OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxslt?expand=0&rev=7

libxslt-1.1.23-CVE-2008-1767.patch

@@ -1,211 +0,0 @@
---- libxslt/pattern.c
-+++ libxslt/pattern.c
-@@ -106,7 +106,7 @@ struct _xsltCompMatch {
-     int maxStep;
-     xmlNsPtr *nsList;		/* the namespaces in scope */
-     int nsNr;			/* the number of namespaces in scope */
--    xsltStepOp steps[40];        /* ops for computation */
-+    xsltStepOpPtr steps;        /* ops for computation */
- };
- 
- typedef struct _xsltParserContext xsltParserContext;
-@@ -146,7 +146,16 @@ xsltNewCompMatch(void) {
- 	return(NULL);
-     }
-     memset(cur, 0, sizeof(xsltCompMatch));
--    cur->maxStep = 40;
-+    cur->maxStep = 10;
-+    cur->nbStep = 0;
-+    cur-> steps = (xsltStepOpPtr) xmlMalloc(sizeof(xsltStepOp) *
-+                                            cur->maxStep);
-+    if (cur->steps == NULL) {
-+	xsltTransformError(NULL, NULL, NULL,
-+		"xsltNewCompMatch : out of memory error\n");
-+	xmlFree(cur);
-+	return(NULL);
-+    }
-     cur->nsNr = 0;
-     cur->nsList = NULL;
-     cur->direct = 0;
-@@ -181,6 +190,7 @@ xsltFreeCompMatch(xsltCompMatchPtr comp)
- 	if (op->comp != NULL)
- 	    xmlXPathFreeCompExpr(op->comp);
-     }
-+    xmlFree(comp->steps);
-     memset(comp, -1, sizeof(xsltCompMatch));
-     xmlFree(comp);
- }
-@@ -279,14 +289,26 @@ static int
- xsltCompMatchAdd(xsltParserContextPtr ctxt, xsltCompMatchPtr comp,
-                  xsltOp op, xmlChar * value, xmlChar * value2, int novar)
- {
--    if (comp->nbStep >= 40) {
--        xsltTransformError(NULL, NULL, NULL,
--                         "xsltCompMatchAdd: overflow\n");
--        return (-1);
-+    if (comp->nbStep >= comp->maxStep) {
-+        xsltStepOpPtr tmp;
-+
-+	tmp = (xsltStepOpPtr) xmlRealloc(comp->steps, comp->maxStep * 2 *
-+	                                 sizeof(xsltStepOp));
-+	if (tmp == NULL) {
-+	    xsltGenericError(xsltGenericErrorContext,
-+	     "xsltCompMatchAdd: memory re-allocation failure.\n");
-+	    if (ctxt->style != NULL)
-+		ctxt->style->errors++;
-+	    return (-1);
-+	}
-+        comp->maxStep *= 2;
-+	comp->steps = tmp;
-     }
-     comp->steps[comp->nbStep].op = op;
-     comp->steps[comp->nbStep].value = value;
-     comp->steps[comp->nbStep].value2 = value2;
-+    comp->steps[comp->nbStep].value3 = NULL;
-+    comp->steps[comp->nbStep].comp = NULL;
-     if (ctxt->ctxt != NULL) {
- 	comp->steps[comp->nbStep].previousExtra =
- 	    xsltAllocateExtraCtxt(ctxt->ctxt);
-@@ -343,6 +365,7 @@ xsltSwapTopCompMatch(xsltCompMatchPtr co
- 	register xmlChar *tmp;
- 	register xsltOp op;
- 	register xmlXPathCompExprPtr expr; 
-+	register int t;
- 	i = j - 1;
- 	tmp = comp->steps[i].value;
- 	comp->steps[i].value = comp->steps[j].value;
-@@ -350,46 +373,74 @@ xsltSwapTopCompMatch(xsltCompMatchPtr co
- 	tmp = comp->steps[i].value2;
- 	comp->steps[i].value2 = comp->steps[j].value2;
- 	comp->steps[j].value2 = tmp;
-+	tmp = comp->steps[i].value3;
-+	comp->steps[i].value3 = comp->steps[j].value3;
-+	comp->steps[j].value3 = tmp;
- 	op = comp->steps[i].op;
- 	comp->steps[i].op = comp->steps[j].op;
- 	comp->steps[j].op = op;
- 	expr = comp->steps[i].comp;
- 	comp->steps[i].comp = comp->steps[j].comp;
- 	comp->steps[j].comp = expr;
-+	t = comp->steps[i].previousExtra;
-+	comp->steps[i].previousExtra = comp->steps[j].previousExtra;
-+	comp->steps[j].previousExtra = t;
-+	t = comp->steps[i].indexExtra;
-+	comp->steps[i].indexExtra = comp->steps[j].indexExtra;
-+	comp->steps[j].indexExtra = t;
-+	t = comp->steps[i].lenExtra;
-+	comp->steps[i].lenExtra = comp->steps[j].lenExtra;
-+	comp->steps[j].lenExtra = t;
