Accepting request 479022 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Added patch libxslt-CVE-2016-4738.patch 
  * Fix heap overread in xsltFormatNumberConversion: An empty 
    decimal-separator could cause a heap overread. This can be
    exploited to leak a couple of bytes after the buffer that holds 
    the pattern string.
  * bsc#1005591 CVE-2016-4738

OBS-URL: https://build.opensuse.org/request/show/479022
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=54

libxslt-CVE-2016-4738.patch

@@ -0,0 +1,32 @@
+From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 10 Jun 2016 14:23:58 +0200
+Subject: Fix heap overread in xsltFormatNumberConversion
+
+An empty decimal-separator could cause a heap overread. This can be
+exploited to leak a couple of bytes after the buffer that holds the
+pattern string.
+
+Found with afl-fuzz and ASan.
+---
+ libxslt/numbers.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index d1549b4..e78c46b 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
+     }
+ 
+     /* We have finished the integer part, now work on fraction */
+-    if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
++    if ( (*the_format != 0) &&
++         (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
+         format_info.add_decimal = TRUE;
+ 	the_format += xsltUTF8Size(the_format);	/* Skip over the decimal */
+     }
+-- 
+cgit v0.12
+
+

libxslt-python.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libxslt-python
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

libxslt.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Mar 13 12:43:04 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Added patch libxslt-CVE-2016-4738.patch 
+  * Fix heap overread in xsltFormatNumberConversion: An empty 
+    decimal-separator could cause a heap overread. This can be
+    exploited to leak a couple of bytes after the buffer that holds 
+    the pattern string.
+  * bsc#1005591 CVE-2016-4738
+
 -------------------------------------------------------------------
 Sat Jun 11 11:42:29 UTC 2016 - tchvatal@suse.com
 

libxslt.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libxslt
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,7 @@ Source3:        xslt-config.1
 Patch0:         %{name}-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-config-fixes.patch
 Patch2:         0009-Make-generate-id-deterministic.patch
+Patch3:         libxslt-CVE-2016-4738.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libtool
@@ -99,6 +100,7 @@ xtend the
 %patch0
 %patch1
 %patch2 -p1
+%patch3 -p1
 
 %build
 autoreconf -fvi