commit: d139a435333edbdb81869e7d4b984a7535e9eda8 Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> AuthorDate: Sun Aug 27 08:42:10 2023 +0000 Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> CommitDate: Sun Aug 27 08:42:53 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d139a435
dev-libs/tinyxml: bump to add infinite loop patch Bug: https://bugs.gentoo.org/817863 Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org> .../files/tinyxml-2.6.2-CVE-2021-42260.patch | 23 ++++++++ dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild | 68 ++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch new file mode 100644 index 000000000000..d9eeb45c73b5 --- /dev/null +++ b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch @@ -0,0 +1,23 @@ +Description: In stamp always advance the pointer if *p= 0xef + . + The current implementation only advanced if 0xef is followed + by two non-zero bytes. In case of malformed input (0xef should be + the start byte of a three byte character) this leads to an infinite + loop. (CVE-2021-42260) +Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ + +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding ) + else + { p +=3; ++col; } // A normal character. + } ++ else ++ { ++ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so ++ // there is something wrong here. Just advance the pointer to evade infinite loops ++ ++p; ++ } + } + else + { diff --git a/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild b/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild new file mode 100644 index 000000000000..53f7786a222c --- /dev/null +++ b/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic toolchain-funcs multilib + +DESCRIPTION="Simple and small C++ XML parser" +HOMEPAGE="http://www.grinninglizard.com/tinyxml/index.html"; +SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV//./_}.tar.gz" + +LICENSE="ZLIB" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-macos" +IUSE="debug doc static-libs +stl" + +BDEPEND="doc? ( app-doc/doxygen )" + +S="${WORKDIR}/${PN}" + +DOCS=( "changes.txt" "readme.txt" ) + +src_prepare() { + local major_v=$(ver_cut 1) + local minor_v=$(ver_cut 2-3) + + sed -e "s:@MAJOR_V@:$major_v:" \ + -e "s:@MINOR_V@:$minor_v:" \ + "${FILESDIR}"/Makefile-3 > Makefile || die + + eapply -p0 "${FILESDIR}"/${PN}-2.6.1-entity.patch + eapply -p0 "${FILESDIR}"/${PN}.pc.patch + eapply "${FILESDIR}"/${P}-CVE-2021-42260.patch + + use debug && append-cppflags -DDEBUG + use stl && eapply "${FILESDIR}"/${P}-defineSTL.patch + + sed -e "s:/lib:/$(get_libdir):g" -i tinyxml.pc || die # bug 738948 + if use stl; then + sed -e "s/Cflags: -I\${includedir}/Cflags: -I\${includedir} -DTIXML_USE_STL=YES/g" -i tinyxml.pc || die + fi + + if ! use static-libs; then + sed -e "/^all:/s/\$(name).a //" -i Makefile || die + fi + + tc-export AR CXX RANLIB + + [[ ${CHOST} == *-darwin* ]] && export LIBDIR="${EPREFIX}"/usr/$(get_libdir) + eapply_user +} + +src_install() { + dolib.so *$(get_libname)* + + insinto /usr/include + doins *.h + + insinto /usr/share/pkgconfig + doins tinyxml.pc + + einstalldocs + + if use doc ; then + docinto html + dodoc -r docs/* + fi +}