-     }
- }
- 
- /**
-  * xsltReverseCompMatch:
-+ * @ctxt: the parser context
-  * @comp:  the compiled match expression
-  *
-  * reverse all the stack of expressions
-  */
- static void
--xsltReverseCompMatch(xsltCompMatchPtr comp) {
-+xsltReverseCompMatch(xsltParserContextPtr ctxt, xsltCompMatchPtr comp) {
-     int i = 0;
-     int j = comp->nbStep - 1;
- 
-     while (j > i) {
- 	register xmlChar *tmp;
- 	register xsltOp op;
--	register xmlXPathCompExprPtr expr; 
-+	register xmlXPathCompExprPtr expr;
-+	register int t;
-+
- 	tmp = comp->steps[i].value;
- 	comp->steps[i].value = comp->steps[j].value;
- 	comp->steps[j].value = tmp;
- 	tmp = comp->steps[i].value2;
- 	comp->steps[i].value2 = comp->steps[j].value2;
- 	comp->steps[j].value2 = tmp;
-+	tmp = comp->steps[i].value3;
-+	comp->steps[i].value3 = comp->steps[j].value3;
-+	comp->steps[j].value3 = tmp;
- 	op = comp->steps[i].op;
- 	comp->steps[i].op = comp->steps[j].op;
- 	comp->steps[j].op = op;
- 	expr = comp->steps[i].comp;
- 	comp->steps[i].comp = comp->steps[j].comp;
- 	comp->steps[j].comp = expr;
-+	t = comp->steps[i].previousExtra;
-+	comp->steps[i].previousExtra = comp->steps[j].previousExtra;
-+	comp->steps[j].previousExtra = t;
-+	t = comp->steps[i].indexExtra;
-+	comp->steps[i].indexExtra = comp->steps[j].indexExtra;
-+	comp->steps[j].indexExtra = t;
-+	t = comp->steps[i].lenExtra;
-+	comp->steps[i].lenExtra = comp->steps[j].lenExtra;
-+	comp->steps[j].lenExtra = t;
- 	j--;
- 	i++;
-     }
--    comp->steps[comp->nbStep++].op = XSLT_OP_END;
-+    xsltCompMatchAdd(ctxt, comp, XSLT_OP_END, NULL, NULL, 0);
-+
-     /*
-      * detect consecutive XSLT_OP_PREDICATE indicating a direct
-      * matching should be done.
-@@ -420,7 +471,8 @@ xsltReverseCompMatch(xsltCompMatchPtr co
-  ************************************************************************/
- 
- static int
--xsltPatPushState(xsltStepStates *states, int step, xmlNodePtr node) {
-+xsltPatPushState(xsltTransformContextPtr ctxt, xsltStepStates *states,
-+                 int step, xmlNodePtr node) {
-     if ((states->states == NULL) || (states->maxstates <= 0)) {
-         states->maxstates = 4;
- 	states->nbstates = 0;
-@@ -431,8 +483,12 @@ xsltPatPushState(xsltStepStates *states,
- 
- 	tmp = (xsltStepStatePtr) xmlRealloc(states->states,
- 			       2 * states->maxstates * sizeof(xsltStepState));
--	if (tmp == NULL)
-+	if (tmp == NULL) {
-+	    xsltGenericError(xsltGenericErrorContext,
-+	     "xsltPatPushState: memory re-allocation failure.\n");
-+	    ctxt->state = XSLT_STATE_STOPPED;
- 	    return(-1);
-+	}
- 	states->states = tmp;
- 	states->maxstates *= 2;
-     }
-@@ -738,12 +794,12 @@ restart:
- 		    goto rollback;
- 		node = node->parent;
- 		if ((step->op != XSLT_OP_ELEM) && step->op != XSLT_OP_ALL) {
--		    xsltPatPushState(&states, i, node);
-+		    xsltPatPushState(ctxt, &states, i, node);
- 		    continue;
- 		}
- 		i++;
- 		if (step->value == NULL) {
--		    xsltPatPushState(&states, i - 1, node);
-+		    xsltPatPushState(ctxt, &states, i - 1, node);
- 		    continue;
- 		}
- 		while (node != NULL) {
-@@ -764,7 +820,7 @@ restart:
- 		}
- 		if (node == NULL)
- 		    goto rollback;
--		xsltPatPushState(&states, i - 1, node);
-+		xsltPatPushState(ctxt, &states, i - 1, node);
- 		continue;
-             case XSLT_OP_ID: {
- 		/* TODO Handle IDs decently, must be done differently */
-@@ -1971,7 +2027,7 @@ xsltCompilePatternInternal(const xmlChar
- 	/*
- 	 * Reverse for faster interpretation.
- 	 */
--	xsltReverseCompMatch(element);
-+	xsltReverseCompMatch(ctxt, element);
- 
- 	/*
- 	 * Set-up the priority

