From 143a58f9a6f2626fa79b241c520b716c6f56ed5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Thu, 13 May 2021 15:44:03 -0300 Subject: [PATCH 1/5] libxml2: update to 2.9.11. - fixes a bunch of CVEs and arbitrary issues - don't run autoreconf anymore. Was added in 66d6f3ef819d1c3fd4a3d772dcd21846f9467001, but isn't necessary anymore. - the sed command was also outdated - can build with just gettext and pkg-config in host now --- srcpkgs/libxml2/patches/CVE-2019-20388.patch | 32 -------------------- srcpkgs/libxml2/template | 15 ++++----- 2 files changed, 6 insertions(+), 41 deletions(-) delete mode 100644 srcpkgs/libxml2/patches/CVE-2019-20388.patch diff --git a/srcpkgs/libxml2/patches/CVE-2019-20388.patch b/srcpkgs/libxml2/patches/CVE-2019-20388.patch deleted file mode 100644 index e1582f299de3..000000000000 --- a/srcpkgs/libxml2/patches/CVE-2019-20388.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001 -From: Zhipeng Xie -Date: Tue, 20 Aug 2019 16:33:06 +0800 -Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream - -When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun -alloc a new schema for ctxt->schema and set vctxt->xsiAssemble -to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize -vctxt->xsiAssemble to 0 again which cause the alloced schema -can not be freed anymore. - -Found with libFuzzer. - -Signed-off-by: Zhipeng Xie ---- - xmlschemas.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/xmlschemas.c b/xmlschemas.c -index 301c8449..39d92182 100644 ---- xmlschemas.c -+++ xmlschemas.c -@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { - vctxt->nberrors = 0; - vctxt->depth = -1; - vctxt->skipDepth = -1; -- vctxt->xsiAssemble = 0; - vctxt->hasKeyrefs = 0; - #ifdef ENABLE_IDC_NODE_TABLES_TEST - vctxt->createIDCNodeTables = 1; --- -2.24.1 diff --git a/srcpkgs/libxml2/template b/srcpkgs/libxml2/template index c334f505ed0c..5d4815ffc70b 100644 --- a/srcpkgs/libxml2/template +++ b/srcpkgs/libxml2/template @@ -3,23 +3,20 @@ # Please keep this in sync with "srcpkgs/libxml2-python" # pkgname=libxml2 -version=2.9.10 -revision=4 +version=2.9.11 +revision=1 build_style=gnu-configure configure_args="--with-threads --with-history --with-icu --without-python" -hostmakedepends="automake libtool gettext-devel pkg-config" +hostmakedepends="gettext pkg-config" makedepends="zlib-devel ncurses-devel readline-devel liblzma-devel icu-devel" short_desc="Library providing XML and HTML support" maintainer="Enno Boland " license="MIT" homepage="http://www.xmlsoft.org/" distfiles="http://xmlsoft.org/sources/${pkgname}-${version}.tar.gz" -checksum=aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f - -pre_configure() { - autoreconf -fi - sed '/PROGRAMS =/s,$(noinst_PROGRAMS),,' -i Makefile.in -} +checksum=886f696d5d5b45d780b2880645edf9e0c62a4fd6841b853e824ada4e02b4d331 +# tries to run fuzz tests unconditionally and can't find headers for it +make_check=no post_install() { vlicense COPYING From 0ae68f7cc4ccd0c76feb46df965a092134d994e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Thu, 13 May 2021 15:58:44 -0300 Subject: [PATCH 2/5] bamf: update to 0.5.5. Also remove outdated python2 dependencies. --- srcpkgs/bamf/template | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/srcpkgs/bamf/template b/srcpkgs/bamf/template index e71e50d826f2..a61f25f88ed0 100644 --- a/srcpkgs/bamf/template +++ b/srcpkgs/bamf/template @@ -1,18 +1,18 @@ # Template file for 'bamf' pkgname=bamf -version=0.5.4 -revision=4 +version=0.5.5 +revision=1 build_style=gnu-configure build_helper="gir" -hostmakedepends="glib-devel gtk-doc pkg-config python-lxml libxslt-python libxml2-python - $(vopt_if vala vala)" +hostmakedepends="glib-devel gtk-doc pkg-config $(vopt_if vala vala) + gnome-common which automake libtool gettext" makedepends="libglib-devel libgtop-devel libwnck-devel" short_desc="Application matching framework" maintainer="Steve Prybylski " license="LGPL-3.0-only, LGPL-2.1-only, GPL-3.0-or-later" homepage="https://launchpad.net/bamf" -distfiles="https://launchpad.net/bamf/${version%.