pool/libxslt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 741566 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

Browse Source 
- Security fix [bsc#1154609, CVE-2019-18197]
  * Fix dangling pointer in xsltCopyText
  * Add libxslt-CVE-2019-18197.patch

OBS-URL: https://build.opensuse.org/request/show/741566
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=80
This commit is contained in:
Tomáš Chvátal 2019-10-21 14:19:40 +00:00 committed by Git OBS Bridge
parent c1e05f2057
commit 8e9f5d7cb1
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
libxslt-CVE-2019-18197.patch Normal file
View File

@ -0,0 +1,30 @@
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 17 Aug 2019 16:51:53 +0200
Subject: [PATCH] Fix dangling pointer in xsltCopyText
xsltCopyText didn't reset ctxt->lasttext in some cases which could
lead to various memory errors in relation with CDATA sections in input
documents.
Found by OSS-Fuzz.
---
libxslt/transform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 95ebd073..d7ab0b66 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
if ((copy->content = xmlStrdup(cur->content)) == NULL)
return NULL;
}
+
+ ctxt->lasttext = NULL;
} else {
/*
* normal processing. keep counters to extend the text node
--
2.22.0

7
libxslt.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Oct 21 13:55:37 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix [bsc#1154609, CVE-2019-18197]
* Fix dangling pointer in xsltCopyText
* Add libxslt-CVE-2019-18197.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 1 08:24:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> Tue Oct 1 08:24:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

3
libxslt.spec
View File

@ -40,6 +40,8 @@ Patch4: libxslt-CVE-2019-11068.patch
Patch5: libxslt-CVE-2019-13117.patch Patch5: libxslt-CVE-2019-13117.patch
# PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars # PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars
Patch6: libxslt-CVE-2019-13118.patch Patch6: libxslt-CVE-2019-13118.patch
# PATCH-FIX-UPSTREAM bsc#1154609 CVE-2019-18197 Fix dangling pointer in xsltCopyText
Patch7: libxslt-CVE-2019-18197.patch
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel BuildRequires: libgpg-error-devel
BuildRequires: libtool BuildRequires: libtool
@ -112,6 +114,7 @@ xtend the
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
%build %build
autoreconf -fvi autoreconf -fvi