libxml2: upgraded package to upstream
Upgraded dev-libs/libxml2 to version 2.9.12 on amd64
BUG=b/188765489
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2021-3537 in libxml2
cos-patch: lts-refresh
Change-Id: I956c257e84c91bafbbc9935aa0b4fa47c19ba4ef
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/16791
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Reviewed-by: Roy Yang <royyang@google.com>
(cherry picked from commit 1e32b8b126725e6d9763e6b01b4c98f2af819e91)
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/16932
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest
index 9ded83c..4519fba 100644
--- a/dev-libs/libxml2/Manifest
+++ b/dev-libs/libxml2/Manifest
@@ -1,5 +1,8 @@
DIST libxml2-2.9.10-r1-patchset.tar.xz 72088 BLAKE2B 4d5f8aed35d6c0232089e09f22a77cbd25cbd2007c1330538e1c7acc4398ec3ef9023289129677cf5499dbacde4c2f28850ae81acab351d02625d3452aedaede SHA512 a63032d1e85128f637c2b54356aab06a17e31eb1f5facd8fdf88463eb21df6a1d9fd8cc751fa94b8d322fa4f796be4e1d9aa071cbd0826ab31fae46525fde952
DIST libxml2-2.9.10.tar.gz 5624761 BLAKE2B a9958bd7db17fbfb8259b64d66548eb19d28f1aecf40cf66752fcec5720855d31cea9941d52963badd8c18ea1770485f1c11da6213149458336ce0273418f421 SHA512 0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed
DIST xmlts20080827.tar.gz 638940 BLAKE2B c5aab959c6e0698acd5b9be82b48a8ac26f4d01cc03f9acfff20d344f97f4711fc6d4a524ae70457147e8e30c72e27b6726829e1dd21896286aa974ed60774e7 SHA512 7325d0977c4427fc4944b291ccf896a665f654cc24399e5565c12a849c2bc3aef4fa3ee42a09ac115abcb6570c51a8fbd052c38d64d164279ecdecad5a4e884d
+DIST libxml2-2.9.12.tar.gz 5681632 BLAKE2B ab93633140e9fd119d3a48ed829a91213c3d7956a00d181203f5188fb0ed0d3a7150d3128fe986b13efadf6fe484393262a3de575527f38f74aa6c0067a6d934 SHA512 df1c6486e80f0fcf3c506f3599bcfb94b620c00d0b5d26831bc983daa78d58ec58b5057b1ec7c1a26c694f40199c6234ee2a6dcabf65abfa10c447cb5705abbd
+DIST libxml2-2.9.12.tar.gz.asc 488 BLAKE2B 48ec86ec373d94de73bdb52141fc77fccd0ca296a35ed97aa3479ecdcf82b15422dd7d751359b5b1ca477e24b8eee9226784cfbfd861236e10eed2519e7959bf SHA512 69ca6ab7170cad467724e19eff99a3544966a26069e78a7b7cc27ae93a9077b11cc8dad2536bd0b27c3b45f4ea7520c813fe5a018cd65f103059f7f75147a656
+DIST xmlts20130923.tar.gz 641522 BLAKE2B 63a47bc69278ef510cd0b3779aed729e1b309e30efa0015d28ed051cc03f9dfddb447ab57b07b3393e8f47393d15473b0e199c34cb1f5f746b15ddfaa55670be SHA512 d5c4d26b324ed21f4e0641cd7f8b76dbf9de80df8b519982e44d41c960df29fd03618e02e9693b2d11ad06d19c4a965274c95a048ec3b9653eacb919a7f8b733
DIST xsts-2002-01-16.tar.gz 6894439 BLAKE2B 1e9ec63d2c104655e64249e07440a04d862fcbcd4d4e19745d81b34994319b510a531c9d6df1491fae1e90b5d0764f0f1a827251ca8df5d613178b0eab01ef25 SHA512 43300af6d39c1e2221b0ed7318fe14c7464eeb6eb030ed1e22eb29b4ab17f014e2a4c8887c3a46ae5d243e3072da27f00f4e285498ae6f1288177d38d1108288
DIST xsts-2004-01-14.tar.gz 2761085 BLAKE2B 41545995fb3a65d053257c376c07d45ffd1041a433bfbdb46d4dd87a5afb60c18c8629a3d988323f9e7a1d709775b5a7e5930276a7121c0725a22705c0976e36 SHA512 32854388d7e720ad67156baf50bf2bae7bd878ca3e35fd7e44e57cad3f434f69d56bbbedd61509f8a1faf01c9eae74a078df8fe130780b182c05c05cb1c39ebe
diff --git a/dev-libs/libxml2/files/libxml2-2.9.11-disable-fuzz-tests.patch b/dev-libs/libxml2/files/libxml2-2.9.11-disable-fuzz-tests.patch
new file mode 100644
index 0000000..7f6fd4a
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.11-disable-fuzz-tests.patch
@@ -0,0 +1,33 @@
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/252
+
