From 9f51c386724b9543e88a9c0e1be57d44326f3116 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 27 Aug 2023 16:00:10 +0100
Subject: gentoo auto-resync : 27:08:2023 - 16:00:10

---
 dev-libs/tinyxml/Manifest                          |  2 +
 .../files/tinyxml-2.6.2-CVE-2021-42260.patch       | 23 ++++++++
 dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild           | 68 ++++++++++++++++++++++
 3 files changed, 93 insertions(+)
 create mode 100644 dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch
 create mode 100644 dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild

(limited to 'dev-libs/tinyxml')

diff --git a/dev-libs/tinyxml/Manifest b/dev-libs/tinyxml/Manifest
index 21a8dfca9b24..25ec2428ca3b 100644
--- a/dev-libs/tinyxml/Manifest
+++ b/dev-libs/tinyxml/Manifest
@@ -1,7 +1,9 @@
 AUX Makefile-3 1054 BLAKE2B 30f94d5ec66a4ab11703c53caccec0ac34a034686dddab9595d9ca2892fbf68b603035f6b80c1d47219c7ca6aeff43830a4096ec1d36fc8d00c19468cf59c1a6 SHA512 81b05e25341095444d0112fe58840d334a14f754cdc0e907b468484655008de026a4b96947de98d009a4a54d84af121ee0a663075fe0ad727894d3aa432426e2
 AUX tinyxml-2.6.1-entity.patch 1776 BLAKE2B e8430b2fea965f351c12a0413c3bba43ce19da7e8a0973fae3c7db4b4a8978cbc8b74beb495dd9141e79e90f9ad012b6b5e738207f8075ad7001cb85b424f5be SHA512 e03f4bdfb80354c6d262abb40e6c105cb2d37530e2f1f1d865ff4fd8434320a26957fbc2379db8af1bd18cd3c8662e064e79525831a5fb9fcb4aff46f3eb0809
+AUX tinyxml-2.6.2-CVE-2021-42260.patch 795 BLAKE2B fd73783db5955da369991920b20685457eabff753bf34c342b7de8be1551cf800d36373ac68aa88f566340553b7bac0073b61d5cea70d98c9fe3a4cfe930b310 SHA512 d538d6a811dd9c576122ce2fd304404c4dec95212b423487b9734108e7538e584bea26335d25acc8e4a096602a06af3aae48e317fcf2f2f9975bc96fac85084f
 AUX tinyxml-2.6.2-defineSTL.patch 353 BLAKE2B e9a3d63283f7946e04dafa58a7eeda782b02d6d6093bae18fdec727b9e6c6722a4c610230cc43ea8142695f3a0aaa1e9bf11a8f0072ad580acb5428655a3d6e8 SHA512 52cd82ef9e8f1783b3d6042551342a8c592c447e1da352d5d017db4211144bc0a908ddbfe2a4641b3108fb8e02dc47f385a851f920532d94178314255904a6ef
 AUX tinyxml.pc.patch 383 BLAKE2B 7f13d388d80605a9576ca6c6dca263d9d1afe87026801f4a5d1db9b341b8bc763c66dfdfef924ce388b30fc453b143f01019ba676f66805fb11270c54d19ecfb SHA512 e423baf55f488fe4788234b8b19819520db3f9a43e677c34dd0bb9250c187c349b796a5c2749b5bee35d468b8676ccc8db7eab8a1094c36f65f63e128572b860
 DIST tinyxml_2_6_2.tar.gz 210124 BLAKE2B 84d4ad0174eb38583a4488523410105928b9797f09a2ef84b41156580a40cc11d1d09e28e67512494bd02d7a7e0b208aa6c1ce3383bec12de606491214c16a77 SHA512 133b5db06131a90ad0c2b39b0063f1c8e65e67288a7e5d67e1f7d9ba32af10dc5dfa0462f9723985ee27debe8f09a10a25d4b5a5aaff2ede979b1cebe8e59d56
 EBUILD tinyxml-2.6.2-r4.ebuild 1562 BLAKE2B da540b4a34aceadf5d7d6cfd465d1b4902863cfc1337793b3fbb0eb0b35d78f51a64bef8d724b14661416d21017fe0702e2821f3f086fc608b7e4e5a74189e7d SHA512 7f3bf0d6033a5950ba5085ec2c292b70eda2050e632c4d0fd2fac51a1f1271fe787a99a5b304a3f657afa2890a34152cba0cf6dce773546e64b2097ac97adcc3
+EBUILD tinyxml-2.6.2-r5.ebuild 1614 BLAKE2B 9816e8eb0bb8950d5e04e2d174c69b4a3d126735e4f17b9aaccd7adf6937f379331b560b0bd603c967faa092e5be94ee781b69682486e561d9bf5cef3ebc7c1b SHA512 ec761f07f045440595fc2c8561cbe275a8ed1d3520a1c4215327bf9b5b127678b1c728924272d9e714954fb0a388b696b3bfe37bd73981fa41cc06a190cb854c
