commit: a19043269b67ae760a011c13738b03ed78fdd124 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat Jun 21 15:41:41 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Jun 21 15:42:38 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1904326
dev-libs/libxml2: fix CVE-2025-6021 for 2.13.8 Plan is to get 2.14 unmasked but let's backport this fix for 2.13. Bug: https://bugs.gentoo.org/958276 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/libxml2-2.13.8-CVE-2025-6021.patch | 57 ++++++ dev-libs/libxml2/libxml2-2.13.8-r1.ebuild | 191 +++++++++++++++++++++ 2 files changed, 248 insertions(+) diff --git a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch new file mode 100644 index 000000000000..8c5e83e680b5 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch @@ -0,0 +1,57 @@ +From ebe46ba82340cea8f030e0c0b3bb89aabad83674 Mon Sep 17 00:00:00 2001 +Message-ID: <ebe46ba82340cea8f030e0c0b3bb89aabad83674.1750520310.git....@gentoo.org> +From: Nick Wellnhofer <[email protected]> +Date: Tue, 27 May 2025 12:53:17 +0200 +Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName + +This issue affects memory safety and might receive a CVE ID later. + +Fixes #926. + +(cherry picked from commit acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0) +--- + tree.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/tree.c b/tree.c +index f097cf87..76112e22 100644 +--- a/tree.c ++++ b/tree.c +@@ -22,6 +22,7 @@ + #include <stddef.h> + #include <limits.h> + #include <ctype.h> ++#include <stdint.h> + #include <stdlib.h> + + #ifdef LIBXML_ZLIB_ENABLED +@@ -167,10 +168,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) { + xmlChar * + xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, + xmlChar *memory, int len) { +- int lenn, lenp; ++ size_t lenn, lenp; + xmlChar *ret; + +- if (ncname == NULL) return(NULL); ++ if ((ncname == NULL) || (len < 0)) return(NULL); + if (prefix == NULL) return((xmlChar *) ncname); + + #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +@@ -181,8 +182,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, + + lenn = strlen((char *) ncname); + lenp = strlen((char *) prefix); ++ if (lenn >= SIZE_MAX - lenp - 1) ++ return(NULL); + +- if ((memory == NULL) || (len < lenn + lenp + 2)) { ++ if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) { + ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2); + if (ret == NULL) + return(NULL); + +base-commit: 3a1c25f5e7bbf8180690cf5c4c5a9fc1caf55c62 +-- +2.50.0 + diff --git a/dev-libs/libxml2/libxml2-2.13.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.13.8-r1.ebuild new file mode 100644 index 000000000000..bf99e8749a1d --- /dev/null +++ b/dev-libs/libxml2/libxml2-2.13.8-r1.ebuild @@ -0,0 +1,191 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Note: Please bump in sync with dev-libs/libxslt + +PYTHON_COMPAT=( python3_{11..14} ) +PYTHON_REQ_USE="xml(+)" +inherit autotools python-r1 multilib-minimal + +XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"; +XSTS_NAME_1="xmlschema2002-01-16" +XSTS_NAME_2="xmlschema2004-01-14" +XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" +XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" +XMLCONF_TARBALL="xmlts20130923.tar.gz" + +DESCRIPTION="XML C parser and toolkit" +HOMEPAGE="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"; +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"; + inherit git-r3 +else + inherit gnome.org + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +SRC_URI+=" + test? ( + ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} + ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} + https://www.w3.org/XML/Test/${XMLCONF_TARBALL} + ) +" +S="${WORKDIR}/${PN}-${PV%_rc*}" + +LICENSE="MIT" +SLOT="2" +IUSE="examples icu lzma +python readline static-libs test" +RESTRICT="!test? ( test )" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=" + virtual/libiconv + >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] + icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +if [[ ${PV} == 9999 ]] ; then + BDEPEND+=" dev-build/gtk-doc-am" +fi + +MULTILIB_CHOST_TOOLS=( + /usr/bin/xml2-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.12.9-icu-pkgconfig.patch + "${FILESDIR}"/${PN}-2.13.8-CVE-2025-6021.patch +) + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + local tarname=${P/_rc/-rc}.tar.xz + + # ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR}, + # as they are needed as tarballs in ${S}/xstc instead and not unpacked + unpack ${tarname} + + if [[ -n ${PATCHSET_VERSION} ]] ; then + unpack ${PN}-${PATCHSET_VERSION}.tar.xz + fi + fi + + cd "${S}" || die + + if use test ; then + cp "${DISTDIR}/${XSTS_TARBALL_1}" \ + "${DISTDIR}/${XSTS_TARBALL_2}" \ + "${S}"/xstc/ \ + || die "Failed to install test tarballs" + unpack ${XMLCONF_TARBALL} + fi +} + +src_prepare() { + default + + # Please do not remove, as else we get references to PORTAGE_TMPDIR + # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. + #elibtoolize + + eautoreconf +} + +multilib_src_configure() { + libxml2_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_with icu) \ + $(use_with lzma) \ + $(use_enable static-libs static) \ + $(multilib_native_use_with readline) \ + $(multilib_native_use_with readline history) \ + --with-legacy \ + "$@" + } + + # Build python bindings separately + libxml2_configure --without-python + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_configure --with-python +} + +libxml2_py_emake() { + pushd "${BUILD_DIR}"/python >/dev/null || die + + emake top_builddir="${NATIVE_BUILD_DIR}" "$@" + + popd >/dev/null || die +} + +multilib_src_compile() { + default + + if multilib_is_native_abi && use python ; then + NATIVE_BUILD_DIR="${BUILD_DIR}" + python_foreach_impl run_in_build_dir libxml2_py_emake all + fi +} + +multilib_src_test() { + ln -s "${S}"/xmlconf || die + + emake check + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_py_emake check +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_py_emake DESTDIR="${D}" install + + # Hack until automake release is made for the optimise fix + # https://git.savannah.gnu.org/cgit/automake.git/commit/?id=bde43d0481ff540418271ac37012a574a4fcf097 + multilib_is_native_abi && use python && python_foreach_impl python_optimize +} + +multilib_src_install_all() { + einstalldocs + + if ! use examples ; then + rm -rf "${ED}"/usr/share/doc/${PF}/examples || die + rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die + fi + + rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die + + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not + # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. + if [[ -n "${ROOT}" ]]; then + elog "Skipping XML catalog creation for stage building (bug #208887)." + else + # Need an XML catalog, so no-one writes to a non-existent one + CATALOG="${EROOT}/etc/xml/catalog" + + # We don't want to clobber an existing catalog though, + # only ensure that one is there + # <[email protected]> + if [[ ! -e "${CATALOG}" ]]; then + [[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml" + "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}" + einfo "Created XML catalog in ${CATALOG}" + fi + fi +}