+From 5d6403682a3463f29a1f7c27aa54ecb5e3971547 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 13 May 2021 17:40:22 +0000
+Subject: [PATCH] Disable fuzz tests
+
+Not all of the fuzz files are included with the dist tarball,
+so disabling them for now to get the release in with most tests
+given the security bug.
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2,9 +2,9 @@
+
+ ACLOCAL_AMFLAGS = -I m4
+
+-SUBDIRS = include . doc example fuzz xstc $(PYTHON_SUBDIR)
++SUBDIRS = include . doc example xstc $(PYTHON_SUBDIR)
+
+-DIST_SUBDIRS = include . doc example fuzz python xstc
++DIST_SUBDIRS = include . doc example python xstc
+
+ AM_CPPFLAGS = -I$(top_builddir)/include -I$(srcdir)/include
+
+@@ -210,7 +210,6 @@ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+ $(CHECKER) ./runxmlconf$(EXEEXT)
+ @(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
+ $(MAKE) tests ; fi)
+- @cd fuzz; $(MAKE) tests
+
+ check: all runtests
+
+--
diff --git a/dev-libs/libxml2/libxml2-2.9.12.ebuild b/dev-libs/libxml2/libxml2-2.9.12.ebuild
new file mode 100644
index 0000000..12cd4c1
--- /dev/null
+++ b/dev-libs/libxml2/libxml2-2.9.12.ebuild
@@ -0,0 +1,240 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Note: Please bump in sync with dev-libs/libxslt
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+PYTHON_REQ_USE="xml"
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielveillard.asc
+inherit autotools flag-o-matic prefix python-r1 multilib-minimal verify-sig
+
+XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite"
+XSTS_NAME_1="xmlschema2002-01-16"
+XSTS_NAME_2="xmlschema2004-01-14"
+XSTS_TARBALL_1="xsts-2002-01-16.tar.gz"
+XSTS_TARBALL_2="xsts-2004-01-14.tar.gz"
+XMLCONF_TARBALL="xmlts20130923.tar.gz"
+DESCRIPTION="XML C parser and toolkit"
+HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2"
+SRC_URI="
+ ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz
+ test? (
+ ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1}
+ ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2}
+ https://www.w3.org/XML/Test/${XMLCONF_TARBALL}
+ )
+ verify-sig? ( ftp://xmlsoft.org/${PN}/${PN}-${PV/_rc/-rc}.tar.gz.asc )
+"
+S="${WORKDIR}/${PN}-${PV%_rc*}"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="*"
+IUSE="debug examples icu ipv6 lzma +python readline static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+BDEPEND="
+ dev-util/gtk-doc-am
+ virtual/pkgconfig
+ verify-sig? ( app-crypt/openpgp-keys-danielveillard )
+"
+RDEPEND="
+ >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}]
+ icu? ( >=dev-libs/icu-51.2-r1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+"
+DEPEND="${RDEPEND}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/xml2-config
+)
+
+DOCS=( AUTHORS ChangeLog NEWS README TODO TODO_SCHEMAS )
+
+PATCHES=(
+ # Patches needed for prefix support
+ "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch
+
+ # Fix python detection, bug #567066
+ # https://bugzilla.gnome.org/show_bug.cgi?id=760458
+ "${FILESDIR}"/${PN}-2.9.2-python-ABIFLAG.patch
+
+ # Fix python tests when building out of tree #565576
+ "${FILESDIR}"/${PN}-2.9.8-out-of-tree-test.patch
+
+ # bug #745162
+ "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch
+
+ # Avoid failure on missing fuzz.h when running tests
+ "${FILESDIR}"/${PN}-2.9.11-disable-fuzz-tests.patch
+)
+
+src_unpack() {
+ local tarname=${P/_rc/-rc}.tar.gz
+
+ if use verify-sig ; then
+ verify-sig_verify_detached "${DISTDIR}"/${tarname}{,.asc}
+ fi
+
+ # ${A} isn't used to avoid unpacking of test tarballs into ${WORKDIR},
