pool/libxslt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 750071 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

Browse Source 
- Update to 1.1.34: Oct 30 2019
  * Documentation:
    - Fix EXSLT web pages, Regenerate web pages
    - Fix Git link in news.html
    - Minor documentation fixes after recent changes
    - Regenerate symbols and API docs
    - Regenerate EXSLT website
  * Portability:
    - Remove stubs when compiling without debugger or profiler
    - configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries
    - configure.ac: Conditionally determine whether xml2-config should pass
      shared libraries or static libraries
    - xslt-config.in: Fix broken --prefix=DIR support
    - libexslt.pc.in: Do not expose private library dependencies unless invoked
    - libxslt.pc.in: Do not expose private library dependencies unless invoked
    - Fix -Wformat-overflow warning (GCC 9)
    - Stop including ansidecl.h
    - Remove WIN32_EXTRA_* variables
    - Build without winsock
  * Bug Fixes:
    - xsl:template without name and match attributes should not be allowed
    - Make sure that Python tests exit with error code
    - Improve handling of invalid UTF-8 in format-number
    - Fix dangling pointer in xsltCopyText
    - Fix memory leak in pattern compilation error path
    - Fix uninitialized read with UTF-8 grouping chars
    - Fix integer overflow in FORMAT_GYEAR
    - Fix performance regression with xsl:number
    - Backup XPath context node in xsltInitCtxtKey
    - Fix unsigned integer overflow in date.c

OBS-URL: https://build.opensuse.org/request/show/750071
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=82
This commit is contained in:
Tomáš Chvátal 2019-11-21 12:12:55 +00:00 committed by Git OBS Bridge
parent 8e9f5d7cb1
commit 94f02f6c77
11 changed files with 109 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libxslt-1.1.33.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
size 3444093

10
libxslt-1.1.33.tar.gz.asc
View File

@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
=iAm8
-----END PGP SIGNATURE-----

3
libxslt-1.1.34.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
size 3552258

11
libxslt-1.1.34.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl257GgACgkQFViLJllr
6l2vVggAjJEHmASiS56SxhPOsGqbfBihM66gQFoIymQfMu2430N1GSTkLsfbkJO8
8yBX11NjzK/m9uxwshMW3rVCU7EpL3PUimN3reXdPiQj9hAOAWF1V3BZNevbQC2E
FCIraioukaidf8sjUG4/sGpK/gOcP/3hYoN0HUoBigCNJjDqhijxM3M3GJJtCASp
jL4CQbs2OmxW8ixOZbuWEESvFFHUgYRsdZjRVN+GRfSOvJjxypurmYwQ3RjO7JxL
2FY8qKQ+xpeID8NV8F5OUEvWBjk1QS133VTqBZNlONdnEtV/og6jNu5k0O/Kvhup
caR+8TMErOcLr9OgDklO6DoYyAsf9Q==
=g4i4
-----END PGP SIGNATURE-----

120
libxslt-CVE-2019-11068.patch
View File

@ -1,120 +0,0 @@
From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 24 Mar 2019 09:51:39 +0100
Subject: [PATCH] Fix security framework bypass
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.
Fixes #12.
Thanks to Felix Wilhelm for the report.
---
libxslt/documents.c | 18 ++++++++++--------
libxslt/imports.c | 9 +++++----
libxslt/transform.c | 9 +++++----
libxslt/xslt.c | 9 +++++----
4 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/libxslt/documents.c b/libxslt/documents.c
index 3f3a7312..4aad11bb 100644
--- a/libxslt/documents.c
+++ b/libxslt/documents.c
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
int res;
res = xsltCheckRead(ctxt->sec, ctxt, URI);
- if (res == 0) {
- xsltTransformError(ctxt, NULL, NULL,
- "xsltLoadDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(ctxt, NULL, NULL,
+ "xsltLoadDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
int res;
res = xsltCheckRead(sec, NULL, URI);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltLoadStyleDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltLoadStyleDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
diff --git a/libxslt/imports.c b/libxslt/imports.c
index 874870cc..3783b247 100644
--- a/libxslt/imports.c
+++ b/libxslt/imports.c
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
int secres;
secres = xsltCheckRead(sec, NULL, URI);
- if (secres == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsl:import: read rights for %s denied\n",
- URI);
+ if (secres <= 0) {
+ if (secres == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsl:import: read rights for %s denied\n",
+ URI);
goto error;
}
}
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 13793914..0636dbd0 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
*/
if (ctxt->sec != NULL) {
ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
- if (ret == 0) {
- xsltTransformError(ctxt, NULL, inst,
- "xsltDocumentElem: write rights for %s denied\n",
- filename);
+ if (ret <= 0) {
+ if (ret == 0)
+ xsltTransformError(ctxt, NULL, inst,
+ "xsltDocumentElem: write rights for %s denied\n",
+ filename);
xmlFree(URL);
xmlFree(filename);
return;
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 780a5ad7..a234eb79 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
int res;
res = xsltCheckRead(sec, NULL, filename);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltParseStylesheetFile: read rights for %s denied\n",
- filename);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltParseStylesheetFile: read rights for %s denied\n",
+ filename);
return(NULL);
}
}
--
2.18.1

