Fix out-of-bounds read in xsltCompilePatternInternal (bug #402861, CVE-2011-3970, thanks to Agostino Sarubbo for reporting). Update to EAPI4. Drop old.

(Portage version: 2.2.0_alpha84/cvs/Linux x86_64)

4 files changed, 56 insertions, 126 deletions

diff --git a/dev-libs/libxslt/ChangeLog b/dev-libs/libxslt/ChangeLog
index a58d36bfa68b..0b038d47b1b7 100644
--- a/dev-libs/libxslt/ChangeLog
+++ b/dev-libs/libxslt/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for dev-libs/libxslt
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.221 2011/10/30 15:15:27 armin76 Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.222 2012/02/09 19:33:49 tetromino Exp $
+
+*libxslt-1.1.26-r3 (09 Feb 2012)
+
+  09 Feb 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+  -libxslt-1.1.26.ebuild, -libxslt-1.1.26-r1.ebuild, +libxslt-1.1.26-r3.ebuild,
+  +files/libxslt-1.1.26-pattern-out-of-bounds-read.patch:
+  Fix out-of-bounds read in xsltCompilePatternInternal (bug #402861,
+  CVE-2011-3970, thanks to Agostino Sarubbo for reporting). Update to EAPI4.
+  Drop old.
 
   30 Oct 2011; Raúl Porcel <armin76@gentoo.org> libxslt-1.1.26-r2.ebuild:
   alpha/ia64/m68k/s390/sh/sparc stable wrt #385699
diff --git a/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch b/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch
new file mode 100644
index 000000000000..cd2e292f4797
--- /dev/null
+++ b/dev-libs/libxslt/files/libxslt-1.1.26-pattern-out-of-bounds-read.patch
@@ -0,0 +1,27 @@
+From fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b Mon Sep 17 00:00:00 2001
+From: Abhishek Arya <inferno@chromium.org>
+Date: Sun, 22 Jan 2012 17:47:50 +0800
+Subject: [PATCH] Fix some case of pattern parsing errors
+
+We could accidentally hit an off by one string array access
+due to improper loop exit when parsing patterns
+---
+ libxslt/pattern.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libxslt/pattern.c b/libxslt/pattern.c
+index 6161376..1155b54 100644
+--- a/libxslt/pattern.c
++++ b/libxslt/pattern.c
+@@ -1867,6 +1867,8 @@ xsltCompilePatternInternal(const xmlChar *pattern, xmlDocPtr doc,
+ 		while ((pattern[end] != 0) && (pattern[end] != '"'))
+ 		    end++;
+ 	    }
++	    if (pattern[end] == 0)
++	        break;
+ 	    end++;
+ 	}
+ 	if (current == end) {
+-- 
+1.7.8.4
+
diff --git a/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild b/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild
index 26ccac4e6d92..7fe8d9fd67c5 100644
--- a/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild
+++ b/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild,v 1.7 2011/03/18 17:30:53 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26-r3.ebuild,v 1.1 2012/02/09 19:33:49 tetromino Exp $
 
-EAPI="3"
+EAPI="4"
 PYTHON_DEPEND="python? 2"
 SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython"
+RESTRICT_PYTHON_ABIS="3.* *-jython *-pypy-*"
 
 inherit autotools eutils python toolchain-funcs
 
@@ -15,8 +15,8 @@ SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"
 
 LICENSE="MIT"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="crypt debug python"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="crypt debug python static-libs"
 
 DEPEND=">=dev-libs/libxml2-2.6.27:2
 	crypt?  ( >=dev-libs/libgcrypt-1.1.42 )"
@@ -26,6 +26,7 @@ pkg_setup() {
 	if use python; then
 		python_pkg_setup
 	fi
+	DOCS="AUTHORS ChangeLog FEATURES NEWS README TODO"
 }
 
 src_prepare() {
@@ -40,6 +41,9 @@ src_prepare() {
 	# Fix generate-id() to not expose object addresses, bug #358615
 	epatch "${FILESDIR}/${P}-id-generation.patch"
 