+ # as they are needed as tarballs in ${S}/xstc instead and not unpacked
+ unpack ${tarname}
+ cd "${S}" || die
+
+ if use test ; then
+ cp "${DISTDIR}/${XSTS_TARBALL_1}" \
+ "${DISTDIR}/${XSTS_TARBALL_2}" \
+ "${S}"/xstc/ \
+ || die "Failed to install test tarballs"
+ unpack ${XMLCONF_TARBALL}
+ fi
+}
+
+src_prepare() {
+ default
+
+ eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c
+
+ if [[ ${CHOST} == *-darwin* ]] ; then
+ # Avoid final linking arguments for python modules
+ sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die
+ # gcc-apple doesn't grok -Wno-array-bounds
+ sed -i -e 's/-Wno-array-bounds//' configure.ac || die
+ fi
+
+ # Please do not remove, as else we get references to PORTAGE_TMPDIR
+ # in /usr/lib/python?.?/site-packages/libxml2mod.la among things.
+ # We now need to run eautoreconf at the end to prevent maintainer mode.
+ #elibtoolize
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # Filter seemingly problematic CFLAGS (#26320)
+ filter-flags -fprefetch-loop-arrays -funroll-loops
+
+ # Notes:
+ # 1) USE zlib support breaks gnome2
+ # (libgnomeprint for instance fails to compile with
+ # fresh install, and existing) - <azarah@gentoo.org> (22 Dec 2002).
+ #
+ # 2) The meaning of the 'debug' USE flag does not apply to the --with-debug
+ # switch (enabling the libxml2 debug module). See bug #100898.
+ #
+ # 3) --with-mem-debug causes unusual segmentation faults (bug #105120).
+
+ libxml2_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-html-subdir=${PF}/html \
+ $(use_with debug run-debug) \
+ $(use_with icu) \
+ $(use_with lzma) \
+ $(use_enable ipv6) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_with readline) \
+ $(multilib_native_use_with readline history) \
+ "$@"
+ }
+
+ libxml2_py_configure() {
+ # Ensure python build dirs exist
+ mkdir -p "${BUILD_DIR}" || die
+
+ # Odd build system, also see bug #582130
+ run_in_build_dir libxml2_configure \
+ "--with-python=${EPYTHON}" \
+ "--with-python-install-dir=$(python_get_sitedir)"
+ }
+
+ # Build python bindings separately
+ libxml2_configure --without-python
+
+ if multilib_is_native_abi && use python ; then
+ python_foreach_impl libxml2_py_configure
+ fi
+}
+
+libxml2_py_emake() {
+ pushd "${BUILD_DIR}/python" > /dev/null || die
+
+ emake "$@"
+
+ popd > /dev/null || die
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi && use python ; then
+ local native_builddir="${BUILD_DIR}"
+
+ python_foreach_impl libxml2_py_emake \
+ top_builddir="${native_builddir}" \
+ all
+ fi
+}
+
+multilib_src_test() {
+ ln -s "${S}"/xmlconf || die
+
+ emake check
+
+ if multilib_is_native_abi && use python ; then
+ python_foreach_impl libxml2_py_emake test
+ fi
+}
+
+multilib_src_install() {
+ emake \
+ DESTDIR="${D}" \
+ EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples \
+ install
+
+ if multilib_is_native_abi && use python ; then
+ python_foreach_impl libxml2_py_emake \
+ DESTDIR="${D}" \
+ docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \
+ exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \
+ install
+
+ python_foreach_impl python_optimize
+ fi
+}
+
+multilib_src_install_all() {
+ rm -rf "${ED}"/usr/share/doc/${P}
+
+ einstalldocs
+
+ if ! use examples ; then
+ rm -rf "${ED}"/usr/share/doc/${PF}/examples
+ rm -rf "${ED}"/usr/share/doc/${PF}/python/examples
+ fi
+
+ find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not
+ # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887.