 MISC metadata.xml 406 BLAKE2B a9c50ef75e9049b1cc89df08b71e7640581c5f34fadcb0cd9fd9f29679bc3a1122db2e8fe8ad1ed738a9f4fe39771a8b4980fa4f2cb387e3e464c92a492b833c SHA512 b589dec8ab67f4e0aa9e073f55ed147ef22b08aa9adabb3270bb83d50a17da967e364ab131815c3a9ee32c8c61b0f3ec6ec6e3d7f4d8dd0fe5daaaa5420a89c0
diff --git a/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch
new file mode 100644
index 000000000000..d9eeb45c73b5
--- /dev/null
+++ b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch
@@ -0,0 +1,23 @@
+Description: In stamp always advance the pointer if *p= 0xef
+ .
+ The current implementation only advanced if 0xef is followed
+ by two non-zero bytes. In case of malformed input (0xef should be
+ the start byte of a three byte character) this leads to an infinite
+ loop. (CVE-2021-42260)
+Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
+
+--- a/tinyxmlparser.cpp
++++ b/tinyxmlparser.cpp
+@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
+ 						else
+ 							{ p +=3; ++col; }	// A normal character.
+ 					}
++					else
++					{
++						// TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
++						// there is something wrong here. Just advance the pointer to evade infinite loops
++						++p;
++					}
+ 				}
+ 				else
+ 				{
diff --git a/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild b/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild
new file mode 100644
index 000000000000..53f7786a222c
--- /dev/null
+++ b/dev-libs/tinyxml/tinyxml-2.6.2-r5.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic toolchain-funcs multilib
+
+DESCRIPTION="Simple and small C++ XML parser"
+HOMEPAGE="http://www.grinninglizard.com/tinyxml/index.html"
+SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV//./_}.tar.gz"
+
+LICENSE="ZLIB"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-macos"
+IUSE="debug doc static-libs +stl"
+
+BDEPEND="doc? ( app-doc/doxygen )"
+
+S="${WORKDIR}/${PN}"
+
+DOCS=( "changes.txt" "readme.txt" )
+
+src_prepare() {
+	local major_v=$(ver_cut 1)
+	local minor_v=$(ver_cut 2-3)
+
+	sed -e "s:@MAJOR_V@:$major_v:" \
+		-e "s:@MINOR_V@:$minor_v:" \
+		"${FILESDIR}"/Makefile-3 > Makefile || die
+
+	eapply -p0 "${FILESDIR}"/${PN}-2.6.1-entity.patch
+	eapply -p0 "${FILESDIR}"/${PN}.pc.patch
+	eapply "${FILESDIR}"/${P}-CVE-2021-42260.patch
+
+	use debug && append-cppflags -DDEBUG
+	use stl && eapply "${FILESDIR}"/${P}-defineSTL.patch
+
+	sed -e "s:/lib:/$(get_libdir):g" -i tinyxml.pc || die # bug 738948
+	if use stl; then
+		sed -e "s/Cflags: -I\${includedir}/Cflags: -I\${includedir} -DTIXML_USE_STL=YES/g" -i tinyxml.pc || die
+	fi
+
+	if ! use static-libs; then
+		sed -e "/^all:/s/\$(name).a //" -i Makefile || die
+	fi
+
+	tc-export AR CXX RANLIB
+
+	[[ ${CHOST} == *-darwin* ]] && export LIBDIR="${EPREFIX}"/usr/$(get_libdir)
+	eapply_user
+}
+
+src_install() {
+	dolib.so *$(get_libname)*
+
+	insinto /usr/include
+	doins *.h
+
+	insinto /usr/share/pkgconfig
+	doins tinyxml.pc
+
+	einstalldocs
+
+	if use doc ; then
+		docinto html
+		dodoc -r docs/*
+	fi
+}
-- 
cgit v1.2.3