Accepting request 535190 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Update to version 1.1.30 [bsc#1063934]
  * Documentation:
    - Misc doc fixes
  * Portability:
    - Look for libxml2 via pkg-config first
  * Bug Fixes:
    - Also fix memory hazards in exsltFuncResultElem
    - Fix NULL deref in xsltDefaultSortFunction
    - Fix memory hazards in exsltFuncFunctionFunction
    - Fix memory leaks in EXSLT error paths
    - Fix memory leak in str:concat with empty node-set
    - Fix memory leaks in error paths
    - Switch to xmlUTF8Strsize in numbers.c
    - Fix NULL pointer deref in xsltFormatNumberFunction
    - Fix UTF-8 check in str:padding
    - Fix xmlStrPrintf argument
    - Check for overflow in _exsltDateParseGYear
    - Fix double to int conversion
    - Check for overflow in exsltDateParseDuration
    - Change version of xsltMaxVars back to 1.0.24
    - Disable xsltCopyTextString optimization for extensions
    - Create DOCTYPE for HTML version 5
    - Make xsl:decimal-format work with namespaces
    - Remove norm:localTime extension function
    - Check for integer overflow in xsltAddTextString
    - Detect infinite recursion when evaluating function arguments
    - Fix memory leak in xsltElementAvailableFunction
    - Fix for pattern predicates calling functions
    - Fix cmd.exe invocations in Makefile.mingw
    - Don't try to install index.sgml

OBS-URL: https://build.opensuse.org/request/show/535190
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=65

libxslt-1.1.28-CVE-2017-5029.patch

@@ -1,74 +0,0 @@
-From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Thu, 12 Jan 2017 15:39:52 +0100
-Subject: Check for integer overflow in xsltAddTextString
-
-Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
-exploited to trigger an out of bounds write on 64-bit systems.
-
-Originally reported to Chromium:
-
-https://crbug.com/676623
----
- libxslt/transform.c     | 25 ++++++++++++++++++++++---
- libxslt/xsltInternals.h |  4 ++--
- 2 files changed, 24 insertions(+), 5 deletions(-)
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 519133f..02bff34 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
-         return(target);
- 
-     if (ctxt->lasttext == target->content) {
-+        int minSize;
- 
--	if (ctxt->lasttuse + len >= ctxt->lasttsize) {
-+        /* Check for integer overflow accounting for NUL terminator. */
-+        if (len >= INT_MAX - ctxt->lasttuse) {
-+            xsltTransformError(ctxt, NULL, target,
-+                "xsltCopyText: text allocation failed\n");
-+            return(NULL);
-+        }
-+        minSize = ctxt->lasttuse + len + 1;
-+
-+        if (ctxt->lasttsize < minSize) {
- 	    xmlChar *newbuf;
- 	    int size;
-+            int extra;
-+
-+            /* Double buffer size but increase by at least 100 bytes. */
-+            extra = minSize < 100 ? 100 : minSize;
-+
-+            /* Check for integer overflow. */
-+            if (extra > INT_MAX - ctxt->lasttsize) {
-+                size = INT_MAX;
-+            }
-+            else {
-+                size = ctxt->lasttsize + extra;
-+            }
- 
--	    size = ctxt->lasttsize + len + 100;
--	    size *= 2;
- 	    newbuf = (xmlChar *) xmlRealloc(target->content,size);
- 	    if (newbuf == NULL) {
- 		xsltTransformError(ctxt, NULL, target,
-diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
-index 060b178..5ad1771 100644
---- a/libxslt/xsltInternals.h
-+++ b/libxslt/xsltInternals.h
-@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
-      * Speed optimization when coalescing text nodes
-      */
-     const xmlChar  *lasttext;		/* last text node content */
--    unsigned int    lasttsize;		/* last text node size */
--    unsigned int    lasttuse;		/* last text node use */
-+    int             lasttsize;		/* last text node size */
-+    int             lasttuse;		/* last text node use */
-     /*
-      * Per Context Debugging
-      */
--- 
-cgit v0.12
-

libxslt-1.1.29.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b5976e3857837e7617b29f2249ebb5eeac34e249208d31f1fbf7a6ba7a4090ce
-size 3428524