29
libxslt-CVE-2019-13117.patch
View File

@ -1,29 +0,0 @@
From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 27 Apr 2019 11:19:48 +0200
Subject: [PATCH] Fix uninitialized read of xsl:number token
Found by OSS-Fuzz.
---
libxslt/numbers.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index 89e1f668..75c31eba 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
tokens->tokens[tokens->nTokens].token = val - 1;
ix += len;
val = xmlStringCurrentChar(NULL, format+ix, &len);
- }
+ } else {
+ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
+ tokens->tokens[tokens->nTokens].width = 1;
+ }
} else if ( (val == (xmlChar)'A') ||
(val == (xmlChar)'a') ||
(val == (xmlChar)'I') ||
--
2.21.0

71
libxslt-CVE-2019-13118.patch
View File

@ -1,71 +0,0 @@
From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 3 Jun 2019 13:14:45 +0200
Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
The character type in xsltFormatNumberConversion was too narrow and
an invalid character/length combination could be passed to
xsltNumberFormatDecimal, resulting in an uninitialized read.
Found by OSS-Fuzz.
---
libxslt/numbers.c | 5 +++--
tests/docs/bug-222.xml | 1 +
tests/general/bug-222.out | 2 ++
tests/general/bug-222.xsl | 6 ++++++
4 files changed, 12 insertions(+), 2 deletions(-)
create mode 100644 tests/docs/bug-222.xml
create mode 100644 tests/general/bug-222.out
create mode 100644 tests/general/bug-222.xsl
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index f1ed8846..20b99d5a 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
number = floor((scale * number + 0.5)) / scale;
if ((self->grouping != NULL) &&
(self->grouping[0] != 0)) {
+ int gchar;
len = xmlStrlen(self->grouping);
- pchar = xsltGetUTF8Char(self->grouping, &len);
+ gchar = xsltGetUTF8Char(self->grouping, &len);
xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
format_info.integer_digits,
format_info.group,
- pchar, len);
+ gchar, len);
} else
xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
format_info.integer_digits,
diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
new file mode 100644
index 00000000..69d62f2c
--- /dev/null
+++ b/tests/docs/bug-222.xml
@@ -0,0 +1 @@
+<doc/>
diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
new file mode 100644
index 00000000..e3139698
--- /dev/null
+++ b/tests/general/bug-222.out
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+1⠢0
diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
new file mode 100644
index 00000000..e32dc473
--- /dev/null
+++ b/tests/general/bug-222.xsl
@@ -0,0 +1,6 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+ <xsl:decimal-format name="f" grouping-separator="⠢"/>
+ <xsl:template match="/">
+ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
+ </xsl:template>
+</xsl:stylesheet>
--
2.21.0

30
libxslt-CVE-2019-18197.patch
View File

@ -1,30 +0,0 @@
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 17 Aug 2019 16:51:53 +0200
Subject: [PATCH] Fix dangling pointer in xsltCopyText
xsltCopyText didn't reset ctxt->lasttext in some cases which could
lead to various memory errors in relation with CDATA sections in input
documents.
Found by OSS-Fuzz.
---
libxslt/transform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 95ebd073..d7ab0b66 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
if ((copy->content = xmlStrdup(cur->content)) == NULL)
return NULL;
}
+
+ ctxt->lasttext = NULL;
} else {
/*
* normal processing. keep counters to extend the text node
--
2.22.0

