dev-libs/xml-security-c: Version bump, includes the fix for the CVE. Fixed dependency...

author Tiziano Müller <dev-zero@gentoo.org>

Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)

committer Tiziano Müller <dev-zero@gentoo.org>

Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)
author Tiziano Müller <dev-zero@gentoo.org>
Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)
committer Tiziano Müller <dev-zero@gentoo.org>
Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)
diff --git a/dev-libs/xml-security-c/ChangeLog b/dev-libs/xml-security-c/ChangeLog

index 1272ec4f24c2b29cd508387b7794ed85d6437516..56f1e38219823a8d1ccc28772a161d3e191f029a 100644 (file)
--- a/dev-libs/xml-security-c/ChangeLog
+++ b/dev-libs/xml-security-c/ChangeLog
@@ -2,6 +2,12 @@
  # Copyright 2000-2009 Gentoo Foundation; Distributed under the GPL v2
  # $Header: $
  
+  23 Jul 2009; Tiziano Müller <dev-zero@gentoo.org>
+  +files/1.5.1-parallel_build.patch, -xml-security-c-1.5.0.ebuild,
+  +xml-security-c-1.5.1.ebuild, -files/CVE-2009-0217-fix.patch:
+  Version bump, includes the fix for the CVE. Fixed dependency (xml-security-c
+  is supposed to _not_ need xerces-c-2 anymore).
+
    16 Jul 2009; Thomas Beierlein (TomJBE) <tb@forth-ev.de>
    xml-security-c-1.5.0.ebuild, +files/CVE-2009-0217-fix.patch:
    Security fix for CVE-2009-0217
diff --git a/dev-libs/xml-security-c/Manifest b/dev-libs/xml-security-c/Manifest

index 613652139f1201e451912967d26f5bb353966413..53f5a264ef33518432afea8c1850aeb4781f8612 100644 (file)
--- a/dev-libs/xml-security-c/Manifest
+++ b/dev-libs/xml-security-c/Manifest
@@ -1,5 +1,5 @@
-AUX CVE-2009-0217-fix.patch 3674 RMD160 8d21c8e111dc28b28c668d9c1ceef4df11eecc35 SHA1 7856a29cfd5af2b9dc56420c1bbb3339fb1f65f0 SHA256 bbaee8b06cacb71df1ac4c4bae8b133acb1c9ea61b3522909fa8069655820403
-DIST xml-security-c-1.5.0.tar.gz 957148 RMD160 d40be42ee7f12f48509b2fa31d5029475be398de SHA1 f4c3fe56deac2461bd97ebda1b0b39f70fb20a04 SHA256 a790b6a2e4d5e204184aecc76fb2f0b40bedfd2a643532a7cadec7151dd78475
-EBUILD xml-security-c-1.5.0.ebuild 743 RMD160 1784e3564d6cbb923eb069f31d4b74c0c6750ffe SHA1 833496eef5484861d758003ea156a23dc44b9159 SHA256 4c1daf0b3bb3808ceef716ec6f5294116e2ab2f2ccb14e909491cf9e23047e69
-MISC ChangeLog 799 RMD160 bbde71eaef243080233e75270587c69a3d1c28e5 SHA1 25fdf1ad5543def5cb5cc1a79f7ee51285f5ad99 SHA256 e241eab79831c95650bda8e7163d04913ea9b490c7c56f37cac8337cbb8b8614
+AUX 1.5.1-parallel_build.patch 631 RMD160 e42186615618834a43674e71abb309d46a5ad0e7 SHA1 7d49e2b1725c0ed44e2f61743af1ee720c4ce4c2 SHA256 5985d4b938482cc6ae77c7bc172629c8db19d52af3891fae3db57d3668aba8e7
+DIST xml-security-c-1.5.1.tar.gz 957928 RMD160 eadeb25398d6a0fa6cd22d531470bc1dea1632d3 SHA1 e51d3dca7f32cfcc2090d4d20cf8a1d032d95d79 SHA256 f31d7efbc1a2d708e82fb7237dca29e4e5552d8a4ca510cfe94c9998055b801f
+EBUILD xml-security-c-1.5.1.ebuild 877 RMD160 82cebb8bc964d7f4394f9286d32be46d27fa99fa SHA1 a952ab9d183e0486f924a995f3c0da519fcea8ab SHA256 c67a9f2525f7457913e74d9c9c3ab469fe529c9cfef2586adbd4021050a5c959
+MISC ChangeLog 1112 RMD160 2a3d4181720f0972964110baa5a3c2fac130f10a SHA1 69e97cbe683c6016f9fae8b5b11963656f142daa SHA256 516cfede126dd2e8d0c37e0e7848054162412ce15f68efedc3f2db85104857a4
  MISC metadata.xml 290 RMD160 a31bb9468300ba7321320de317d3130291b7b156 SHA1 69a4c0e652258ebc2bc5da5df525bad3923ebc7f SHA256 69e4f84c4ff607b175fad5627e93fbcd02c729b7df2b5f759b256bbc07092527
diff --git a/dev-libs/xml-security-c/files/1.5.1-parallel_build.patch b/dev-libs/xml-security-c/files/1.5.1-parallel_build.patch