libxslt-1.1.23.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff27f85a42c279e76e40c3e45213743a32dffb9557867ece9e3f392ef0d19a92
-size 1968351

libxslt-1.1.24-rc4-overflow.patch

@@ -0,0 +1,152 @@
+Index: libexslt/crypto.c
+===================================================================
+--- libexslt/crypto.c	(revision 1479)
++++ libexslt/crypto.c	(working copy)
+@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+     int str_len = 0, bin_len = 0, hex_len = 0;
+     xmlChar *key = NULL, *str = NULL, *padkey = NULL;
+     xmlChar *bin = NULL, *hex = NULL;
++    xsltTransformContextPtr tctxt = NULL;
+ 
+-    if ((nargs < 1) || (nargs > 3)) {
++    if (nargs != 2) {
+ 	xmlXPathSetArityError (ctxt);
+ 	return;
+     }
++    tctxt = xsltXPathGetTransformContext(ctxt);
+ 
+     str = xmlXPathPopString (ctxt);
+     str_len = xmlUTF8Strlen (str);
+@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+     }
+ 
+     key = xmlXPathPopString (ctxt);
+-    key_len = xmlUTF8Strlen (str);
++    key_len = xmlUTF8Strlen (key);
+ 
+     if (key_len == 0) {
+ 	xmlXPathReturnEmptyString (ctxt);
+@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ 	return;
+     }
+ 
+-    padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++    padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++    if (padkey == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
++    memset(padkey, 0, RC4_KEY_LENGTH + 1);
++
+     key_size = xmlUTF8Strsize (key, key_len);
++    if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
+     memcpy (padkey, key, key_size);
+-    memset (padkey + key_size, '\0', sizeof (padkey));
+ 
+ /* encrypt it */
+     bin_len = str_len;
+     bin = xmlStrdup (str);
+     if (bin == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++	tctxt->state = XSLT_STATE_STOPPED;
+ 	xmlXPathReturnEmptyString (ctxt);
+ 	goto done;
+     }
+@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+     hex_len = str_len * 2 + 1;
+     hex = xmlMallocAtomic (hex_len);
+     if (hex == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++	tctxt->state = XSLT_STATE_STOPPED;
+ 	xmlXPathReturnEmptyString (ctxt);
+ 	goto done;
+     }
+@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+     int str_len = 0, bin_len = 0, ret_len = 0;
+     xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
+ 	NULL, *ret = NULL;
++    xsltTransformContextPtr tctxt = NULL;
+ 
+-    if ((nargs < 1) || (nargs > 3)) {
++    if (nargs != 2) {
+ 	xmlXPathSetArityError (ctxt);
+ 	return;
+     }
++    tctxt = xsltXPathGetTransformContext(ctxt);
+ 
+     str = xmlXPathPopString (ctxt);
+     str_len = xmlUTF8Strlen (str);
+@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+     }
+ 
+     key = xmlXPathPopString (ctxt);
+-    key_len = xmlUTF8Strlen (str);
++    key_len = xmlUTF8Strlen (key);
+ 
+     if (key_len == 0) {
+ 	xmlXPathReturnEmptyString (ctxt);
+@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ 	return;
+     }
+ 
+-    padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++    padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++    if (padkey == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
++    memset(padkey, 0, RC4_KEY_LENGTH + 1);
+     key_size = xmlUTF8Strsize (key, key_len);
++    if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
+     memcpy (padkey, key, key_size);
+-    memset (padkey + key_size, '\0', sizeof (padkey));
+ 
+ /* decode hex to binary */
+     bin_len = str_len;
+     bin = xmlMallocAtomic (bin_len);
++    if (bin == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
+     ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
+ 
+ /* decrypt the binary blob */
+     ret = xmlMallocAtomic (ret_len);
++    if (ret == NULL) {
++	xsltTransformError(tctxt, NULL, tctxt->inst,
++	    "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++	tctxt->state = XSLT_STATE_STOPPED;
++	xmlXPathReturnEmptyString (ctxt);
++	goto done;
++    }
+     PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
+ 
+     xmlXPathReturnString (ctxt, ret);
+ 
++done:
+     if (key != NULL)
+ 	xmlFree (key);
+     if (str != NULL)

