pool/libxslt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 896723 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

Browse Source 
- Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit
- Add upstream patches:
  * libxslt-Stop-using-maxParserDepth-XPath-limit.patch
  * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch

OBS-URL: https://build.opensuse.org/request/show/896723
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=84
This commit is contained in:
Dirk Mueller 2021-06-01 20:37:05 +00:00 committed by Git OBS Bridge
parent 94f02f6c77
commit 5d746e836d
4 changed files with 109 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch Normal file
View File

@ -0,0 +1,54 @@
From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 26 Aug 2020 00:34:38 +0200
Subject: [PATCH] Don't set maxDepth in XPath contexts
The maximum recursion depth is hardcoded in libxml2 now.
---
libxslt/functions.c | 2 +-
tests/fuzz/fuzz.c | 11 ++---------
2 files changed, 3 insertions(+), 10 deletions(-)
Index: libxslt-1.1.34/tests/fuzz/fuzz.c
===================================================================
--- libxslt-1.1.34.orig/tests/fuzz/fuzz.c
+++ libxslt-1.1.34/tests/fuzz/fuzz.c
@@ -168,7 +168,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_
xpctxt = tctxt->xpathCtxt;
/* Resource limits to avoid timeouts and call stack overflows */
- xpctxt->maxDepth = 500;
xpctxt->opLimit = 500000;
/* Test namespaces used in xpath.xml */
@@ -299,12 +298,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_U
return 0;
}
-static void
-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
- ctxt->maxDepth = 200;
- ctxt->opLimit = 100000;
-}
-
xmlChar *
xsltFuzzXslt(const char *data, size_t size) {
xmlDocPtr xsltDoc;
@@ -334,7 +327,7 @@ xsltFuzzXslt(const char *data, size_t si
xmlFreeDoc(xsltDoc);
return NULL;
}
- xsltSetXPathResourceLimits(sheet->xpathCtxt);
+ sheet->xpathCtxt->opLimit = 100000;
sheet->xpathCtxt->opCount = 0;
if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
xsltFreeStylesheet(sheet);
@@ -346,7 +339,7 @@ xsltFuzzXslt(const char *data, size_t si
xsltSetCtxtSecurityPrefs(sec, ctxt);
ctxt->maxTemplateDepth = 100;
ctxt->opLimit = 20000;
- xsltSetXPathResourceLimits(ctxt->xpathCtxt);
+ ctxt->xpathCtxt->opLimit = 100000;
ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);

37
libxslt-Stop-using-maxParserDepth-XPath-limit.patch Normal file
View File

@ -0,0 +1,37 @@
From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 17 Aug 2020 03:42:11 +0200
Subject: [PATCH] Stop using maxParserDepth XPath limit
This will be removed again from libxml2.
---
tests/fuzz/fuzz.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
index f502ca2c..75234ad6 100644
--- a/tests/fuzz/fuzz.c
+++ b/tests/fuzz/fuzz.c
@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
xpctxt = tctxt->xpathCtxt;
/* Resource limits to avoid timeouts and call stack overflows */
- xpctxt->maxParserDepth = 15;
- xpctxt->maxDepth = 100;
+ xpctxt->maxDepth = 500;
xpctxt->opLimit = 500000;
/* Test namespaces used in xpath.xml */
@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
static void
xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
- ctxt->maxParserDepth = 15;
- ctxt->maxDepth = 100;
+ ctxt->maxDepth = 200;
ctxt->opLimit = 100000;
}
--
GitLab

8
libxslt.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Jun 1 10:41:44 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
- Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit
- Add upstream patches:
* libxslt-Stop-using-maxParserDepth-XPath-limit.patch
* libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch
-------------------------------------------------------------------
Wed Nov 20 12:58:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

14
libxslt.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libxslt
#
# Copyright (c) 2019 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@ Name: libxslt
Version: 1.1.34
Release: 0
Summary: XSL Transformation Library
License: MIT AND GPL-2.0-or-later
License: GPL-2.0-or-later AND MIT
Group: Development/Libraries/C and C++
URL: http://xmlsoft.org/XSLT/
Source0: ftp://xmlsoft.org/libxslt/libxslt-%{version}.tar.gz
@ -34,10 +34,14 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch
Patch1: libxslt-config-fixes.patch
Patch2: 0009-Make-generate-id-deterministic.patch
Patch3: libxslt-random-seed.patch
# PATCH-FIX-UPSTREAM gitlab.gnome.org/GNOME/libxslt/commit/9ae2f94df1721e002941b40665efb762aefcea1a
Patch4: libxslt-Stop-using-maxParserDepth-XPath-limit.patch
# PATCH-FIX-UPSTREAM gitlab.gnome.org/GNOME/libxslt/commit/77c26bad0433541f486b1e7ced44ca9979376908
Patch5: libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch
BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
BuildRequires: libxml2-devel >= 2.9.12
BuildRequires: pkgconfig
Obsoletes: libxslt-python
@ -88,7 +92,7 @@ applications that want to make use of the XSLT libraries.
%package tools
Summary: Extended Stylesheet Language (XSL) Transformation utilities
License: MIT AND GPL-2.0-or-later
License: GPL-2.0-or-later AND MIT
Group: Development/Tools/Other
Provides: %{name} = %{version}
Provides: xsltproc = %{version}
@ -103,6 +107,8 @@ xtend the
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
autoreconf -fvi