999.ebuild b/dev-libs/libxml2/libxml2-9999.ebuild
index 23465b596258..7a65290535a9 100644
--- a/dev-libs/libxml2/libxml2-9999.ebuild
+++ b/dev-libs/libxml2/libxml2-9999.ebuild
@@ -71,7 +71,7 @@ src_unpack() {
 		unpack ${tarname}
 
 		if [[ -n ${PATCHSET_VERSION} ]] ; then
-			unpack ${PN}-${PATCHSET_VERSION}.tar.bz2
+			unpack ${PN}-${PATCHSET_VERSION}.tar.xz
 		fi
 	fi
 
-- 
cgit v1.2.3