From 74e1cd3221f5051b1e0ae5a8336804ebf01c254a05e1c80bbee2b2c7db4bff5a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 6 Aug 2008 23:42:52 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxslt?expand=0&rev=7 --- libxslt-1.1.23-CVE-2008-1767.patch | 211 ------------------ libxslt-1.1.23.tar.bz2 | 3 - ...gs.patch => libxslt-1.1.24-linkflags.patch | 0 ...h => libxslt-1.1.24-no-net-autobuild.patch | 0 libxslt-1.1.24-rc4-overflow.patch | 152 +++++++++++++ libxslt-1.1.24.tar.bz2 | 3 + libxslt-python.spec | 17 +- libxslt.changes | 11 + libxslt.spec | 27 ++- 9 files changed, 199 insertions(+), 225 deletions(-) delete mode 100644 libxslt-1.1.23-CVE-2008-1767.patch delete mode 100644 libxslt-1.1.23.tar.bz2 rename libxslt-1.1.23-linkflags.patch => libxslt-1.1.24-linkflags.patch (100%) rename libxslt-1.1.23-no-net-autobuild.patch => libxslt-1.1.24-no-net-autobuild.patch (100%) create mode 100644 libxslt-1.1.24-rc4-overflow.patch create mode 100644 libxslt-1.1.24.tar.bz2 diff --git a/libxslt-1.1.23-CVE-2008-1767.patch b/libxslt-1.1.23-CVE-2008-1767.patch deleted file mode 100644 index ac7b61d..0000000 --- a/libxslt-1.1.23-CVE-2008-1767.patch +++ /dev/null @@ -1,211 +0,0 @@ ---- libxslt/pattern.c -+++ libxslt/pattern.c -@@ -106,7 +106,7 @@ struct _xsltCompMatch { - int maxStep; - xmlNsPtr *nsList; /* the namespaces in scope */ - int nsNr; /* the number of namespaces in scope */ -- xsltStepOp steps[40]; /* ops for computation */ -+ xsltStepOpPtr steps; /* ops for computation */ - }; - - typedef struct _xsltParserContext xsltParserContext; -@@ -146,7 +146,16 @@ xsltNewCompMatch(void) { - return(NULL); - } - memset(cur, 0, sizeof(xsltCompMatch)); -- cur->maxStep = 40; -+ cur->maxStep = 10; -+ cur->nbStep = 0; -+ cur-> steps = (xsltStepOpPtr) xmlMalloc(sizeof(xsltStepOp) * -+ cur->maxStep); -+ if (cur->steps == NULL) { -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltNewCompMatch : out of memory error\n"); -+ xmlFree(cur); -+ return(NULL); -+ } - cur->nsNr = 0; - cur->nsList = NULL; - cur->direct = 0; -@@ -181,6 +190,7 @@ xsltFreeCompMatch(xsltCompMatchPtr comp) - if (op->comp != NULL) - xmlXPathFreeCompExpr(op->comp); - } -+ xmlFree(comp->steps); - memset(comp, -1, sizeof(xsltCompMatch)); - xmlFree(comp); - } -@@ -279,14 +289,26 @@ static int - xsltCompMatchAdd(xsltParserContextPtr ctxt, xsltCompMatchPtr comp, - xsltOp op, xmlChar * value, xmlChar * value2, int novar) - { -- if (comp->nbStep >= 40) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltCompMatchAdd: overflow\n"); -- return (-1); -+ if (comp->nbStep >= comp->maxStep) { -+ xsltStepOpPtr tmp; -+ -+ tmp = (xsltStepOpPtr) xmlRealloc(comp->steps, comp->maxStep * 2 * -+ sizeof(xsltStepOp)); -+ if (tmp == NULL) { -+ xsltGenericError(xsltGenericErrorContext, -+ "xsltCompMatchAdd: memory re-allocation failure.\n"); -+ if (ctxt->style != NULL) -+ ctxt->style->errors++; -+ return (-1); -+ } -+ comp->maxStep *= 2; -+ comp->steps = tmp; - } - comp->steps[comp->nbStep].op = op; - comp->steps[comp->nbStep].value = value; - comp->steps[comp->nbStep].value2 = value2; -+ comp->steps[comp->nbStep].value3 = NULL; -+ comp->steps[comp->nbStep].comp = NULL; - if (ctxt->ctxt != NULL) { - comp->steps[comp->nbStep].previousExtra = - xsltAllocateExtraCtxt(ctxt->ctxt); -@@ -343,6 +365,7 @@ xsltSwapTopCompMatch(xsltCompMatchPtr co - register xmlChar *tmp; - register xsltOp op; - register xmlXPathCompExprPtr expr; -+ register int t; - i = j - 1; - tmp = comp->steps[i].value; - comp->steps[i].value = comp->steps[j].value; -@@ -350,46 +373,74 @@ xsltSwapTopCompMatch(xsltCompMatchPtr co - tmp = comp->steps[i].value2; - comp->steps[i].value2 = comp->steps[j].value2; - comp->steps[j].value2 = tmp; -+ tmp = comp->steps[i].value3; -+ comp->steps[i].value3 = comp->steps[j].value3; -+ comp->steps[j].value3 = tmp; - op = comp->steps[i].op; - comp->steps[i].op = comp->steps[j].op; - comp->steps[j].op = op; - expr = comp->steps[i].comp; - comp->steps[i].comp = comp->steps[j].comp; - comp->steps[j].comp = expr; -+ t = comp->steps[i].previousExtra; -+ comp->steps[i].previousExtra = comp->steps[j].previousExtra; -+ comp->steps[j].previousExtra = t; -+ t = comp->steps[i].indexExtra; -+ comp->steps[i].indexExtra = comp->steps[j].indexExtra; -+ comp->steps[j].indexExtra = t; -+ t = comp->steps[i].lenExtra; -+ comp->steps[i].lenExtra = comp->steps[j].lenExtra; -+ comp->steps[j].lenExtra = t; - } - } - - /** - * xsltReverseCompMatch: -+ * @ctxt: the parser context - * @comp: the compiled match expression - * - * reverse all the stack of expressions - */ - static void --xsltReverseCompMatch(xsltCompMatchPtr comp) { -+xsltReverseCompMatch(xsltParserContextPtr ctxt, xsltCompMatchPtr comp) { - int i = 0; - int j = comp->nbStep - 1; - - while (j > i) { - register xmlChar *tmp; - register xsltOp op; -- register xmlXPathCompExprPtr expr; -+ register xmlXPathCompExprPtr expr; -+ register int t; -+ - tmp = comp->steps[i].value; - comp->steps[i].value = comp->steps[j].value; - comp->steps[j].value = tmp; - tmp = comp->steps[i].value2; - comp->steps[i].value2 = comp->steps[j].value2; - comp->steps[j].value2 = tmp; -+ tmp = comp->steps[i].value3; -+ comp->steps[i].value3 = comp->steps[j].value3; -+ comp->steps[j].value3 = tmp; - op = comp->steps[i].op; - comp->steps[i].op = comp->steps[j].op; - comp->steps[j].op = op; - expr = comp->steps[i].comp; - comp->steps[i].comp = comp->steps[j].comp; - comp->steps[j].comp = expr; -+ t = comp->steps[i].previousExtra; -+ comp->steps[i].previousExtra = comp->steps[j].previousExtra; -+ comp->steps[j].previousExtra = t; -+ t = comp->steps[i].indexExtra; -+ comp->steps[i].indexExtra = comp->steps[j].indexExtra; -+ comp->steps[j].indexExtra = t; -+ t = comp->steps[i].lenExtra; -+ comp->steps[i].lenExtra = comp->steps[j].lenExtra; -+ comp->steps[j].lenExtra = t; - j--; - i++; - } -- comp->steps[comp->nbStep++].op = XSLT_OP_END; -+ xsltCompMatchAdd(ctxt, comp, XSLT_OP_END, NULL, NULL, 0); -+ - /* - * detect consecutive XSLT_OP_PREDICATE indicating a direct - * matching should be done. -@@ -420,7 +471,8 @@ xsltReverseCompMatch(xsltCompMatchPtr co - ************************************************************************/ - - static int --xsltPatPushState(xsltStepStates *states, int step, xmlNodePtr node) { -+xsltPatPushState(xsltTransformContextPtr ctxt, xsltStepStates *states, -+ int step, xmlNodePtr node) { - if ((states->states == NULL) || (states->maxstates <= 0)) { - states->maxstates = 4; - states->nbstates = 0; -@@ -431,8 +483,12 @@ xsltPatPushState(xsltStepStates *states, - - tmp = (xsltStepStatePtr) xmlRealloc(states->states, - 2 * states->maxstates * sizeof(xsltStepState)); -- if (tmp == NULL) -+ if (tmp == NULL) { -+ xsltGenericError(xsltGenericErrorContext, -+ "xsltPatPushState: memory re-allocation failure.\n"); -+ ctxt->state = XSLT_STATE_STOPPED; - return(-1); -+ } - states->states = tmp; - states->maxstates *= 2; - } -@@ -738,12 +794,12 @@ restart: - goto rollback; - node = node->parent; - if ((step->op != XSLT_OP_ELEM) && step->op != XSLT_OP_ALL) { -- xsltPatPushState(&states, i, node); -+ xsltPatPushState(ctxt, &states, i, node); - continue; - } - i++; - if (step->value == NULL) { -- xsltPatPushState(&states, i - 1, node); -+ xsltPatPushState(ctxt, &states, i - 1, node); - continue; - } - while (node != NULL) { -@@ -764,7 +820,7 @@ restart: - } - if (node == NULL) - goto rollback; -- xsltPatPushState(&states, i - 1, node); -+ xsltPatPushState(ctxt, &states, i - 1, node); - continue; - case XSLT_OP_ID: { - /* TODO Handle IDs decently, must be done differently */ -@@ -1971,7 +2027,7 @@ xsltCompilePatternInternal(const xmlChar - /* - * Reverse for faster interpretation. - */ -- xsltReverseCompMatch(element); -+ xsltReverseCompMatch(ctxt, element); - - /* - * Set-up the priority diff --git a/libxslt-1.1.23.tar.bz2 b/libxslt-1.1.23.tar.bz2 deleted file mode 100644 index b88997d..0000000 --- a/libxslt-1.1.23.