commit: 4028361d5c359b65df0105dc758978884620fe9a Author: Lukas Schmelting <lschmelting <AT> posteo <DOT> com> AuthorDate: Sat Jul 19 11:53:02 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Jul 19 16:44:32 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4028361d
dev-libs/libxml2: security revbump to 2.13.8-r2 Signed-off-by: Lukas Schmelting <lschmelting <AT> posteo.com> Part-of: https://github.com/gentoo/gentoo/pull/43063 Signed-off-by: Sam James <sam <AT> gentoo.org> ...xml2-2.13.8-CVE-2025-49794-CVE-2025-49796.patch | 182 +++++++++++++++++++ .../files/libxml2-2.13.8-CVE-2025-49795.patch | 69 ++++++++ .../files/libxml2-2.13.8-CVE-2025-6021.patch | 40 ++--- .../files/libxml2-2.13.8-CVE-2025-6170.patch | 102 +++++++++++ dev-libs/libxml2/libxml2-2.13.8-r2.ebuild | 195 +++++++++++++++++++++ 5 files changed, 566 insertions(+), 22 deletions(-) diff --git a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49794-CVE-2025-49796.patch b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49794-CVE-2025-49796.patch new file mode 100644 index 000000000000..bb8d7c1175a8 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49794-CVE-2025-49796.patch @@ -0,0 +1,182 @@ +From 81cef8c5b5aec2acdf5707e57a6db0c8d1d0abca Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <[email protected]> +Date: Fri, 4 Jul 2025 14:28:26 +0200 +Subject: [PATCH] [CVE-2025-49794] [CVE-2025-49796] schematron: Fix + xmlSchematronReportOutput + +Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796) +in xmlSchematronReportOutput. + +Fixes #931. +Fixes #933. +--- + result/schematron/cve-2025-49794_0.err | 2 ++ + result/schematron/cve-2025-49796_0.err | 2 ++ + schematron.c | 49 ++++++++++++++------------ + test/schematron/cve-2025-49794.sct | 10 ++++++ + test/schematron/cve-2025-49794_0.xml | 6 ++++ + test/schematron/cve-2025-49796.sct | 9 +++++ + test/schematron/cve-2025-49796_0.xml | 3 ++ + 7 files changed, 58 insertions(+), 23 deletions(-) + create mode 100644 result/schematron/cve-2025-49794_0.err + create mode 100644 result/schematron/cve-2025-49796_0.err + create mode 100644 test/schematron/cve-2025-49794.sct + create mode 100644 test/schematron/cve-2025-49794_0.xml + create mode 100644 test/schematron/cve-2025-49796.sct + create mode 100644 test/schematron/cve-2025-49796_0.xml + +diff --git a/result/schematron/cve-2025-49794_0.err b/result/schematron/cve-2025-49794_0.err +new file mode 100644 +index 00000000..57752310 +--- /dev/null ++++ b/result/schematron/cve-2025-49794_0.err +@@ -0,0 +1,2 @@ ++./test/schematron/cve-2025-49794_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2: ++./test/schematron/cve-2025-49794_0.xml fails to validate +diff --git a/result/schematron/cve-2025-49796_0.err b/result/schematron/cve-2025-49796_0.err +new file mode 100644 +index 00000000..bf875ee0 +--- /dev/null ++++ b/result/schematron/cve-2025-49796_0.err +@@ -0,0 +1,2 @@ ++./test/schematron/cve-2025-49796_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2: ++./test/schematron/cve-2025-49796_0.xml fails to validate +diff --git a/schematron.c b/schematron.c +index da603402..6e2ceeb7 100644 +--- a/schematron.c ++++ b/schematron.c +@@ -1414,27 +1414,15 @@ exit: + * * + ************************************************************************/ + +-static xmlNodePtr ++static xmlXPathObjectPtr + xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt, + xmlNodePtr cur, const xmlChar *xpath) { +- xmlNodePtr node = NULL; +- xmlXPathObjectPtr ret; +- + if ((ctxt == NULL) || (cur == NULL) || (xpath == NULL)) + return(NULL); + + ctxt->xctxt->doc = cur->doc; + ctxt->xctxt->node = cur; +- ret = xmlXPathEval(xpath, ctxt->xctxt); +- if (ret == NULL) +- return(NULL); +- +- if ((ret->type == XPATH_NODESET) && +- (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0)) +- node = ret->nodesetval->nodeTab[0]; +- +- xmlXPathFreeObject(ret); +- return(node); ++ return(xmlXPathEval(xpath, ctxt->xctxt)); + } + + /** +@@ -1480,25 +1468,40 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt, + (child->type == XML_CDATA_SECTION_NODE)) + ret = xmlStrcat(ret, child->content); + else if (IS_SCHEMATRON(child, "name")) { ++ xmlXPathObject *obj = NULL; + xmlChar *path; + + path = xmlGetNoNsProp(child, BAD_CAST "path"); + + node = cur; + if (path != NULL) { +- node = xmlSchematronGetNode(ctxt, cur, path); +- if (node == NULL) +- node = cur; ++ obj = xmlSchematronGetNode(ctxt, cur, path); ++ if ((obj != NULL) && ++ (obj->type == XPATH_NODESET) && ++ (obj->nodesetval != NULL) && ++ (obj->nodesetval->nodeNr > 0)) ++ node = obj->nodesetval->nodeTab[0]; + xmlFree(path); + } + +- if ((node->ns == NULL) || (node->ns->prefix == NULL)) +- ret = xmlStrcat(ret, node->name); +- else { +- ret = xmlStrcat(ret, node->ns->prefix); +- ret = xmlStrcat(ret, BAD_CAST ":"); +- ret = xmlStrcat(ret, node->name); ++ switch (node->type) { ++ case XML_ELEMENT_NODE: ++ case XML_ATTRIBUTE_NODE: ++ if ((node->ns == NULL) || (node->ns->prefix == NULL)) ++ ret = xmlStrcat(ret, node->name); ++ else { ++ ret = xmlStrcat(ret, node->ns->prefix); ++ ret = xmlStrcat(ret, BAD_CAST ":"); ++ ret = xmlStrcat(ret, node->name); ++ } ++ break; ++ ++ /* TODO: handle other node types */ ++ default: ++ break; + } ++ ++ xmlXPathFreeObject(obj); + } else if (IS_SCHEMATRON(child, "value-of")) { + xmlChar *select; + xmlXPathObjectPtr eval; +diff --git a/test/schematron/cve-2025-49794.sct b/test/schematron/cve-2025-49794.sct +new file mode 100644 +index 00000000..7fc9ee3d +--- /dev/null ++++ b/test/schematron/cve-2025-49794.sct +@@ -0,0 +1,10 @@ ++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron";> ++ <sch:pattern id=""> ++ <sch:rule context="boo0"> ++ <sch:report test="not(0)"> ++ <sch:name path="	e|namespace::*|e"/> ++ </sch:report> ++ <sch:report test="0"></sch:report> ++ </sch:rule> ++ </sch:pattern> ++</sch:schema> +diff --git a/test/schematron/cve-2025-49794_0.xml b/test/schematron/cve-2025-49794_0.xml +new file mode 100644 +index 00000000..debc64ba +--- /dev/null ++++ b/test/schematron/cve-2025-49794_0.xml +@@ -0,0 +1,6 @@ ++<librar0> ++ <boo0 t=""> ++ <author></author> ++ </boo0> ++ <ins></ins> ++</librar0> +diff --git a/test/schematron/cve-2025-49796.sct b/test/schematron/cve-2025-49796.sct +new file mode 100644 +index 00000000..e9702d75 +--- /dev/null ++++ b/test/schematron/cve-2025-49796.sct +@@ -0,0 +1,9 @@ ++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron";> ++ <sch:pattern id=""> ++ <sch:rule context="boo0"> ++ <sch:report test="not(0)"> ++ <sch:name path="/"/> ++ </sch:report> ++ </sch:rule> ++ </sch:pattern> ++</sch:schema> +diff --git a/test/schematron/cve-2025-49796_0.xml b/test/schematron/cve-2025-49796_0.xml +new file mode 100644 +index 00000000..be33c4ec +--- /dev/null ++++ b/test/schematron/cve-2025-49796_0.xml +@@ -0,0 +1,3 @@ ++<librar0> ++ <boo0/> ++</librar0> +-- +2.49.1 + diff --git a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49795.patch b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49795.patch new file mode 100644 index 000000000000..bc8497805377 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-49795.patch @@ -0,0 +1,69 @@ +From 62048278a4c5fdf14d287dfb400005c0a0caa69f Mon Sep 17 00:00:00 2001 +From: Michael Mann <[email protected]> +Date: Sat, 21 Jun 2025 12:11:30 -0400 +Subject: [PATCH] [CVE-2025-49795] schematron: Fix null pointer dereference + leading to DoS + +Fixes #932 +--- + result/schematron/zvon16_0.err | 3 +++ + schematron.c | 5 +++++ + test/schematron/zvon16.sct | 7 +++++++ + test/schematron/zvon16_0.xml | 5 +++++ + 4 files changed, 20 insertions(+) + create mode 100644 result/schematron/zvon16_0.err + create mode 100644 test/schematron/zvon16.sct + create mode 100644 test/schematron/zvon16_0.xml + +diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err +new file mode 100644 +index 00000000..3d052409 +--- /dev/null ++++ b/result/schematron/zvon16_0.err +@@ -0,0 +1,3 @@ ++XPath error : Unregistered function ++./test/schematron/zvon16_0.xml:2: element book: schematron error : /library/book line 2: Book ++./test/schematron/zvon16_0.xml fails to validate +diff --git a/schematron.c b/schematron.c +index 1de25deb..da603402 100644 +--- a/schematron.c ++++ b/schematron.c +@@ -1506,6 +1506,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt, + select = xmlGetNoNsProp(child, BAD_CAST "select"); + comp = xmlXPathCtxtCompile(ctxt->xctxt, select); + eval = xmlXPathCompiledEval(comp, ctxt->xctxt); ++ if (eval == NULL) { ++ xmlXPathFreeCompExpr(comp); ++ xmlFree(select); ++ return ret; ++ } + + switch (eval->type) { + case XPATH_NODESET: { +diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct +new file mode 100644 +index 00000000..f03848aa +--- /dev/null ++++ b/test/schematron/zvon16.sct +@@ -0,0 +1,7 @@ ++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron";> ++ <sch:pattern id="TestPattern"> ++ <sch:rule context="book"> ++ <sch:report test="not(@available)">Book <sch:value-of select="falae()"/> test</sch:report> ++ </sch:rule> ++ </sch:pattern> ++</sch:schema> +diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml +new file mode 100644 +index 00000000..551e2d65 +--- /dev/null ++++ b/test/schematron/zvon16_0.xml +@@ -0,0 +1,5 @@ ++<library> ++ <book title="Test Book" id="bk101"> ++ <author>Test Author</author> ++ </book> ++</library> +-- +2.49.1 + diff --git a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch index 8c5e83e680b5..215519a0a65f 100644 --- a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch +++ b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6021.patch @@ -1,31 +1,29 @@ -From ebe46ba82340cea8f030e0c0b3bb89aabad83674 Mon Sep 17 00:00:00 2001 -Message-ID: <ebe46ba82340cea8f030e0c0b3bb89aabad83674.1750520310.git....@gentoo.org> +From 17d950ae33c23f87692aa179bacedb6743f3188a Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Tue, 27 May 2025 12:53:17 +0200 -Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName - -This issue affects memory safety and might receive a CVE ID later. +Subject: [PATCH] [CVE-2025-6021] tree: Fix integer overflow in xmlBuildQName Fixes #926. - -(cherry picked from commit acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0) --- - tree.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) + tree.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tree.c b/tree.c -index f097cf87..76112e22 100644 +index f097cf87..5bc95b8a 100644 --- a/tree.c +++ b/tree.c -@@ -22,6 +22,7 @@ - #include <stddef.h> - #include <limits.h> - #include <ctype.h> -+#include <stdint.h> - #include <stdlib.h> +@@ -47,6 +47,10 @@ + #include "private/error.h" + #include "private/tree.h" - #ifdef LIBXML_ZLIB_ENABLED -@@ -167,10 +168,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) { ++#ifndef SIZE_MAX ++ #define SIZE_MAX ((size_t)-1) ++#endif ++ + int __xmlRegisterCallbacks = 0; + + /************************************************************************ +@@ -167,10 +171,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) { xmlChar * xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, xmlChar *memory, int len) { @@ -38,7 +36,7 @@ index f097cf87..76112e22 100644 if (prefix == NULL) return((xmlChar *) ncname); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -@@ -181,8 +182,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, +@@ -181,8 +185,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, lenn = strlen((char *) ncname); lenp = strlen((char *) prefix); @@ -50,8 +48,6 @@ index f097cf87..76112e22 100644 ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2); if (ret == NULL) return(NULL); - -base-commit: 3a1c25f5e7bbf8180690cf5c4c5a9fc1caf55c62 -- -2.50.0 +2.49.1 diff --git a/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6170.patch b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6170.patch new file mode 100644 index 000000000000..df01188e03ab --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.13.8-CVE-2025-6170.patch @@ -0,0 +1,102 @@ +From 5e9ec5c107d3f5b5179c3dbc19df43df041cd55b Mon Sep 17 00:00:00 2001 +From: Michael Mann <[email protected]> +Date: Fri, 20 Jun 2025 23:05:00 -0400 +Subject: [PATCH] [CVE-2025-6170] Fix potential buffer overflows of interactive + shell + +Fixes #941 +--- + debugXML.c | 15 ++++++++++----- + result/scripts/long_command | 8 ++++++++ + test/scripts/long_command.script | 6 ++++++ + test/scripts/long_command.xml | 1 + + 4 files changed, 25 insertions(+), 5 deletions(-) + create mode 100644 result/scripts/long_command + create mode 100644 test/scripts/long_command.script + create mode 100644 test/scripts/long_command.xml + +diff --git a/debugXML.c b/debugXML.c +index ed56b0f8..452b9573 100644 +--- a/debugXML.c ++++ b/debugXML.c +@@ -1033,6 +1033,10 @@ xmlCtxtDumpOneNode(xmlDebugCtxtPtr ctxt, xmlNodePtr node) + xmlCtxtGenericNodeCheck(ctxt, node); + } + ++#define MAX_PROMPT_SIZE 500 ++#define MAX_ARG_SIZE 400 ++#define MAX_COMMAND_SIZE 100 ++ + /** + * xmlCtxtDumpNode: + * @output: the FILE * for the output +@@ -2795,10 +2799,10 @@ void + xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, + FILE * output) + { +- char prompt[500] = "/ > "; ++ char prompt[MAX_PROMPT_SIZE] = "/ > "; + char *cmdline = NULL, *cur; +- char command[100]; +- char arg[400]; ++ char command[MAX_COMMAND_SIZE]; ++ char arg[MAX_ARG_SIZE]; + int i; + xmlShellCtxtPtr ctxt; + xmlXPathObjectPtr list; +@@ -2856,7 +2860,8 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, + cur++; + i = 0; + while ((*cur != ' ') && (*cur != '\t') && +- (*cur != '\n') && (*cur != '\r')) { ++ (*cur != '\n') && (*cur != '\r') && ++ (i < (MAX_COMMAND_SIZE - 1))) { + if (*cur == 0) + break; + command[i++] = *cur++; +@@ -2871,7 +2876,7 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, + while ((*cur == ' ') || (*cur == '\t')) + cur++; + i = 0; +- while ((*cur != '\n') && (*cur != '\r') && (*cur != 0)) { ++ while ((*cur != '\n') && (*cur != '\r') && (*cur != 0) && (i < (MAX_ARG_SIZE-1))) { + if (*cur == 0) + break; + arg[i++] = *cur++; +diff --git a/result/scripts/long_command b/result/scripts/long_command +new file mode 100644 +index 00000000..e6f00708 +--- /dev/null ++++ b/result/scripts/long_command +@@ -0,0 +1,8 @@ ++/ > b > b > Object is a Node Set : ++Set contains 1 nodes: ++1 ELEMENT a:c ++b > Unknown command This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_comm ++b > b > Unknown command ess_currents_of_time_and_existence ++b > <?xml version="1.0"?> ++<a xmlns:a="bar"><b xmlns:a="foo">Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_prof</b></a> ++b > +\ No newline at end of file +diff --git a/test/scripts/long_command.script b/test/scripts/long_command.script +new file mode 100644 +index 00000000..00f6df09 +--- /dev/null ++++ b/test/scripts/long_command.script +@@ -0,0 +1,6 @@ ++cd a/b ++set <a:c/> ++xpath //*[namespace-uri()="foo"] ++This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_command_please_dont_crash foo ++set Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_profound_emotion_and_every_grand_aspiration_that_propels_our_species_ever_onward_through_the_relentless_currents_of_time_and_existence ++save - +diff --git a/test/scripts/long_command.xml b/test/scripts/long_command.xml +new file mode 100644 +index 00000000..1ba44016 +--- /dev/null ++++ b/test/scripts/long_command.xml +@@ -0,0 +1 @@ ++<a xmlns:a="bar"><b xmlns:a="foo"/></a> +-- +2.49.1 + diff --git a/dev-libs/libxml2/libxml2-2.13.8-r2.ebuild b/dev-libs/libxml2/libxml2-2.13.8-r2.ebuild new file mode 100644 index 000000000000..6dd69a8abab7 --- /dev/null +++ b/dev-libs/libxml2/libxml2-2.13.8-r2.ebuild @@ -0,0 +1,195 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Note: Please bump in sync with dev-libs/libxslt + +PYTHON_COMPAT=( python3_{11..14} ) +PYTHON_REQ_USE="xml(+)" +inherit autotools python-r1 multilib-minimal + +XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"; +XSTS_NAME_1="xmlschema2002-01-16" +XSTS_NAME_2="xmlschema2004-01-14" +XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" +XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" +XMLCONF_TARBALL="xmlts20130923.tar.gz" + +DESCRIPTION="XML C parser and toolkit" +HOMEPAGE="https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home"; +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.gnome.org/GNOME/libxml2"; + inherit git-r3 +else + inherit gnome.org + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +SRC_URI+=" + test? ( + ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} + ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} + https://www.w3.org/XML/Test/${XMLCONF_TARBALL} + ) +" +S="${WORKDIR}/${PN}-${PV%_rc*}" + +LICENSE="MIT" +SLOT="2" +IUSE="examples icu lzma +python readline static-libs test" +RESTRICT="!test? ( test )" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=" + virtual/libiconv + >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] + icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:= ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +if [[ ${PV} == 9999 ]] ; then + BDEPEND+=" dev-build/gtk-doc-am" +fi + +MULTILIB_CHOST_TOOLS=( + /usr/bin/xml2-config +) + +PATCHES=( + "${FILESDIR}"/${PN}-2.12.9-icu-pkgconfig.patch + "${FILESDIR}"/${PN}-2.13.8-CVE-2025-49794-CVE-2025-49796.patch + "${FILESDIR}"/${PN}-2.13.8-CVE-2025-49795.patch + "${FILESDIR}"/${PN}-2.13.8-CVE-2025-6021.patch + "${FILESDIR}"/${PN}-2.13.8-CVE-2025-6170.patch + +) + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + local tarname=${P/_rc/-rc}.tar.xz + + # ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR}, + # as they are needed as tarballs in ${S}/xstc instead and not unpacked + unpack ${tarname} + + if [[ -n ${PATCHSET_VERSION} ]] ; then + unpack ${PN}-${PATCHSET_VERSION}.tar.xz + fi + fi + + cd "${S}" || die + + if use test ; then + cp "${DISTDIR}/${XSTS_TARBALL_1}" \ + "${DISTDIR}/${XSTS_TARBALL_2}" \ + "${S}"/xstc/ \ + || die "Failed to install test tarballs" + unpack ${XMLCONF_TARBALL} + fi +} + +src_prepare() { + default + + # Please do not remove, as else we get references to PORTAGE_TMPDIR + # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. + #elibtoolize + + eautoreconf +} + +multilib_src_configure() { + libxml2_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_with icu) \ + $(use_with lzma) \ + $(use_enable static-libs static) \ + $(multilib_native_use_with readline) \ + $(multilib_native_use_with readline history) \ + --with-legacy \ + "$@" + } + + # Build python bindings separately + libxml2_configure --without-python + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_configure --with-python +} + +libxml2_py_emake() { + pushd "${BUILD_DIR}"/python >/dev/null || die + + emake top_builddir="${NATIVE_BUILD_DIR}" "$@" + + popd >/dev/null || die +} + +multilib_src_compile() { + default + + if multilib_is_native_abi && use python ; then + NATIVE_BUILD_DIR="${BUILD_DIR}" + python_foreach_impl run_in_build_dir libxml2_py_emake all + fi +} + +multilib_src_test() { + ln -s "${S}"/xmlconf || die + + emake check + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_py_emake check +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + multilib_is_native_abi && use python && + python_foreach_impl run_in_build_dir libxml2_py_emake DESTDIR="${D}" install + + # Hack until automake release is made for the optimise fix + # https://git.savannah.gnu.org/cgit/automake.git/commit/?id=bde43d0481ff540418271ac37012a574a4fcf097 + multilib_is_native_abi && use python && python_foreach_impl python_optimize +} + +multilib_src_install_all() { + einstalldocs + + if ! use examples ; then + rm -rf "${ED}"/usr/share/doc/${PF}/examples || die + rm -rf "${ED}"/usr/share/doc/${PF}/python/examples || die + fi + + rm -rf "${ED}"/usr/share/doc/${PN}-python-${PVR} || die + + find "${ED}" -name '*.la' -delete || die +} + +pkg_postinst() { + # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not + # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. + if [[ -n "${ROOT}" ]]; then + elog "Skipping XML catalog creation for stage building (bug #208887)." + else + # Need an XML catalog, so no-one writes to a non-existent one + CATALOG="${EROOT}/etc/xml/catalog" + + # We don't want to clobber an existing catalog though, + # only ensure that one is there + # <[email protected]> + if [[ ! -e "${CATALOG}" ]]; then + [[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml" + "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}" + einfo "Created XML catalog in ${CATALOG}" + fi + fi +}