+	# Fix off-by-one in xsltCompilePatternInternal, bug #402861
+	epatch "${FILESDIR}/${P}-pattern-out-of-bounds-read.patch"
+
 	eautoreconf
 	epunt_cxx
 }
@@ -58,7 +62,8 @@ src_configure() {
 		$(use_with crypt crypto) \
 		$(use_with python) \
 		$(use_with debug) \
-		$(use_with debug mem-debug)
+		$(use_with debug mem-debug) \
+		$(use_enable static-libs static)
 }
 
 src_compile() {
@@ -87,7 +92,7 @@ src_test() {
 }
 
 src_install() {
-	emake DESTDIR="${D}" install || die
+	default
 
 	if use python; then
 		installation() {
@@ -102,7 +107,11 @@ src_install() {
 
 	mv -vf "${ED}"/usr/share/doc/${PN}-python-${PV} \
 		"${ED}"/usr/share/doc/${PF}/python
-	dodoc AUTHORS ChangeLog FEATURES NEWS README TODO || die
+
+	if ! use static-libs; then
+		# Remove useless .la files
+		find "${D}" -name '*.la' -exec rm -f {} + || die "la file removal failed"
+	fi
 }
 
 pkg_postinst() {
diff --git a/dev-libs/libxslt/libxslt-1.1.26.ebuild b/dev-libs/libxslt/libxslt-1.1.26.ebuild
deleted file mode 100644
index 839d391d6eaa..000000000000
--- a/dev-libs/libxslt/libxslt-1.1.26.ebuild
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26.ebuild,v 1.17 2011/02/26 17:32:39 arfrever Exp $
-
-EAPI="2"
-PYTHON_DEPEND="python? 2"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython"
-
-inherit autotools eutils python toolchain-funcs
-
-DESCRIPTION="XSLT libraries and tools"
-HOMEPAGE="http://www.xmlsoft.org/"
-SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="crypt debug python"
-
-DEPEND=">=dev-libs/libxml2-2.6.27
-	crypt?  ( >=dev-libs/libgcrypt-1.1.42 )"
-RDEPEND="${DEPEND}"
-
-pkg_setup() {
-	if use python; then
-		python_pkg_setup
-	fi
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/libxslt.m4-${P}.patch \
-		"${FILESDIR}"/${PN}-1.1.23-parallel-install.patch \
-		"${FILESDIR}"/${P}-undefined.patch \
-		"${FILESDIR}"/${P}-disable_static_modules.patch
-
-	# Python bindings are built/tested/installed manually.
-	sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed"
-
-	eautoreconf
-	epunt_cxx
-}
-
-src_configure() {
-	# libgcrypt is missing pkg-config file, so fixing cross-compile
-	# here. see bug 267503.
-	if tc-is-cross-compiler; then
-		export LIBGCRYPT_CONFIG="${SYSROOT}/usr/bin/libgcrypt-config"
-	fi
-
-	econf \
-		--disable-dependency-tracking \
-		--with-html-dir=/usr/share/doc/${PF} \
-		--with-html-subdir=html \
-		$(use_with crypt crypto) \
-		$(use_with python) \
-		$(use_with debug) \
-		$(use_with debug mem-debug)
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_copy_sources python
-		building() {
-			emake PYTHON_INCLUDES="$(python_get_includedir)" \
-				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
-				PYTHON_VERSION="$(python_get_version)"
-		}
-		python_execute_function -s --source-dir python building
-	fi
-}
-
-src_test() {
-	default
-
-	if use python; then
-		testing() {
-			emake test
-		}
-		python_execute_function -s --source-dir python testing
-	fi
-}
-
-src_install() {
-	emake DESTDIR="${D}" install || die
-
-	if use python; then
-		installation() {
-			emake DESTDIR="${D}" \
-				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
-				install
-		}
-		python_execute_function -s --source-dir python installation
-
-		python_clean_installation_image
-	fi
-
-	mv -vf "${D}"/usr/share/doc/${PN}-python-${PV} \
-		"${D}"/usr/share/doc/${PF}/python
-	dodoc AUTHORS ChangeLog FEATURES NEWS README TODO || die
-}
-
-pkg_postinst() {
-	if use python; then
-		python_mod_optimize libxslt.py
-	fi
-}
-
-pkg_postrm() {
-	if use python; then
-		python_mod_cleanup libxslt.py
-	fi
-}