libxslt-1.1.24.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d1c733326b7f0534f2c20ddd138be9589c9d6ec33123fcdbef66add728a6143b
+size 2298254

libxslt-python.spec

@@ -1,10 +1,17 @@
 #
-# spec file for package libxslt-python (Version 1.1.23)
+# spec file for package libxslt-python (Version 1.1.24)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -14,8 +21,8 @@
 Name:           libxslt-python
 BuildRequires:  libxml2-python libxslt-devel python-devel
 Summary:        Python Bindings for libxslt
-Version:        1.1.23
-Release:        14
+Version:        1.1.24
+Release:        1
 License:        X11/MIT
 Group:          Development/Libraries/Python
 Source:         libxslt-%{version}.tar.bz2

libxslt.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Jul 18 16:09:54 CEST 2008 - prusnak@suse.cz
+
+- updated to 1.1.24:
+  * documentation: man page fix
+  * bug fixes: pattern bug fix, key initialization problems,
+               exclusion of unknown namespaced element on top of stylesheets
+               python generator syntactic cleanup
+- dropped obsoleted CVE-2008-1767.patch (included in update)
+- fixed overflow in RC4 code (rc4-overflow.patch) [bnc#410256]
+
 -------------------------------------------------------------------
 Mon May 19 12:18:36 CEST 2008 - prusnak@suse.cz
 

libxslt.spec

@@ -1,10 +1,17 @@
 #
-# spec file for package libxslt (Version 1.1.23)
+# spec file for package libxslt (Version 1.1.24)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -14,13 +21,13 @@
 Name:           libxslt
 BuildRequires:  libgcrypt libgcrypt-devel libgpg-error libgpg-error-devel libxml2-devel
 Summary:        XSL Transformation Library
-Version:        1.1.23
-Release:        12
+Version:        1.1.24
+Release:        1
 License:        X11/MIT
 Group:          System/Libraries
 Source:         %{name}-%{version}.tar.bz2
 Patch0:         %{name}-%{version}-no-net-autobuild.patch
-Patch1:         %{name}-%{version}-CVE-2008-1767.patch
+Patch1:         %{name}-%{version}-rc4-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libxml2 >= 2.6.27
 Url:            http://xmlsoft.org/XSLT/
@@ -108,6 +115,14 @@ rm -rf $RPM_BUILD_ROOT
 %doc doc/*.html doc/html doc/tutorial doc/*.gif
 
 %changelog
+* Fri Jul 18 2008 prusnak@suse.cz
+- updated to 1.1.24:
+  * documentation: man page fix
+  * bug fixes: pattern bug fix, key initialization problems,
+  exclusion of unknown namespaced element on top of stylesheets
+  python generator syntactic cleanup
+- dropped obsoleted CVE-2008-1767.patch (included in update)
+- fixed overflow in RC4 code (rc4-overflow.patch) [bnc#410256]
 * Mon May 19 2008 prusnak@suse.cz
 - fixed CVE-2008-1767 (CVE-2008-1767.patch) [bnc#391920]
 * Fri Apr 11 2008 prusnak@suse.cz