Fix out-of-bounds read in xsltCompilePatternInternal (bug #402861, CVE-2011-3970, thanks to Agostino Sarubbo for reporting). Update to EAPI4. Drop old.

Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64

5 files changed, 64 insertions, 134 deletions

diff --git a/dev-libs/libxslt/ChangeLog b/dev-libs/libxslt/ChangeLog
index a58d36bfa68b..0b038d47b1b7 100644
--- a/dev-libs/libxslt/ChangeLog
+++ b/dev-libs/libxslt/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for dev-libs/libxslt
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.221 2011/10/30 15:15:27 armin76 Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.222 2012/02/09 19:33:49 tetromino Exp $
+
+*libxslt-1.1.26-r3 (09 Feb 2012)
+
+  09 Feb 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+  -libxslt-1.1.26.ebuild, -libxslt-1.1.26-r1.ebuild, +libxslt-1.1.26-r3.ebuild,
+  +files/libxslt-1.1.26-pattern-out-of-bounds-read.patch:
+  Fix out-of-bounds read in xsltCompilePatternInternal (bug #402861,
+  CVE-2011-3970, thanks to Agostino Sarubbo for reporting). Update to EAPI4.
+  Drop old.
 
   30 Oct 2011; Raúl Porcel <armin76@gentoo.org> libxslt-1.1.26-r2.ebuild:
   alpha/ia64/m68k/s390/sh/sparc stable wrt #385699
diff --git a/dev-libs/libxslt/Manifest b/dev-libs/libxslt/Manifest
index 6a7570fe0f10..27e4ed2cd68e 100644
--- a/dev-libs/libxslt/Manifest
+++ b/dev-libs/libxslt/Manifest
@@ -1,21 +1,21 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
 AUX libxslt-1.1.23-parallel-install.patch 578 RMD160 b944d9886516e676ec60f7657011d524bff5bba5 SHA1 716cfb859d93acf7b6e5c411e65a7842f396066a SHA256 9b2fa23d7a4fef60c8acec7e8003bc42f4a4c9c1dbd5e035aa54af3e8ccecd5a
 AUX libxslt-1.1.26-disable_static_modules.patch 318 RMD160 cd8edd28bcb5e9b6783718d6716889089325f1b2 SHA1 a75381f44e213170d863d7ad4073a33dbed29513 SHA256 6c08da472bd1d48af1aab88619e460ad17f56c49bfaa00ccbfd8acf9212c5e80
 AUX libxslt-1.1.26-id-generation.patch 1733 RMD160 14d678e21f938408e25c325ebbdc45e74eeaf16e SHA1 f9a54b217993e057fde9729d25a4e8caf587303b SHA256 19ce8384b8dbe088c7349113e7769c3c735edabe1d54f3182b7f9627eea1532a
+AUX libxslt-1.1.26-pattern-out-of-bounds-read.patch 797 RMD160 0d390db736e8367b4d4a7ef7c0dc2bd70d8acc94 SHA1 c3ac6fc76f03d02bd9f1de76c88e280912c0fb9e SHA256 cf5bb2f4a1e95981ebaee4000e736dfe450a9a95639c49333b4f2bc93287c8df
 AUX libxslt-1.1.26-undefined.patch 616 RMD160 571771b9fd262df841442b4d8b0db1922529a7d3 SHA1 fcc3730b2466e08ac443ea05e0fff5877f9e2624 SHA256 bcd05d121d9857181037ec5d9740fff51640ee2e4a7c5933c9d65f7ee6011062
 AUX libxslt.m4-libxslt-1.1.26.patch 1421 RMD160 f54116e3871afaa97daf5bbb832f2147d395077b SHA1 cdf3aa89083371b45e88c67cc53b9303cd13f2f8 SHA256 c02cd8437064db0921c08e63245c403dad12410d2997715aa7aa36600bfaa895
 DIST libxslt-1.1.26.tar.gz 3401513 RMD160 fc7630352ae5772d25fc8132a373d477fb8d8d5f SHA1 69f74df8228b504a87e2b257c2d5238281c65154 SHA256 55dd52b42861f8a02989d701ef716d6280bfa02971e967c285016f99c66e3db1
-EBUILD libxslt-1.1.26-r1.ebuild 2732 RMD160 0d6c6a7fecdf19935242bbff46f4e6bf2837df7e SHA1 78bcac0c87e60af49b7e3595d346c4cf4ec951a5 SHA256 ca80c30cc766560ae6886da21dba2ec0ed9f174a2b1256de08dbe9efe9b5f90b
 EBUILD libxslt-1.1.26-r2.ebuild 2919 RMD160 040b942759a362c5bd5feb1b731f33a569cd6477 SHA1 0f1971188f3b8b5af1e84a50cd22a94e36770af1 SHA256 b286101edaaafa9e446312d1a32b15b67f7d4bdbbeb68e73c07fd4f738663aeb
-EBUILD libxslt-1.1.26.ebuild 2614 RMD160 fb13a7864b6c785732691a21c7ad86048ccaf650 SHA1 55506f20cf1021aa22be5a2062d44887c22e13f3 SHA256 cad49eb49e3f684b91fd0a60a6ece3a1c369d4f7588f7bd00c32efac493bec3a
-MISC ChangeLog 26472 RMD160 9b85602a3adad2b6edb3b5b79e1e1647f87100f9 SHA1 fe90d763e10bfffc56a8f385b16ee80804dc598c SHA256 52d0eea65a7ff4d819ff518b43798861a731a5ee5781151ea736815e72c8d08c
+EBUILD libxslt-1.1.26-r3.ebuild 3030 RMD160 40eb19344d615977a34151a4ad8803774d1c12ca SHA1 ff31c5e4a4b7021d5dda6d3fef565c070e5cdc32 SHA256 f54a3b2c3242a73b1adcce62a7d97a106394e4cf9c50c7a96c69520af54b0180
+MISC ChangeLog 26864 RMD160 5512f40076e433e98ad43ac062c1f9fa31fbddf9 SHA1 59b6ef5eebba881a7edf2b89da3debb99a7fd271 SHA256 f37bdd7811dd83ab3ae2d29084d12750dc53c353a4e0f4e781672d79f255c055
 MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2.0.18 (GNU/Linux)
 