*}/${version}/+download/${pkgname}-${version}.tar.gz" -checksum=5bb87a5bf46ab1fc9a229a851c0ee4f610d943716a7c83d318f6a8f50d76beb3 +distfiles="https://launchpad.net/bamf/${version%.*}/${version}/+download/${pkgname}-${version}.tar.xz" +checksum=10e642adf5169d46e32b113346bebdad437cddd1ddbd45d16c640cf60cabf5da CFLAGS="-Wno-cpp -Wno-deprecated-declarations" @@ -20,8 +20,7 @@ build_options="gir vala" build_options_default="gir vala" pre_configure() { - sed -i configure -e 's;if !($PYTHON -c "import libxslt, libxml2" 2> /dev/null);if false;' - sed -i configure -e '/CFLAGS=/s/ \-Werror / /' + NOCONFIGURE=1 ./autogen.sh } bamf-devel_package() { @@ -31,7 +30,6 @@ bamf-devel_package() { vmove usr/include vmove usr/lib/pkgconfig vmove usr/lib/*.so - vmove usr/share/gtk-doc if [ "$build_option_gir" ]; then vmove usr/share/gir-1.0 fi From ccb9a064d2c8024d755d5f3bac09c5eb7e85262a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Thu, 13 May 2021 15:59:41 -0300 Subject: [PATCH 3/5] libxslt: remove python module. Only supports python2 at the moment, isn't used by any other package. --- srcpkgs/libxslt-python | 1 - srcpkgs/libxslt/template | 24 +++++------------------- 2 files changed, 5 insertions(+), 20 deletions(-) delete mode 120000 srcpkgs/libxslt-python diff --git a/srcpkgs/libxslt-python b/srcpkgs/libxslt-python deleted file mode 120000 index fbcaa3cb7ad9..000000000000 --- a/srcpkgs/libxslt-python +++ /dev/null @@ -1 +0,0 @@ -libxslt \ No newline at end of file diff --git a/srcpkgs/libxslt/template b/srcpkgs/libxslt/template index 42d80f08ac98..31b395b3ca5b 100644 --- a/srcpkgs/libxslt/template +++ b/srcpkgs/libxslt/template @@ -1,11 +1,11 @@ # Template file for 'libxslt' pkgname=libxslt version=1.1.34 -revision=4 +revision=5 build_style=gnu-configure -configure_args="--disable-static --disable-dependency-tracking" -hostmakedepends="libtool python-devel libxml2-python pkg-config" -makedepends="python-devel libxml2-devel libxml2-python libgcrypt-devel" +configure_args="--disable-static --disable-dependency-tracking --without-python" +hostmakedepends="libtool pkg-config" +makedepends="libxml2-devel libgcrypt-devel" short_desc="XSLT parser library from the GNOME project" maintainer="Orphaned " license="MIT" @@ -20,12 +20,7 @@ post_configure() { # on don't know how to make target, needed # by Usage: # Makefile is created after configure so fix here - find ${wrksrc} -type f -name Makefile | xargs sed -i '/Usage/,/--version/d' - if [ "$CROSS_BUILD" ]; then - sed -e "s|/usr/include/python2.7|$XBPS_CROSS_BASE/&|g" \ - -e "s|/usr/lib/python2.7/site-packages|$XBPS_CROSS_BASE/&|g" \ - -i python/Makefile - fi + find ${wrksrc} -type f -name Makefile -exec sed -i '/Usage/,/--version/d' '{}' + } post_install() { @@ -53,12 +48,3 @@ libxslt-devel_package() { vmove usr/share/man/man3 } } - -libxslt-python_package() { - lib32disabled=yes - short_desc+=" - python extension" - pkg_install() { - vmove "usr/lib/python*" - vmove usr/share/doc/${sourcepkg}-python-${version} - } -} From 4bda22b01cabb5a17af309cdec80169011e78b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Thu, 13 May 2021 16:02:04 -0300 Subject: [PATCH 4/5] libxml2-python: turn into libxml2-python3. No package is using the python2 bindings anymore. --- .../libxml2-python/patches/py39compat.patch | 68 ------------------- .../libxml2-python/patches/python3-utf8.patch | 37 ---------- srcpkgs/libxml2-python/template | 34 ---------- srcpkgs/libxml2-python3 | 1 - srcpkgs/libxml2-python3/template | 26 +++++++ 5 files changed, 26 insertions(+), 140 deletions(-) delete mode 100644 srcpkgs/libxml2-python/patches/py39compat.patch delete mode 100644 srcpkgs/libxml2-python/patches/python3-utf8.patch delete mode 100644 srcpkgs/libxml2-python/template delete mode 120000 srcpkgs/libxml2-python3 create mode 100644 srcpkgs/libxml2-python3/template diff --git a/srcpkgs/libxml2-python/patches/py39compat.patch b/srcpkgs/libxml2-python/patches/py39compat.patch deleted file mode 100644 index c5dbfabbaa4e..000000000000 --- a/srcpkgs/libxml2-python/patches/py39compat.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- python/libxml.c.orig 2020-10-07 14:41:45.226029584 -0400 -+++ python/libxml.c 2020-10-07 14:42:58.965113111 -0400 -@@ -294,7 +294,7 @@ - lenread = PyBytes_Size(ret); - data = PyBytes_AsString(ret); - #ifdef PyUnicode_Check -- } else if PyUnicode_Check (ret) { -+ } else if (PyUnicode_Check (ret)) { - #if PY_VERSION_HEX >= 0x03030000 - Py_ssize_t size; - const char *tmp; -@@ -359,7 +359,7 @@ - lenread = PyBytes_Size(ret); - data = PyBytes_AsString(ret); - #ifdef PyUnicode_Check -- } else if PyUnicode_Check (ret) { -+ } else if (PyUnicode_Check (ret)) { - #if PY_VERSION_HEX >= 0x03030000 - Py_ssize_t size; - const char *tmp; ---- python/types.c.orig 2020-10-07 14:41:49.393034304 -0400 -+++ python/types.c 2020-10-07 14:42:23.496072934 -0400 -@@ -602,16 +602,16 @@ - if (obj == NULL) { - return (NULL); - } -- if PyFloat_Check (obj) { -+ if (PyFloat_Check (obj)) { - ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj)); -- } else if PyLong_Check(obj) { -+ } else if (PyLong_Check(obj)) { - #ifdef PyLong_AS_LONG - ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj)); - #else - ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj)); - #endif - #ifdef PyBool_Check -- } else if PyBool_Check (obj) { -+ } else if (PyBool_Check (obj)) { - - if (obj == Py_True) { - ret = xmlXPathNewBoolean(1); -@@ -620,14 +620,14 @@ - ret = xmlXPathNewBoolean(0); - } - #endif -- } else if PyBytes_Check (obj) { -+ } else if (PyBytes_Check (obj)) { - xmlChar *str; - - str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj), - PyBytes_GET_SIZE(obj)); - ret = xmlXPathWrapString(str); - #ifdef PyUnicode_Check -- } else if PyUnicode_Check (obj) { -+ } else if (PyUnicode_Check (obj)) { - #if PY_VERSION_HEX >= 0x03030000 - xmlChar *str; - const char *tmp; -@@ -650,7 +650,7 @@ - ret = xmlXPathWrapString(str); - #endif - #endif -- } else if PyList_Check (obj) { -+ } else if (PyList_Check (obj)) { - int i; - PyObject *node; - xmlNodePtr cur; diff --git a/srcpkgs/libxml2-python/patches/python3-utf8.patch b/srcpkgs/libxml2-python/patches/python3-utf8.patch deleted file mode 100644 index 46a834b6fa45..000000000000 --- a/srcpkgs/libxml2-python/patches/python3-utf8.patch +++ /dev/null @@ -1,37 +0,0 @@ -Description: work around libxml2 python3 handling of UTF-8 encoded messages -Author: Jan Matejek -Source: https://bugzilla.opensuse.org/show_bug.cgi?id=1065270 - ---- python/libxml.c -+++ python/libxml.c -@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU - PyObject *message; - PyObject *result; - char str[1000]; -+ unsigned char *ptr = (unsigned char *)str; - - #ifdef DEBUG_ERROR - printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); -@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU - str[999] = 0; - va_end(ap); - -+#if PY_MAJOR_VERSION >= 3 -+ /* Ensure the error string doesn't start at UTF8 continuation. */ -+ while (*ptr && (*ptr & 0xc0) == 0x80) -+ ptr++; -+#endif -+ - list = PyTuple_New(2); - PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); - Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); -- message = libxml_charPtrConstWrap(str); -+ message = libxml_charPtrConstWrap(ptr); - PyTuple_SetItem(list, 1, message); - result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); -+ /* Forget any errors caused in the error handler. */ -+ PyErr_Clear(); - Py_XDECREF(list); - Py_XDECREF(result); - } - diff --git a/srcpkgs/libxml2-python/template b/srcpkgs/libxml2-python/template deleted file mode 100644 index 4208519dac3e..000000000000 --- a/srcpkgs/libxml2-python/template +++ /dev/null @@ -1,34 +0,0 @@ -# Template file for 'libxml2-python' -pkgname=libxml2-python -version=2.9.10 -revision=3 -wrksrc="${pkgname%-python}-${version}" -build_wrksrc=python -build_style=python-module -hostmakedepends="python-devel python3-devel" -makedepends="libxml2-devel python-devel python3-devel" -depends="python python3" -short_desc="Library providing XML and HTML support - Python2 bindings" -maintainer="Enno Boland " -license="MIT" -homepage="http://www.xmlsoft.org/" -distfiles="http://xmlsoft.org/sources/libxml2-${version}.tar.gz" -checksum=aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f - -post_patch() { - if [ "${CROSS_BUILD}" ]; then - vsed -i setup.py -e "s:/usr/include:${XBPS_CROSS_BASE}/usr/include:" - fi -} - -post_install() { - vlicense ../COPYING -} - -libxml2-python3_package() { - short_desc="${short_desc/Python2/Python3}" - pkg_install() { - vmove "usr/lib/python3*" - vlicense ../COPYING - } -} diff --git a/srcpkgs/libxml2-python3 b/srcpkgs/libxml2-python3 deleted file mode 120000 index 7ba590df8660..000000000000 --- a/srcpkgs/libxml2-python3 +++ /dev/null @@ -1 +0,0 @@ -libxml2-python \ No newline at end of file diff --git a/srcpkgs/libxml2-python3/template b/srcpkgs/libxml2-python3/template new file mode 100644 index 000000000000..b2fa503b0c92 --- /dev/null +++ b/srcpkgs/libxml2-python3/template @@ -0,0 +1,26 @@ +# Template file for 'libxml2-python3' +pkgname=libxml2-python3 +version=2.9.11 +revision=1 +wrksrc="${pkgname%-python3}-${version}" +build_wrksrc=python +build_style=python3-module +hostmakedepends="python3-devel" +makedepends="libxml2-devel python3-devel" +depends="python3" +short_desc="Library providing XML and HTML support - Python3 bindings" +maintainer="Enno Boland " +license="MIT" +homepage="http://www.xmlsoft.org/" +distfiles="http://xmlsoft.org/sources/libxml2-${version}.tar.gz" +checksum=886f696d5d5b45d780b2880645edf9e0c62a4fd6841b853e824ada4e02b4d331 + +post_patch() { + if [ "${CROSS_BUILD}" ]; then + vsed -i setup.py -e "s:/usr/include:${XBPS_CROSS_BASE}/usr/include:" + fi +} + +post_install() { + vlicense ../COPYING +} From 727051b077a4d0ffc4a8aac2e07992ab7fce22a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Thu, 13 May 2021 16:07:48 -0300 Subject: [PATCH 5/5] removed-packages: add libxml2-python and libxslt-python Outdated python2 bindings for the respective libraries. --- srcpkgs/removed-packages/template | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/srcpkgs/removed-packages/template b/srcpkgs/removed-packages/template index 2232f209ad38..414a80c7a672 100644 --- a/srcpkgs/removed-packages/template +++ b/srcpkgs/removed-packages/template @@ -1,7 +1,7 @@ # Template file for 'removed-packages' pkgname=removed-packages version=0.1 -revision=44 +revision=45 build_style=meta short_desc="Uninstalls packages removed from repository" maintainer="Piotr Wójcik " @@ -300,7 +300,9 @@ replaces=" vte290<=0.36.5_5 wireguard-go<=0.0.20181222_2 wireshark-gtk<=3.0.7_1 + libxml2-python<=2.9.10 libxnoise<=0.2.21_4 + libxslt-python<=1.1.34<=4 xlennart<=1.1.1_1 xnoise<=0.2.21_4 xnoise-devel<=0.2.21_4