+ if [[ -n "${ROOT}" ]]; then
+ elog "Skipping XML catalog creation for stage building (bug #208887)."
+ else
+ # Need an XML catalog, so no-one writes to a non-existent one
+ CATALOG="${EROOT}/etc/xml/catalog"
+
+ # We don't want to clobber an existing catalog though,
+ # only ensure that one is there
+ # <obz@gentoo.org>
+ if [[ ! -e "${CATALOG}" ]]; then
+ [[ -d "${EROOT}/etc/xml" ]] || mkdir -p "${EROOT}/etc/xml"
+ "${EPREFIX}"/usr/bin/xmlcatalog --create > "${CATALOG}"
+ einfo "Created XML catalog in ${CATALOG}"
+ fi
+ fi
+}
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
new file mode 100644
index 0000000..e3ef7f2
--- /dev/null
+++ b/eclass/verify-sig.eclass
@@ -0,0 +1,271 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: verify-sig.eclass
+# @MAINTAINER:
+# MichaĆ Górny <mgorny@gentoo.org>
+# @SUPPORTED_EAPIS: 7
+# @BLURB: Eclass to verify upstream signatures on distfiles
+# @DESCRIPTION:
+# verify-sig eclass provides a streamlined approach to verifying
+# upstream signatures on distfiles. Its primary purpose is to permit
+# developers to easily verify signatures while bumping packages.
+# The eclass removes the risk of developer forgetting to perform
+# the verification, or performing it incorrectly, e.g. due to additional
+# keys in the local keyring. It also permits users to verify
+# the developer's work.
+#
+# To use the eclass, start by packaging the upstream's key
+# as app-crypt/openpgp-keys-*. Then inherit the eclass, add detached
+# signatures to SRC_URI and set VERIFY_SIG_OPENPGP_KEY_PATH. The eclass
+# provides verify-sig USE flag to toggle the verification.
+#
+# Example use:
+# @CODE
+# inherit verify-sig
+#
+# SRC_URI="https://example.org/${P}.tar.gz
+# verify-sig? ( https://example.org/${P}.tar.gz.sig )"
+# BDEPEND="
+# verify-sig? ( app-crypt/openpgp-keys-example )"
+#
+# VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/example.asc
+# @CODE
+
+case "${EAPI:-0}" in
+ 0|1|2|3|4|5|6)
+ die "Unsupported EAPI=${EAPI} (obsolete) for ${ECLASS}"
+ ;;
+ 7)
+ ;;
+ *)
+ die "Unsupported EAPI=${EAPI} (unknown) for ${ECLASS}"
+ ;;
+esac
+
+EXPORT_FUNCTIONS src_unpack
+
+if [[ ! ${_VERIFY_SIG_ECLASS} ]]; then
+
+IUSE="verify-sig"
+
+BDEPEND="
+ verify-sig? (
+ app-crypt/gnupg
+ >=app-portage/gemato-16
+ )"
+
+# @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEY_PATH
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# Path to key bundle used to perform the verification. This is required
+# when using default src_unpack. Alternatively, the key path can be
+# passed directly to the verification functions.