-iEYEARECAAYFAk6tahUACgkQuQc30/atMkD3yACgp6RkRDQyrLrKsbC7T/tkwMq5
-GDoAnjzHBP7d0/qRohcOcTQFTNykVIlq
-=Ktr1
+iF4EAREIAAYFAk80H6MACgkQdjK8w9WeBnDVugD/feKGJcLGzHk2YDHrV1o4/TZz
+/oIUr6k1161q1HghgJIBAJmvtlfdnzF3b/QyCk9SykHmj+Wll5AJvfQPin+AbZoE
+=x8Jv
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch b/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch
new file mode 100644
index 000000000000..cd2e292f4797
--- /dev/null
+++ b/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch
@@ -0,0 +1,27 @@
+From fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b Mon Sep 17 00:00:00 2001
+From: Abhishek Arya <inferno@chromium.org>
+Date: Sun, 22 Jan 2012 17:47:50 +0800
+Subject: [PATCH] Fix some case of pattern parsing errors
+
+We could accidentally hit an off by one string array access
+due to improper loop exit when parsing patterns
+---
+ libxslt/pattern.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libxslt/pattern.c b/libxslt/pattern.c
+index 6161376..1155b54 100644
+--- a/libxslt/pattern.c
++++ b/libxslt/pattern.c
+@@ -1867,6 +1867,8 @@ xsltCompilePatternInternal(const xmlChar *pattern, xmlDocPtr doc,
+ 		while ((pattern[end] != 0) && (pattern[end] != '"'))
+ 		    end++;
+ 	    }
++	    if (pattern[end] == 0)
++	        break;
+ 	    end++;
+ 	}
+ 	if (current == end) {
+-- 
+1.7.8.4
+
diff --git a/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild b/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild
index 26ccac4e6d92..7fe8d9fd67c5 100644
--- a/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild
+++ b/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild,v 1.7 2011/03/18 17:30:53 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild,v 1.1 2012/02/09 19:33:49 tetromino Exp $
 
-EAPI="3"
+EAPI="4"
 PYTHON_DEPEND="python? 2"
 SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython"
+RESTRICT_PYTHON_ABIS="3.* *-jython *-pypy-*"
 
 inherit autotools eutils python toolchain-funcs
 
@@ -15,8 +15,8 @@ SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"
 
 LICENSE="MIT"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="crypt debug python"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="crypt debug python static-libs"
 
 DEPEND=">=dev-libs/libxml2-2.6.27:2
 	crypt?  ( >=dev-libs/libgcrypt-1.1.42 )"
@@ -26,6 +26,7 @@ pkg_setup() {
 	if use python; then
 		python_pkg_setup
 	fi
+	DOCS="AUTHORS ChangeLog FEATURES NEWS README TODO"
 }
 
 src_prepare() {
@@ -40,6 +41,9 @@ src_prepare() {
 	# Fix generate-id() to not expose object addresses, bug #358615
 	epatch "${FILESDIR}/${P}-id-generation.patch"
 