libxslt-1.1.29.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAldDtVwACgkQRga4pd6VvB8F5ACbBAolNImNScVOescshMRuEwFB
-KOkAnA5I+He/EmWeyL5/+BXPlWCd/NDn
-=/Fe0
------END PGP SIGNATURE-----

libxslt-1.1.30.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba65236116de8326d83378b2bd929879fa185195bc530b9d1aba72107910b6b3
+size 3444029

libxslt-1.1.30.tar.gz.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABAgAGBQJZrVbGAAoJEBVYiyZZa+pdVrMH/Ru0J8zvwx8Geu6PX8ykvdEU
+o5U/izwg8C8a1mtI9M8PcVUsERQinBcngO14Vk0V0dXHLp7/IEpRuXksCYkcTJL9
+HawU2uDXTE/VwUl9aM2OXJOCk9W/JUkElbqEG11LCfU6uGlV+mFpLVO+eMDPxlRZ
+v2LMs/yBFSiwNw757771ADShdRe3QxqhRscikK/yz/BRESdqls3/3y6GSEV2rx2n
+VKVvsuHFisviwEn+1pvqcAGNCm0pIkPX6/nr+ayK3rBX7tmS493Stp6e/qUYKo6e
+5cmdTkPhpzICQH2yqeUlfMp1M1nN50oShpvQqyjmpI+SV1udw08suIxVTDUCTRc=
+=LjYD
+-----END PGP SIGNATURE-----

libxslt-CVE-2016-4738.patch

@@ -1,32 +0,0 @@
-From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 10 Jun 2016 14:23:58 +0200
-Subject: Fix heap overread in xsltFormatNumberConversion
-
-An empty decimal-separator could cause a heap overread. This can be
-exploited to leak a couple of bytes after the buffer that holds the
-pattern string.
-
-Found with afl-fuzz and ASan.
----
- libxslt/numbers.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/numbers.c b/libxslt/numbers.c
-index d1549b4..e78c46b 100644
---- a/libxslt/numbers.c
-+++ b/libxslt/numbers.c
-@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
-     }
- 
-     /* We have finished the integer part, now work on fraction */
--    if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
-+    if ( (*the_format != 0) &&
-+         (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
-         format_info.add_decimal = TRUE;
- 	the_format += xsltUTF8Size(the_format);	/* Skip over the decimal */
-     }
--- 
-cgit v0.12
-
-