+
+# @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEYSERVER
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# Keyserver used to refresh keys. If not specified, the keyserver
+# preference from the key will be respected. If no preference
+# is specified by the key, the GnuPG default will be used.
+
+# @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEY_REFRESH
+# @USER_VARIABLE
+# @DESCRIPTION:
+# Attempt to refresh keys via WKD/keyserver. Set it to "yes"
+# in make.conf to enable. Note that this requires working Internet
+# connection.
+: ${VERIFY_SIG_OPENPGP_KEY_REFRESH:=no}
+
+# @FUNCTION: verify-sig_verify_detached
+# @USAGE: <file> <sig-file> [<key-file>]
+# @DESCRIPTION:
+# Read the detached signature from <sig-file> and verify <file> against
+# it. <key-file> can either be passed directly, or it defaults
+# to VERIFY_SIG_OPENPGP_KEY_PATH. The function dies if verification
+# fails.
+verify-sig_verify_detached() {
+ local file=${1}
+ local sig=${2}
+ local key=${3:-${VERIFY_SIG_OPENPGP_KEY_PATH}}
+
+ [[ -n ${key} ]] ||
+ die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
+
+ local extra_args=()
+ [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
+ [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
+ --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
+ )
+
+ # GPG upstream knows better than to follow the spec, so we can't
+ # override this directory. However, there is a clean fallback
+ # to GNUPGHOME.
+ addpredict /run/user
+
+ local filename=${file##*/}
+ [[ ${file} == - ]] && filename='(stdin)'
+ einfo "Verifying ${filename} ..."
+ gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
+ gpg --verify "${sig}" "${file}" ||
+ die "PGP signature verification failed"
+}
+
+# @FUNCTION: verify-sig_verify_message
+# @USAGE: <file> <output-file> [<key-file>]
+# @DESCRIPTION:
+# Verify that the file ('-' for stdin) contains a valid, signed PGP
+# message and write the message into <output-file> ('-' for stdout).
+# <key-file> can either be passed directly, or it defaults
+# to VERIFY_SIG_OPENPGP_KEY_PATH. The function dies if verification
+# fails. Note that using output from <output-file> is important as it
+# prevents the injection of unsigned data.
+verify-sig_verify_message() {
+ local file=${1}
+ local output_file=${2}
+ local key=${3:-${VERIFY_SIG_OPENPGP_KEY_PATH}}
+
+ [[ -n ${key} ]] ||
+ die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
+
+ local extra_args=()
+ [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
+ [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
+ --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
+ )
+
+ # GPG upstream knows better than to follow the spec, so we can't
+ # override this directory. However, there is a clean fallback
+ # to GNUPGHOME.
+ addpredict /run/user
+
+ local filename=${file##*/}
+ [[ ${file} == - ]] && filename='(stdin)'
+ einfo "Verifying ${filename} ..."
+ gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
+ gpg --verify --output="${output_file}" "${file}" ||
+ die "PGP signature verification failed"
+}
+
+# @FUNCTION: verify-sig_verify_signed_checksums
+# @USAGE: <checksum-file> <algo> <files> [<key-file>]
+# @DESCRIPTION:
+# Verify the checksums for all files listed in the space-separated list
+# <files> (akin to ${A}) using a PGP-signed <checksum-file>. <algo>
+# specified the checksum algorithm (e.g. sha256). <key-file> can either
+# be passed directly, or it defaults to VERIFY_SIG_OPENPGP_KEY_PATH.
+#
+# The function dies if PGP verification fails, the checksum file
+# contains unsigned data, one of the files do not match checksums
+# or are missing from the checksum file.
