initial import

2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
--- a/libxml2/CVE-2025-32414.patch
+++ b/libxml2/CVE-2025-32414.patch
@@ -0,0 +1,58 @@
+--- a/python/libxml.c	2025-04-26 02:57:30.000000000 +0200
+++ b/python/libxml.c	2025-04-26 03:45:26.710195828 +0200
+@@ -286,7 +286,9 @@
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyEval_CallMethod(file, (char *) "read", (char *) "(i)", len);
+    /* When read() returns a string, the length is in characters not bytes, so
+       request at most len / 4 characters to leave space for UTF-8 encoding. */
+    ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileReadRaw: result is NULL\n");
+ 	return(-1);
+@@ -321,10 +323,12 @@
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
+    if (lenread < 0 || lenread > len) {
+	printf("xmlPythonFileReadRaw: invalid lenread\n");
+	Py_DECREF(ret);
+	return(-1);
+    }
+    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
+@@ -351,7 +355,9 @@
+ #endif
+     file = (PyObject *) context;
+     if (file == NULL) return(-1);
+-    ret = PyEval_CallMethod(file, (char *) "io_read", (char *) "(i)", len);
+    /* When io_read() returns a string, the length is in characters not bytes, so
+       request at most len / 4 characters to leave space for UTF-8 encoding. */
+    ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4);
+     if (ret == NULL) {
+ 	printf("xmlPythonFileRead: result is NULL\n");
+ 	return(-1);
+@@ -386,10 +392,12 @@
+ 	Py_DECREF(ret);
+ 	return(-1);
+     }
+-    if (lenread > len)
+-	memcpy(buffer, data, len);
+-    else
+-	memcpy(buffer, data, lenread);
+    if (lenread < 0 || lenread > len) {
+	printf("xmlPythonFileRead: invalid lenread\n");
+	Py_DECREF(ret);
+	return(-1);
+    }
+    memcpy(buffer, data, lenread);
+     Py_DECREF(ret);
+     return(lenread);
+ }
--- a/libxml2/CVE-2025-32415.patch
+++ b/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,20 @@
+--- a/xmlschemas.c	2025-04-26 02:57:30.000000000 +0200
+++ b/xmlschemas.c	2025-04-26 02:58:52.454003744 +0200
+@@ -23439,7 +23439,7 @@
+ 			j++;
+ 		    } while (j < nbDupls);
+ 		}
+-		if (nbNodeTable) {
+		if (bind->nbNodes) {
+ 		    j = 0;
+ 		    do {
+ 			if (nbFields == 1) {
+@@ -23490,7 +23490,7 @@
+ 
+ next_node_table_entry:
+ 			j++;
+-		    } while (j < nbNodeTable);
+		    } while (j < bind->nbNodes);
+ 		}
+ 		/*
+ 		* If everything is fine, then add the IDC target-node to
--- a/libxml2/PKGBUILD
+++ b/libxml2/PKGBUILD
@@ -0,0 +1,77 @@
+# Maintainer: Jesus E. <heckyel@riseup.net>
+
+pkgname=libxml2
+pkgver=2.9.10
+_debver=$pkgver
+_debrel=6.7
+pkgrel=6
+pkgdesc="XML parsing library, version 2"
+url='http://www.xmlsoft.org/'
+arch=('i686' 'x86_64')
+license=('Expat')
+depends=('zlib' 'readline' 'ncurses' 'xz' 'icu')
+makedepends=('tauthon' 'python' 'quilt')
+source=("ftp://xmlsoft.org/libxml2/libxml2-$pkgver.tar.gz"
+        "https://security.debian.org/debian-security/pool/updates/main/libx/libxml2/libxml2_${_debver}+dfsg-${_debrel}+deb11u6.debian.tar.xz"
+        "libxml2-2.9.8-python3-unicode-errors.patch"
+        "https://www.w3.org/XML/Test/xmlts20130923.tar.gz"
+        "CVE-2025-32414.patch"
+        "CVE-2025-32415.patch")
+sha512sums=('0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed'