libxslt-python.changes

@@ -1,3 +1,92 @@
+-------------------------------------------------------------------
+Thu Oct 19 11:18:49 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Update to version 1.1.30 [bsc#1063934]
+  * Documentation:
+    - Misc doc fixes
+  * Portability:
+    - Look for libxml2 via pkg-config first
+  * Bug Fixes:
+    - Also fix memory hazards in exsltFuncResultElem
+    - Fix NULL deref in xsltDefaultSortFunction
+    - Fix memory hazards in exsltFuncFunctionFunction
+    - Fix memory leaks in EXSLT error paths
+    - Fix memory leak in str:concat with empty node-set
+    - Fix memory leaks in error paths
+    - Switch to xmlUTF8Strsize in numbers.c
+    - Fix NULL pointer deref in xsltFormatNumberFunction
+    - Fix UTF-8 check in str:padding
+    - Fix xmlStrPrintf argument
+    - Check for overflow in _exsltDateParseGYear
+    - Fix double to int conversion
+    - Check for overflow in exsltDateParseDuration
+    - Change version of xsltMaxVars back to 1.0.24
+    - Disable xsltCopyTextString optimization for extensions
+    - Create DOCTYPE for HTML version 5
+    - Make xsl:decimal-format work with namespaces
+    - Remove norm:localTime extension function
+    - Check for integer overflow in xsltAddTextString
+    - Detect infinite recursion when evaluating function arguments
+    - Fix memory leak in xsltElementAvailableFunction
+    - Fix for pattern predicates calling functions
+    - Fix cmd.exe invocations in Makefile.mingw
+    - Don't try to install index.sgml
+    - Fix symbols.xml
+    - Fix heap overread in xsltFormatNumberConversion
+    - Fix <xsl:number level="any"/> for non-element nodes
+    - Fix unreachable code in xsltAddChild
+    - Change version number in xsl:version warning
+    - Avoid infinite recursion after failed param evaluation
+    - Stop if potential recursion is detected
+    - Consider built-in templates in apply-imports
+    - Fix precedence with multiple attribute sets
+    - Rework attribute set resolution
+  * Improvements:
+    - Silence tests a little
+    - Set LIBXML_SRC to absolute path
+    - Add missing #include
+    - Adjust expected error messages in tests
+    - Make xsltDebug more quiet
+    - New-line terminate error message that missed this convention
+    - Use xmlBuffers in EXSLT string functions
+    - Switch to xmlUTF8Strsize in EXSLT string functions
+    - Check for return value of xmlUTF8Strlen
+    - Avoid double/long round trip in FORMAT_ITEM
+    - Separate date and duration structs
+    - Check for overflow in _exsltDateDifference
+    - Clamp seconds field of durations
+    - Change _exsltDateAddDurCalc parameter types
+    - Fix date:difference with time zones
+    - Rework division/remainder arithmetic in date.c
+    - Remove exsltDateCastDateToNumber
+    - Change internal representation of years
+    - Optimize IS_LEAP
+    - Link libraries with libm
+    - Rename xsltCopyTreeInternal to xsltCopyTree
+    - Update linker version script
+    - Add local wildcard to version script
+    - Make some symbols static
+    - Remove redundant NULL check in xsltNumberComp
+    - Fix forwards compatibility for imported stylesheets
+    - Reduce warnings in forwards-compatible mode
+    - Precompute XSLT elements after preprocessing
+    - Fix whitespace in xsltParseStylesheetTop
+    - Consolidate recursion checks
+    - Treat XSLT_STATE_STOPPED same as errors
+    - Make sure that XSLT_STATE_STOPPED isn't overwritten
+    - Add comment regarding built-in templates and params
+    - Rewrite memory management of local RVTs
+    - Validate QNames of attribute sets
+    - Add xsl:attribute-set regression tests
+    - Ignore imported stylesheets in xsltApplyAttributeSet
+
+-------------------------------------------------------------------
+Thu Oct 19 11:15:22 UTC 2017 - pmonrealgonzalez@suse.com
+
+- security update: initialize random generator, CVE-2015-9019         
+  [bsc#934119]                                                        
+  + libxslt-random-seed.patch
+
 -------------------------------------------------------------------
 Mon Sep 11 18:35:31 UTC 2017 - jengelh@inai.de
 

libxslt-python.spec

@@ -18,7 +18,7 @@
 
 %define libname libxslt1
 Name:           libxslt-python
-Version:        1.1.29
+Version:        1.1.30
 Release:        0
 Summary:        Python Bindings for libxslt
 License:        MIT
@@ -31,13 +31,14 @@ Patch0:         libxslt-1.1.24-linkflags.patch
 # pbleser: don't build the doc subdir as it's broken and we don't install
 # it anyway; neither build the xsltproc subdir (not packaged here, faster)
 Patch1:         libxslt-do_not_build_doc_nor_xsltproc.patch
+Patch2:         libxslt-random-seed.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libtool
 BuildRequires:  libxml2-devel
-BuildRequires:  libxml2-python
 BuildRequires:  libxslt-tools
 BuildRequires:  python-devel
+BuildRequires:  python-libxml2
 BuildRequires:  python-xml
 #!BuildIgnore:  python
 Requires:       %{libname} = %{version}
@@ -56,6 +57,7 @@ XSLT language with XPath functions written in Python.
 %setup -q -n libxslt-%{version}
 %patch0
 %patch1
+%patch2 -p1
 