new file mode 100644 (file)

index 0000000..57109f9
--- /dev/null
+++ b/dev-libs/xml-security-c/files/1.5.1-parallel_build.patch
@@ -0,0 +1,21 @@
+diff -Naur xml-security-c-1.5.0_pre20090310.orig/include/Makefile.am xml-security-c-1.5.0_pre20090310/include/Makefile.am
+--- xml-security-c-1.5.0_pre20090310.orig/include/Makefile.am  2009-03-10 08:23:06.552988680 +0100
++++ xml-security-c-1.5.0_pre20090310/include/Makefile.am       2009-03-10 08:24:06.360010865 +0100
+@@ -14,7 +14,7 @@
+ # limitations under the License.
+ #
+ 
+-BUILT_SOURCES = xsec ${lib_includes}
++BUILT_SOURCES = ${lib_includes}
+ nobase_include_HEADERS = ${lib_includes}
+ 
+ lib_includes = 
+@@ -213,7 +213,7 @@
+ 
+ SUFFIXES = .hpp
+ 
+-xsec/%.hpp: ../src/%.hpp
++xsec/%.hpp: xsec ../src/%.hpp
+       cp ../src/$*.hpp $@
+ 
+ xsec:
diff --git a/dev-libs/xml-security-c/files/CVE-2009-0217-fix.patch b/dev-libs/xml-security-c/files/CVE-2009-0217-fix.patch

deleted file mode 100644 (file)

index fd20760..0000000
--- a/dev-libs/xml-security-c/files/CVE-2009-0217-fix.patch
+++ /dev/null
@@ -1,115 +0,0 @@
---- src/dsig/DSIGAlgorithmHandlerDefault.cpp   2009/07/14 18:55:07     794016
-+++ src/dsig/DSIGAlgorithmHandlerDefault.cpp   2009/07/14 19:03:52     794017
-@@ -459,6 +459,12 @@
-               }
- 
-               // Signature already created, so just translate to base 64 and enter string
-+
-+        // FIX: CVE-2009-0217
-+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
-+            throw XSECException(XSECException::AlgorithmMapperError,
-+                "HMACOutputLength set to unsafe value.");
-+        }
-               
-               convertRawToBase64String(b64SB, 
-                                                               hash, 
-@@ -560,7 +566,14 @@
-       case (XSECCryptoKey::KEY_HMAC) :
- 
-               // Already done - just compare calculated value with read value
--              sigVfyRet = compareBase64StringToRaw(sig, 
-+
-+        // FIX: CVE-2009-0217
-+        if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) {
-+            throw XSECException(XSECException::AlgorithmMapperError,
-+                "HMACOutputLength set to unsafe value.");
-+        }
-+
-+          sigVfyRet = compareBase64StringToRaw(sig,
-                       hash, 
-                       hashLen,
-                       outputLength);
---- src/dsig/DSIGSignature.cpp 2009/07/14 18:55:07     794016
-+++ src/dsig/DSIGSignature.cpp 2009/07/14 19:03:52     794017
-@@ -1042,6 +1042,13 @@
- 
-       }
- 
-+      // FIX: CVE-2009-0217
-+
-+      if (mp_signedInfo->getHMACOutputLength() > 0 && mp_signedInfo->getHMACOutputLength() < 80) {
-+          throw XSECException(XSECException::SigVfyError,
-+            "DSIGSignature::verify() - HMACOutputLength is unsafe");
-+      }
-+
-       // Try to find a key
-       if (mp_signingKey == NULL) {
- 
---- src/framework/XSECW32Config.hpp    2009/07/14 18:55:07     794016
-+++ src/framework/XSECW32Config.hpp    2009/07/14 19:03:52     794017
-@@ -38,7 +38,7 @@
- 
- #define XSEC_VERSION_MAJOR   1
- #define XSEC_VERSION_MEDIUM  5
--#define XSEC_VERSION_MINOR   0
-+#define XSEC_VERSION_MINOR   1
- 
- /*
-  * Because we don't have a configure script, we need to rely on version
---- configure.ac       2009/07/14 18:55:07     794016
-+++ configure.ac       2009/07/14 19:03:52     794017
-@@ -19,12 +19,12 @@
- 
- # Process this file with autoconf to produce a configure script
- 
--AC_INIT([[XML-Security-C]], [1.5.0], [security-dev@xml.apache.org], [xml-security-c])
-+AC_INIT([[XML-Security-C]], [1.5.1], [security-dev@xml.apache.org], [xml-security-c])
- AC_CONFIG_AUX_DIR([config])
- 
- # kick off automake
- 
--AM_INIT_AUTOMAKE(xml-security-c, 1.5.0)
-+AM_INIT_AUTOMAKE(xml-security-c, 1.5.1)
- sinclude(m4/acx_pthread.m4)
- AM_PROG_LIBTOOL
- 
---- src/framework/version.rc   2009/07/14 18:55:07     794016
-+++ src/framework/version.rc   2009/07/14 19:03:52     794017
-@@ -54,8 +54,8 @@
- //
- 
- VS_VERSION_INFO VERSIONINFO
-- FILEVERSION 1,5,0,0
-- PRODUCTVERSION 1,5,0,0
-+ FILEVERSION 1,5,1,0
-+ PRODUCTVERSION 1,5,1,0
-  FILEFLAGSMASK 0x3fL
- #ifdef _DEBUG
-  FILEFLAGS 0x1L
-@@ -73,7 +73,7 @@
-             VALUE "Comments", "\0"
-             VALUE "CompanyName", "The Apache Software Foundation\0"
-             VALUE "FileDescription", "XML Security C++ Library\0"
--            VALUE "FileVersion", "1, 5, 0, 0\0"
-+            VALUE "FileVersion", "1, 5, 1, 0\0"
- #ifdef _DEBUG
-             VALUE "InternalName", "xsec_1_5D\0"
- #else
-@@ -88,7 +88,7 @@
- #endif
-             VALUE "PrivateBuild", "\0"
-             VALUE "ProductName", "XML-Security-C - C++ XML Security Library\0"
--            VALUE "ProductVersion", "1, 5, 0, 0\0"
-+            VALUE "ProductVersion", "1, 5, 1, 0\0"
-             VALUE "SpecialBuild", "\0"
-         END
-     END
---- xml-security-c.spec        2009/07/14 18:55:07     794016
-+++ xml-security-c.spec        2009/07/14 19:03:52     794017
-@@ -1,5 +1,5 @@
- Name:           xml-security-c
--Version:        1.5.0
-+Version:        1.5.1
- Release:        1
- Summary:        C++ XML security library
- 
diff --git a/dev-libs/xml-security-c/xml-security-c-1.5.0.ebuild b/dev-libs/xml-security-c/xml-security-c-1.5.0.ebuild