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ff27f85a42c279e76e40c3e45213743a32dffb9557867ece9e3f392ef0d19a92 -size 1968351 diff --git a/libxslt-1.1.23-linkflags.patch b/libxslt-1.1.24-linkflags.patch similarity index 100% rename from libxslt-1.1.23-linkflags.patch rename to libxslt-1.1.24-linkflags.patch diff --git a/libxslt-1.1.23-no-net-autobuild.patch b/libxslt-1.1.24-no-net-autobuild.patch similarity index 100% rename from libxslt-1.1.23-no-net-autobuild.patch rename to libxslt-1.1.24-no-net-autobuild.patch diff --git a/libxslt-1.1.24-rc4-overflow.patch b/libxslt-1.1.24-rc4-overflow.patch new file mode 100644 index 0000000..c7fc87c --- /dev/null +++ b/libxslt-1.1.24-rc4-overflow.patch @@ -0,0 +1,152 @@ +Index: libexslt/crypto.c +=================================================================== +--- libexslt/crypto.c (revision 1479) ++++ libexslt/crypto.c (working copy) +@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + int str_len = 0, bin_len = 0, hex_len = 0; + xmlChar *key = NULL, *str = NULL, *padkey = NULL; + xmlChar *bin = NULL, *hex = NULL; ++ xsltTransformContextPtr tctxt = NULL; + +- if ((nargs < 1) || (nargs > 3)) { ++ if (nargs != 2) { + xmlXPathSetArityError (ctxt); + return; + } ++ tctxt = xsltXPathGetTransformContext(ctxt); + + str = xmlXPathPopString (ctxt); + str_len = xmlUTF8Strlen (str); +@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + } + + key = xmlXPathPopString (ctxt); +- key_len = xmlUTF8Strlen (str); ++ key_len = xmlUTF8Strlen (key); + + if (key_len == 0) { + xmlXPathReturnEmptyString (ctxt); +@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + return; + } + +- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); ++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); ++ if (padkey == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } ++ memset(padkey, 0, RC4_KEY_LENGTH + 1); ++ + key_size = xmlUTF8Strsize (key, key_len); ++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + memcpy (padkey, key, key_size); +- memset (padkey + key_size, '\0', sizeof (padkey)); + + /* encrypt it */ + bin_len = str_len; + bin = xmlStrdup (str); + if (bin == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); ++ tctxt->state = XSLT_STATE_STOPPED; + xmlXPathReturnEmptyString (ctxt); + goto done; + } +@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + hex_len = str_len * 2 + 1; + hex = xmlMallocAtomic (hex_len); + if (hex == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); ++ tctxt->state = XSLT_STATE_STOPPED; + xmlXPathReturnEmptyString (ctxt); + goto done; + } +@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + int str_len = 0, bin_len = 0, ret_len = 0; + xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin = + NULL, *ret = NULL; ++ xsltTransformContextPtr tctxt = NULL; + +- if ((nargs < 1) || (nargs > 3)) { ++ if (nargs != 2) { + xmlXPathSetArityError (ctxt); + return; + } ++ tctxt = xsltXPathGetTransformContext(ctxt); + + str = xmlXPathPopString (ctxt); + str_len = xmlUTF8Strlen (str); +@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + } + + key = xmlXPathPopString (ctxt); +- key_len = xmlUTF8Strlen (str); ++ key_len = xmlUTF8Strlen (key); + + if (key_len == 0) { + xmlXPathReturnEmptyString (ctxt); +@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + return; + } + +- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); ++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); ++ if (padkey == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } ++ memset(padkey, 0, RC4_KEY_LENGTH + 1); + key_size = xmlUTF8Strsize (key, key_len); ++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + memcpy (padkey, key, key_size); +- memset (padkey + key_size, '\0', sizeof (padkey)); + + /* decode hex to binary */ + bin_len = str_len; + bin = xmlMallocAtomic (bin_len); ++ if (bin == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len); + + /* decrypt the binary blob */ + ret = xmlMallocAtomic (ret_len); ++ if (ret == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len); + + xmlXPathReturnString (ctxt, ret); + ++done: + if (key != NULL) + xmlFree (key); + if (str != NULL) diff --git a/libxslt-1.1.24.tar.bz2 b/libxslt-1.1.24.tar.bz2 new file mode 100644 index 0000000..79e0248 --- /dev/null +++ b/libxslt-1.1.24.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d1c733326b7f0534f2c20ddd138be9589c9d6ec33123fcdbef66add728a6143b +size 2298254 diff --git a/libxslt-python.spec b/libxslt-python.spec index 56f4b4c..db2ee67 100644 --- a/libxslt-python.spec +++ b/libxslt-python.spec @@ -1,10 +1,17 @@ # -# spec file for package libxslt-python (Version 1.1.23) +# spec file for package libxslt-python (Version 1.1.24) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -14,8 +21,8 @@ Name: libxslt-python BuildRequires: libxml2-python libxslt-devel python-devel Summary: Python Bindings for libxslt -Version: 1.1.23 -Release: 14 +Version: 1.1.24 +Release: 1 License: X11/MIT Group: Development/Libraries/Python Source: libxslt-%{version}.tar.bz2 diff --git a/libxslt.changes b/libxslt.changes index ff9186b..126cf30 100644 --- a/libxslt.changes +++ b/libxslt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Jul 18 16:09:54 CEST 2008 - prusnak@suse.cz + +- updated to 1.1.24: + * documentation: man page fix + * bug fixes: pattern bug fix, key initialization problems, + exclusion of unknown namespaced element on top of stylesheets + python generator syntactic cleanup +- dropped obsoleted CVE-2008-1767.patch (included in update) +- fixed overflow in RC4 code (rc4-overflow.patch) [bnc#410256] + ------------------------------------------------------------------- Mon May 19 12:18:36 CEST 2008 - prusnak@suse.cz diff --git a/libxslt.spec b/libxslt.spec index 33c62ea..def4af0 100644 --- a/libxslt.spec +++ b/libxslt.spec @@ -1,10 +1,17 @@ # -# spec file for package libxslt (Version 1.1.23) +# spec file for package libxslt (Version 1.1.24) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -14,13 +21,13 @@ Name: libxslt BuildRequires: libgcrypt libgcrypt-devel libgpg-error libgpg-error-devel libxml2-devel Summary: XSL Transformation Library -Version: 1.1.23 -Release: 12 +Version: 1.1.24 +Release: 1 License: X11/MIT Group: System/Libraries Source: %{name}-%{version}.tar.bz2 Patch0: %{name}-%{version}-no-net-autobuild.patch -Patch1: %{name}-%{version}-CVE-2008-1767.patch +Patch1: %{name}-%{version}-rc4-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: libxml2 >= 2.6.27 Url: http://xmlsoft.org/XSLT/ @@ -108,6 +115,14 @@ rm -rf $RPM_BUILD_ROOT %doc doc/*.html doc/html doc/tutorial doc/*.gif %changelog +* Fri Jul 18 2008 prusnak@suse.cz +- updated to 1.1.24: + * documentation: man page fix + * bug fixes: pattern bug fix, key initialization problems, + exclusion of unknown namespaced element on top of stylesheets + python generator syntactic cleanup +- dropped obsoleted CVE-2008-1767.patch (included in update) +- fixed overflow in RC4 code (rc4-overflow.patch) [bnc#410256] * Mon May 19 2008 prusnak@suse.cz - fixed CVE-2008-1767 (CVE-2008-1767.patch) [bnc#391920] * Fri Apr 11 2008 prusnak@suse.cz