 %build
 autoreconf -fvi

libxslt.changes

@@ -1,3 +1,89 @@
+-------------------------------------------------------------------
+Thu Oct 19 10:09:45 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Update to version 1.1.30 [bsc#1063934]
+  * Documentation:
+    - Misc doc fixes
+  * Portability:
+    - Look for libxml2 via pkg-config first
+  * Bug Fixes:
+    - Also fix memory hazards in exsltFuncResultElem
+    - Fix NULL deref in xsltDefaultSortFunction
+    - Fix memory hazards in exsltFuncFunctionFunction
+    - Fix memory leaks in EXSLT error paths
+    - Fix memory leak in str:concat with empty node-set
+    - Fix memory leaks in error paths
+    - Switch to xmlUTF8Strsize in numbers.c
+    - Fix NULL pointer deref in xsltFormatNumberFunction
+    - Fix UTF-8 check in str:padding
+    - Fix xmlStrPrintf argument
+    - Check for overflow in _exsltDateParseGYear
+    - Fix double to int conversion
+    - Check for overflow in exsltDateParseDuration
+    - Change version of xsltMaxVars back to 1.0.24
+    - Disable xsltCopyTextString optimization for extensions
+    - Create DOCTYPE for HTML version 5
+    - Make xsl:decimal-format work with namespaces
+    - Remove norm:localTime extension function
+    - Check for integer overflow in xsltAddTextString
+    - Detect infinite recursion when evaluating function arguments
+    - Fix memory leak in xsltElementAvailableFunction
+    - Fix for pattern predicates calling functions
+    - Fix cmd.exe invocations in Makefile.mingw
+    - Don't try to install index.sgml
+    - Fix symbols.xml
+    - Fix heap overread in xsltFormatNumberConversion
+    - Fix <xsl:number level="any"/> for non-element nodes
+    - Fix unreachable code in xsltAddChild
+    - Change version number in xsl:version warning
+    - Avoid infinite recursion after failed param evaluation
+    - Stop if potential recursion is detected
+    - Consider built-in templates in apply-imports
+    - Fix precedence with multiple attribute sets
+    - Rework attribute set resolution
+  * Improvements:
+    - Silence tests a little
+    - Set LIBXML_SRC to absolute path
+    - Add missing #include
+    - Adjust expected error messages in tests
+    - Make xsltDebug more quiet
+    - New-line terminate error message that missed this convention
+    - Use xmlBuffers in EXSLT string functions
+    - Switch to xmlUTF8Strsize in EXSLT string functions
+    - Check for return value of xmlUTF8Strlen
+    - Avoid double/long round trip in FORMAT_ITEM
+    - Separate date and duration structs
+    - Check for overflow in _exsltDateDifference
+    - Clamp seconds field of durations
+    - Change _exsltDateAddDurCalc parameter types
+    - Fix date:difference with time zones
+    - Rework division/remainder arithmetic in date.c
+    - Remove exsltDateCastDateToNumber
+    - Change internal representation of years
+    - Optimize IS_LEAP
+    - Link libraries with libm
+    - Rename xsltCopyTreeInternal to xsltCopyTree
+    - Update linker version script
+    - Add local wildcard to version script
+    - Make some symbols static
+    - Remove redundant NULL check in xsltNumberComp
+    - Fix forwards compatibility for imported stylesheets
+    - Reduce warnings in forwards-compatible mode
+    - Precompute XSLT elements after preprocessing
+    - Fix whitespace in xsltParseStylesheetTop
+    - Consolidate recursion checks
+    - Treat XSLT_STATE_STOPPED same as errors
+    - Make sure that XSLT_STATE_STOPPED isn't overwritten
+    - Add comment regarding built-in templates and params
+    - Rewrite memory management of local RVTs
+    - Validate QNames of attribute sets
+    - Add xsl:attribute-set regression tests
+    - Ignore imported stylesheets in xsltApplyAttributeSet
+
+- Dropped patches fixed upstream
+  * libxslt-CVE-2016-4738.patch
+  * libxslt-1.1.28-CVE-2017-5029.patch
+
 -------------------------------------------------------------------
 Mon Sep 11 18:35:31 UTC 2017 - jengelh@inai.de
 

libxslt.spec

@@ -19,7 +19,7 @@
 %define libname %{name}1
 %define exname  libexslt0
 Name:           libxslt
-Version:        1.1.29
+Version:        1.1.30
 Release:        0
 Summary:        XSL Transformation Library
 License:        MIT AND GPL-2.0+
@@ -33,10 +33,7 @@ Source99:       baselibs.conf
 Patch0:         %{name}-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-config-fixes.patch
 Patch2:         0009-Make-generate-id-deterministic.patch
-Patch3:         libxslt-CVE-2016-4738.patch
-Patch4:         libxslt-random-seed.patch
-# PATCH-FIX-UPSTREAM CVE-2017-5029 bsc#1035905
-Patch5:         libxslt-1.1.28-CVE-2017-5029.patch
+Patch3:         libxslt-random-seed.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libtool
@@ -105,8 +102,6 @@ xtend the
 %patch1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
-%patch5 -p1
 
 %build
 autoreconf -fvi