deleted file mode 100644 (file)

index 9bd9cb4..0000000
--- a/dev-libs/xml-security-c/xml-security-c-1.5.0.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-inherit autotools eutils
-
-DESCRIPTION="Apache C++ XML security libraries."
-HOMEPAGE="http://santuario.apache.org/"
-SRC_URI="http://xml.apache.org/security/dist/c-library/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="xalan"
-
-RDEPEND="=dev-libs/xerces-c-2*
-       xalan? ( =dev-libs/xalan-c-1.10* )
-       dev-libs/openssl"
-DEPEND="${RDEPEND}
-       dev-util/pkgconfig"
-
-src_unpack() {
-       unpack ${A}
-       cd "${S}"
-       epatch "${FILESDIR}"/CVE-2009-0217-fix.patch
-       eautoreconf
-}
-
-src_compile () {
-       econf $(use_with xalan)
-       emake || die "emake failed"
-}
-
-src_install(){
-       emake DESTDIR="${D}" install || die "emake failed"
-}
diff --git a/dev-libs/xml-security-c/xml-security-c-1.5.1.ebuild b/dev-libs/xml-security-c/xml-security-c-1.5.1.ebuild

new file mode 100644 (file)

index 0000000..968c7c0
--- /dev/null
+++ b/dev-libs/xml-security-c/xml-security-c-1.5.1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="2"
+
+inherit autotools eutils
+
+DESCRIPTION="Apache C++ XML security libraries."
+HOMEPAGE="http://santuario.apache.org/"
+SRC_URI="http://santuario.apache.org/dist/c-library/${P}.tar.gz"
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug examples xalan ssl"
+
+RDEPEND=">=dev-libs/xerces-c-3
+       xalan? ( dev-libs/xalan-c )
+       ssl? ( dev-libs/openssl )"
+DEPEND="${RDEPEND}
+       dev-util/pkgconfig"
+
+src_prepare() {
+       epatch \
+               "${FILESDIR}/${PV}-parallel_build.patch"
+       eautoreconf
+}
+
+src_configure() {
+       econf \
+               $(use_enable debug) \
+               $(use_with xalan) \
+               $(use_with ssl openssl)
+}
+
+src_install(){
+       emake DESTDIR="${D}" install || die "emake failed"
+
+       if use examples ; then
+               insinto /usr/share/doc/${PF}/examples
+               doins src/samples/*.cpp
+       fi
+}
author	Tiziano Müller <dev-zero@gentoo.org>
	Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)
committer	Tiziano Müller <dev-zero@gentoo.org>
	Thu, 23 Jul 2009 22:12:39 +0000 (22:12 +0000)
dev-libs/xml-security-c/ChangeLog		patch \| blob \| history
dev-libs/xml-security-c/Manifest		patch \| blob \| history
dev-libs/xml-security-c/files/1.5.1-parallel_build.patch	[new file with mode: 0644]	patch \| blob
dev-libs/xml-security-c/files/CVE-2009-0217-fix.patch	[deleted file]	patch \| blob \| history
dev-libs/xml-security-c/xml-security-c-1.5.0.ebuild	[deleted file]	patch \| blob \| history
dev-libs/xml-security-c/xml-security-c-1.5.1.ebuild	[new file with mode: 0644]	patch \| blob