+            '718386dd78d7136ff4aff605a92b2277b9ebd199b02345bb19ec48e3ecd97f634e1a213fdd9c2ac84695bb4052ff2515ffb46032a270163b4782d5af3b4187af'
+            'a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7'
+            'd5c4d26b324ed21f4e0641cd7f8b76dbf9de80df8b519982e44d41c960df29fd03618e02e9693b2d11ad06d19c4a965274c95a048ec3b9653eacb919a7f8b733'
+            'ce5b43520617b62353a4b3550d266a3fd230163cd0ee2ba105b083f633d52560c187fdf08cb75a5c4b4ed6f6a4d41790b45b7b4d9c186260d2adecdcbaeb0241'
+            '0e033851bab1cf27a2aa73a5f785fc9ebba73d17c887edbb30734784401cae14f7c412052dcf5289d1de1773b520df866288215b38db5c341fbd9aa7124ee6e5')
+
+prepare() {
+  mkdir build-{tauthon,python}
+  cd $pkgname-$pkgver
+
+  if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
+    # Debian patches
+    export QUILT_PATCHES=debian/patches
+    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+    export QUILT_DIFF_ARGS='--no-timestamps'
+
+    mv "$srcdir"/debian .
+
+    quilt push -av
+  else
+    # from https://src.fedoraproject.org/rpms/libxml2/tree/master
+    patch -Np1 -i $srcdir/libxml2-2.9.8-python3-unicode-errors.patch
+  fi
+
+  patch -Np1 -i  "$srcdir"/CVE-2025-32414.patch
+  patch -Np1 -i  "$srcdir"/CVE-2025-32415.patch
+
+  NOCONFIGURE=1 ./autogen.sh
+}
+
+_build() (
+  cd build-$1
+  ../$pkgname-$pkgver/configure \
+    --prefix=/usr \
+    --with-threads \
+    --with-history \
+    --with-python=/usr/bin/$1 \
+    --with-icu
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
+  PYTHONHASHSEED=0 make
+  find doc -type f -exec chmod 0644 {} +
+)
+
+build() {
+  _build tauthon
+  _build python
+}
+
+package() {
+  make -C build-tauthon DESTDIR="$pkgdir" install
+  make -C build-python/python DESTDIR="$pkgdir" install
+
+  # we don't support gtk-doc
+  rm -rf $pkgdir/usr/share/gtk-doc
+
+  install -Dm 644 build-tauthon/COPYING -t "$pkgdir/usr/share/licenses/$pkgname"
+}
--- a/libxml2/libxml2-2.9.8-python3-unicode-errors.patch
+++ b/libxml2/libxml2-2.9.8-python3-unicode-errors.patch
@@ -0,0 +1,34 @@
+Index: libxml2-2.9.5/python/libxml.c
+===================================================================
+--- libxml2-2.9.5.orig/python/libxml.c
+++ libxml2-2.9.5/python/libxml.c
+@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+     PyObject *message;
+     PyObject *result;
+     char str[1000];
+    unsigned char *ptr = (unsigned char *)str;
+ 
+ #ifdef DEBUG_ERROR
+     printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
+@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+ 	    str[999] = 0;
+         va_end(ap);
+ 
+#if PY_MAJOR_VERSION >= 3
+        /* Ensure the error string doesn't start at UTF8 continuation. */
+        while (*ptr && (*ptr & 0xc0) == 0x80)
+            ptr++;
+#endif
+
+         list = PyTuple_New(2);
+         PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
+         Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
+-        message = libxml_charPtrConstWrap(str);
+        message = libxml_charPtrConstWrap(ptr);
+         PyTuple_SetItem(list, 1, message);
+         result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
+        /* Forget any errors caused in the error handler. */
+        PyErr_Clear();
+         Py_XDECREF(list);
+         Py_XDECREF(result);
+     }