+verify-sig_verify_signed_checksums() {
+ local checksum_file=${1}
+ local algo=${2}
+ local files=()
+ read -r -d '' -a files <<<"${3}"
+ local key=${4:-${VERIFY_SIG_OPENPGP_KEY_PATH}}
+
+ local chksum_prog chksum_len
+ case ${algo} in
+ sha256)
+ chksum_prog=sha256sum
+ chksum_len=64
+ ;;
+ *)
+ die "${FUNCNAME}: unknown checksum algo ${algo}"
+ ;;
+ esac
+
+ [[ -n ${key} ]] ||
+ die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
+
+ local checksum filename junk ret=0 count=0
+ while read -r checksum filename junk; do
+ [[ ${#checksum} -eq ${chksum_len} ]] || continue
+ [[ -z ${checksum//[0-9a-f]} ]] || continue
+ has "${filename}" "${files[@]}" || continue
+ [[ -z ${junk} ]] || continue
+
+ "${chksum_prog}" -c --strict - <<<"${checksum} ${filename}"
+ if [[ ${?} -eq 0 ]]; then
+ (( count++ ))
+ else
+ ret=1
+ fi
+ done < <(verify-sig_verify_message "${checksum_file}" - "${key}")
+
+ [[ ${ret} -eq 0 ]] ||
+ die "${FUNCNAME}: at least one file did not verify successfully"
+ [[ ${count} -eq ${#files[@]} ]] ||
+ die "${FUNCNAME}: checksums for some of the specified files were missing"
+}
+
+# @FUNCTION: verify-sig_src_unpack
+# @DESCRIPTION:
+# Default src_unpack override that verifies signatures for all
+# distfiles if 'verify-sig' flag is enabled. The function dies if any
+# of the signatures fails to verify or if any distfiles are not signed.
+# Please write src_unpack() yourself if you need to perform partial
+# verification.
+verify-sig_src_unpack() {
+ if use verify-sig; then
+ local f suffix found
+ local distfiles=() signatures=() nosigfound=() straysigs=()
+
+ # find all distfiles and signatures, and combine them
+ for f in ${A}; do
+ found=
+ for suffix in .asc .sig; do
+ if [[ ${f} == *${suffix} ]]; then
+ signatures+=( "${f}" )
+ found=sig
+ break
+ else
+ if has "${f}${suffix}" ${A}; then
+ distfiles+=( "${f}" )
+ found=dist+sig
+ break
+ fi
+ fi
+ done
+ if [[ ! ${found} ]]; then
+ nosigfound+=( "${f}" )
+ fi
+ done
+
+ # check if all distfiles are signed
+ if [[ ${#nosigfound[@]} -gt 0 ]]; then
+ eerror "The following distfiles lack detached signatures:"
+ for f in "${nosigfound[@]}"; do
+ eerror " ${f}"
+ done
+ die "Unsigned distfiles found"
+ fi
+
+ # check if there are no stray signatures
+ for f in "${signatures[@]}"; do
+ if ! has "${f%.*}" "${distfiles[@]}"; then
+ straysigs+=( "${f}" )
+ fi
+ done
+ if [[ ${#straysigs[@]} -gt 0 ]]; then
+ eerror "The following signatures do not match any distfiles:"
+ for f in "${straysigs[@]}"; do
+ eerror " ${f}"
+ done
+ die "Unused signatures found"
+ fi
+
+ # now perform the verification
+ for f in "${signatures[@]}"; do
+ verify-sig_verify_detached \
+ "${DISTDIR}/${f%.*}" "${DISTDIR}/${f}"
+ done
+ fi
+
+ # finally, unpack the distfiles
+ default_src_unpack
+}
+
+_VERIFY_SIG_ECLASS=1
+fi
diff --git a/metadata/md5-cache/dev-libs/libxml2-2.9.12 b/metadata/md5-cache/dev-libs/libxml2-2.9.12
new file mode 100644
index 0000000..0714c69
--- /dev/null
+++ b/metadata/md5-cache/dev-libs/libxml2-2.9.12
@@ -0,0 +1,16 @@