+	# Fix off-by-one in xsltCompilePatternInternal, bug #402861
+	epatch "${FILESDIR}/${P}-pattern-out-of-bounds-read.patch"
+
 	eautoreconf
 	epunt_cxx
 }
@@ -58,7 +62,8 @@ src_configure() {
 		$(use_with crypt crypto) \
 		$(use_with python) \
 		$(use_with debug) \
-		$(use_with debug mem-debug)
+		$(use_with debug mem-debug) \
+		$(use_enable static-libs static)
 }
 
 src_compile() {
@@ -87,7 +92,7 @@ src_test() {
 }
 
 src_install() {
-	emake DESTDIR="${D}" install || die
+	default
 
 	if use python; then
 		installation() {
@@ -102,7 +107,11 @@ src_install() {
 
 	mv -vf "${ED}"/usr/share/doc/${PN}-python-${PV} \
 		"${ED}"/usr/share/doc/${PF}/python
-	dodoc AUTHORS ChangeLog FEATURES NEWS README TODO || die
+
+	if ! use static-libs; then
+		# Remove useless .la files
+		find "${D}" -name '*.la' -exec rm -f {} + || die "la file removal failed"
+	fi
 }
 
 pkg_postinst() {
diff --git a/dev-libs/libxslt/libxslt-1.1.26.ebuild b/dev-libs/libxslt/libxslt-1.1.26.ebuild
deleted file mode 100644
index 839d391d6eaa..000000000000
--- a/dev-libs/libxslt/libxslt-1.1.26.ebuild
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26.ebuild,v 1.17 2011/02/26 17:32:39 arfrever Exp $
-
-EAPI="2"
-PYTHON_DEPEND="python? 2"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython"
-
-inherit autotools eutils python toolchain-funcs
-
-DESCRIPTION="XSLT libraries and tools"
-HOMEPAGE="http://www.xmlsoft.org/"
-SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="crypt debug python"
-
-DEPEND=">=dev-libs/libxml2-2.6.27
-	crypt?  ( >=dev-libs/libgcrypt-1.1.42 )"
-RDEPEND="${DEPEND}"
-
-pkg_setup() {
-	if use python; then
-		python_pkg_setup
-	fi
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/libxslt.m4-${P}.patch \
-		"${FILESDIR}"/${PN}-1.1.23-parallel-install.patch \
-		"${FILESDIR}"/${P}-undefined.patch \
-		"${FILESDIR}"/${P}-disable_static_modules.patch
-
-	# Python bindings are built/tested/installed manually.
-	sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed"
-
-	eautoreconf
-	epunt_cxx
-}
-
-src_configure() {
-	# libgcrypt is missing pkg-config file, so fixing cross-compile
-	# here. see bug 267503.
-	if tc-is-cross-compiler; then
-		export LIBGCRYPT_CONFIG="${SYSROOT}/usr/bin/libgcrypt-config"
-	fi
-
-	econf \
-		--disable-dependency-tracking \
-		--with-html-dir=/usr/share/doc/${PF} \
-		--with-html-subdir=html \
-		$(use_with crypt crypto) \
-		$(use_with python) \
-		$(use_with debug) \
-		$(use_with debug mem-debug)
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_copy_sources python
-		building() {
-			emake PYTHON_INCLUDES="$(python_get_includedir)" \
-				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
-				PYTHON_VERSION="$(python_get_version)"
-		}
-		python_execute_function -s --source-dir python building
-	fi
-}
-
-src_test() {
-	default
-
-	if use python; then
-		testing() {
-			emake test
-		}
-		python_execute_function -s --source-dir python testing
-	fi
-}
-
-src_install() {
-	emake DESTDIR="${D}" install || die
-
-	if use python; then
-		installation() {
-			emake DESTDIR="${D}" \
-				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
-				install
-		}
-		python_execute_function -s --source-dir python installation
-
-		python_clean_installation_image
-	fi
-
-	mv -vf "${D}"/usr/share/doc/${PN}-python-${PV} \
-		"${D}"/usr/share/doc/${PF}/python
-	dodoc AUTHORS ChangeLog FEATURES NEWS README TODO || die
-}
-
-pkg_postinst() {
-	if use python; then
-		python_mod_optimize libxslt.py
-	fi
-}
-
-pkg_postrm() {
-	if use python; then
-		python_mod_cleanup libxslt.py
-	fi
-}