diff options
author | Hans de Graaff <graaff@gentoo.org> | 2016-06-11 09:26:27 +0200 |
---|---|---|
committer | Hans de Graaff <graaff@gentoo.org> | 2016-06-11 09:27:57 +0200 |
commit | 13afd657406d3bf133ccd10d9824127317253681 (patch) | |
tree | 364263574846e5c1632e547690ae9af3c3431d78 /app-text | |
parent | net-misc/iperf: Stable for HPPA PPC64 (bug #585504). (diff) | |
download | gentoo-13afd657406d3bf133ccd10d9824127317253681.tar.gz gentoo-13afd657406d3bf133ccd10d9824127317253681.tar.bz2 gentoo-13afd657406d3bf133ccd10d9824127317253681.zip |
app-text/htmltidy: fix security bug 561452
Package-Manager: portage-2.2.28
Diffstat (limited to 'app-text')
-rw-r--r-- | app-text/htmltidy/files/11CVE-2015-5522.patch | 34 | ||||
-rw-r--r-- | app-text/htmltidy/htmltidy-20090325-r2.ebuild | 80 |
2 files changed, 114 insertions, 0 deletions
diff --git a/app-text/htmltidy/files/11CVE-2015-5522.patch b/app-text/htmltidy/files/11CVE-2015-5522.patch new file mode 100644 index 000000000000..b4d6158ea04a --- /dev/null +++ b/app-text/htmltidy/files/11CVE-2015-5522.patch @@ -0,0 +1,34 @@ +From c18f27a58792f7fbd0b30a0ff50d6b40a82f940d Mon Sep 17 00:00:00 2001 +From: Geoff McLane <ubuntu@geoffair.info> +Date: Wed, 3 Jun 2015 20:26:03 +0200 +Subject: [PATCH] Issue #217 - avoid len going negative, ever... + +--- + src/lexer.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/lexer.c b/src/lexer.c +index 376a3d8..664f806 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -3739,16 +3740,17 @@ static tmbstr ParseValue( TidyDocImpl* doc, ctmbstr name, + /* and prompts attributes unless --literal-attributes is set to yes */ + /* #994841 - Whitespace is removed from value attributes */ + +- if (munge && ++ /* Issue #217 - Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */ ++ if ((len > 0) && munge && + TY_(tmbstrcasecmp)(name, "alt") && + TY_(tmbstrcasecmp)(name, "title") && + TY_(tmbstrcasecmp)(name, "value") && + TY_(tmbstrcasecmp)(name, "prompt")) + { +- while (TY_(IsWhite)(lexer->lexbuf[start+len-1])) ++ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0)) + --len; + +- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len) ++ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0)) + { + ++start; + --len; diff --git a/app-text/htmltidy/htmltidy-20090325-r2.ebuild b/app-text/htmltidy/htmltidy-20090325-r2.ebuild new file mode 100644 index 000000000000..b33f62997708 --- /dev/null +++ b/app-text/htmltidy/htmltidy-20090325-r2.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MY_PN="tidy" +MY_P="${MY_PN}-${PV}" + +inherit eutils autotools + +DESCRIPTION="Tidy the layout and correct errors in HTML and XML documents" +HOMEPAGE="http://tidy.sourceforge.net/" +SRC_URI="mirror://gentoo/${MY_P}.tar.bz2 + mirror://gentoo/${MY_P}-doc.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos" +IUSE="debug doc static-libs" + +DEPEND="doc? ( app-doc/doxygen )" +RDEPEND="" + +S="${WORKDIR}"/${MY_P} + +src_prepare() { + # Required to setup the source dist for autotools + einfo "Setting up autotools for source build" + cp -R ./build/gnuauto/* . || die "could not prepare autotools environment" + + # Stop tidy from appending -O2 to our CFLAGS + epatch "${FILESDIR}"/htmltidy-5.10.26-strip-O2-flag.patch + + # Define /etc/tidyrc for system wide config, bug 154834 + epatch "${FILESDIR}"/htmltidy-20090325-tidyrc.patch + + # Fix security bug 561452 + epatch "${FILESDIR}"/11CVE-2015-5522.patch + + eautoreconf +} + +src_compile() { + default + + if use doc ; then + doxygen htmldoc/doxygen.cfg || die "error making apidocs" + fi +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable static-libs static) +} + +src_install() { + default + + find "${ED}" -name '*.la' -exec rm -f {} + + + # Now the man page is provided as an xsl file, which + # we can't use until htmltidy is merged. + # I have generated the man page and quickref which is on + # the mirrors. (bug #132429) + doman "${WORKDIR}"/"${MY_P}"-doc/tidy.1 + + # Fix name before installing + mv "${WORKDIR}"/"${MY_P}"-doc/quickref-html \ + "${WORKDIR}"/"${MY_P}"-doc/quickref.html + + cd "${S}"/htmldoc + # Install basic html documentation + dohtml *.html *.css *.gif "${WORKDIR}"/"${MY_P}"-doc/quickref.html + + # If use 'doc' is set, then we also want to install the + # api documentation + use doc && dohtml -r api +} |