+BDEPEND=dev-util/gtk-doc-am virtual/pkgconfig verify-sig? ( app-crypt/openpgp-keys-danielveillard ) >=app-portage/elt-patches-20170815 verify-sig? ( app-crypt/gnupg >=app-portage/gemato-16 )
+DEFINED_PHASES=compile configure install postinst prepare test unpack
+DEPEND=>=sys-libs/zlib-1.2.8-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] icu? ( >=dev-libs/icu-51.2-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] ) python? ( python_targets_python3_7? ( dev-lang/python:3.7[xml] ) python_targets_python3_8? ( dev-lang/python:3.8[xml] ) python_targets_python3_9? ( dev-lang/python:3.9[xml] ) >=dev-lang/python-exec-2:=[python_targets_python3_7(-)?,python_targets_python3_8(-)?,python_targets_python3_9(-)?,-python_single_target_python3_7(-),-python_single_target_python3_8(-),-python_single_target_python3_9(-)] ) readline? ( sys-libs/readline:= ) !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.16.1:1.16 >=sys-devel/automake-1.15.1:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4
+DESCRIPTION=XML C parser and toolkit
+EAPI=7
+HOMEPAGE=http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxml2
+IUSE=debug examples icu ipv6 lzma +python readline static-libs test python_targets_python3_7 python_targets_python3_8 python_targets_python3_9 abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64 abi_arm_32 abi_arm_64 verify-sig
+KEYWORDS=*
+LICENSE=MIT
+RDEPEND=>=sys-libs/zlib-1.2.8-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] icu? ( >=dev-libs/icu-51.2-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] ) lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?,abi_arm_32(-)?,abi_arm_64(-)?] ) python? ( python_targets_python3_7? ( dev-lang/python:3.7[xml] ) python_targets_python3_8? ( dev-lang/python:3.8[xml] ) python_targets_python3_9? ( dev-lang/python:3.9[xml] ) >=dev-lang/python-exec-2:=[python_targets_python3_7(-)?,python_targets_python3_8(-)?,python_targets_python3_9(-)?,-python_single_target_python3_7(-),-python_single_target_python3_8(-),-python_single_target_python3_9(-)] ) readline? ( sys-libs/readline:= )
+REQUIRED_USE=python? ( || ( python_targets_python3_7 python_targets_python3_8 python_targets_python3_9 ) )
+RESTRICT=!test? ( test )
+SLOT=2
+SRC_URI=ftp://xmlsoft.org/libxml2/libxml2-2.9.12.tar.gz test? ( http://www.w3.org/XML/2004/xml-schema-test-suite/xmlschema2002-01-16/xsts-2002-01-16.tar.gz http://www.w3.org/XML/2004/xml-schema-test-suite/xmlschema2004-01-14/xsts-2004-01-14.tar.gz https://www.w3.org/XML/Test/xmlts20130923.tar.gz ) verify-sig? ( ftp://xmlsoft.org/libxml2/libxml2-2.9.12.tar.gz.asc )
+_eclasses_=autotools d0e5375d47f4c809f406eb892e531513 eutils fcb2aa98e1948b835b5ae66ca52868c5 flag-o-matic 5d5921a298e95441da2f85be419894c0 libtool f143db5a74ccd9ca28c1234deffede96 multibuild 40fe59465edacd730c644ec2bc197809 multilib 2477ebe553d3e4d2c606191fe6c33602 multilib-build 1979aa0ff4d356d32507ca4650d9f37d multilib-minimal 8bddda43703ba94d8341f4e247f97566 prefix e51c7882b7b721e54e684f7eb143cbfe python-r1 79e26ce8f853c9daebe9a4956e37cc1b python-utils-r1 157a6a7a3e99c7dbdf81acc9dd4f57cd toolchain-funcs 605c126bed8d87e4378d5ff1645330cb verify-sig 40b4f4f782cf67118f594ce604cc4c0a
+_md5_=0a504425f0a2e5f75222d46355f316f8