20
libxslt-config-fixes.patch
View File

@ -1,21 +1,13 @@
--- xsltConf.sh.in.orig 2012-12-06 08:43:13.843408831 +0100
+++ xsltConf.sh.in 2012-12-06 08:43:22.617391851 +0100
@@ -2,6 +2,6 @@
Index: xsltConf.sh.in
===================================================================
--- xsltConf.sh.in.orig
+++ xsltConf.sh.in
@@ -2,7 +2,7 @@
# Configuration file for using the xslt library
#
XSLT_LIBDIR="@XSLT_LIBDIR@"
-XSLT_LIBS="@XSLT_LIBS@"
+XSLT_LIBS="-lxslt"
XSLT_PRIVATE_LIBS="@XSLT_PRIVATE_LIBS@"
XSLT_INCLUDEDIR="@XSLT_INCLUDEDIR@"
MODULE_VERSION="xslt-@VERSION@"
--- xslt-config.in.orig 2012-12-06 08:42:48.797457330 +0100
+++ xslt-config.in 2012-12-06 08:43:10.402415492 +0100
@@ -89,7 +89,7 @@
shift
done
-the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
+the_libs="-lxslt"
if test "$includedir" != "/usr/include"; then
the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`"
else

87
libxslt.changes
View File

@ -1,3 +1,90 @@
-------------------------------------------------------------------
Wed Nov 20 12:58:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.1.34: Oct 30 2019
* Documentation:
- Fix EXSLT web pages, Regenerate web pages
- Fix Git link in news.html
- Minor documentation fixes after recent changes
- Regenerate symbols and API docs
- Regenerate EXSLT website
* Portability:
- Remove stubs when compiling without debugger or profiler
- configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries
- configure.ac: Conditionally determine whether xml2-config should pass
shared libraries or static libraries
- xslt-config.in: Fix broken --prefix=DIR support
- libexslt.pc.in: Do not expose private library dependencies unless invoked
- libxslt.pc.in: Do not expose private library dependencies unless invoked
- Fix -Wformat-overflow warning (GCC 9)
- Stop including ansidecl.h
- Remove WIN32_EXTRA_* variables
- Build without winsock
* Bug Fixes:
- xsl:template without name and match attributes should not be allowed
- Make sure that Python tests exit with error code
- Improve handling of invalid UTF-8 in format-number
- Fix dangling pointer in xsltCopyText
- Fix memory leak in pattern compilation error path
- Fix uninitialized read with UTF-8 grouping chars
- Fix integer overflow in FORMAT_GYEAR
- Fix performance regression with xsl:number
- Backup XPath context node in xsltInitCtxtKey
- Fix unsigned integer overflow in date.c
- Fix insertion of xsl:fallback content
- Avoid quadratic behavior in xsltSaveResultTo
- Fix numbering in non-Latin scripts
- Fix uninitialized read of xsl:number token
- Fix integer overflow in _exsltDateDayInWeek
- Rework xsltAttrVT allocation
- Fix check of xsltTestCompMatch return value
- Fix security framework bypass
- Use xmlNewTextChild in EXSLT dyn:map
- Fix float casts in exsltDateDuration
- Always set context node before calling XPath iterators
- Fix attribute precedence with xsl:use-attribute-sets
- Backup context node in exsltFuncFunctionFunction
- Initialize ctxt->output before evaluating global vars
- Fix memory leak in EXSLT functions error path
* Improvements:
- Fix -Wimplicit-fallthrough warnings
- Adjust number of API index pages
- Make xsltCompileRelativePathPattern non-recursive
- Check that crypto:rc4_decrypt produces valid UTF-8
- Avoid recursion in keys.c:skipPredicate
- xslt-config.in: Simply handling of $all_flags
- xslt-config.in: Add a --dynamic option to --libs
- xslt-config.in: Simplify basic library handling
- xslt-config.in: Remove unused variable
- xslt-config: Simply handling of --cflags
- Improve fuzzers
- Always reuse XPath context
- Compile with -Wextra
- Make profiler support optional
- Hide unused code when compiling without debugger
- Reorganize fuzzing code
- Optional operation limit
- Improve seed corpus and dictionary
- Reuse XPath context when compiling stylesheets
- Reuse XPath context in dyn:map
- Reuse XPath context in saxon:expression
- Add libFuzzer targets
- Adjust error message in expected test output
- Change bug tracker URL
- Change git repo URL
- Regenerate NEWS
- Fix misleading indentation in security.c
* Cleanups:
- Remove empty TODO file
- Remove generated file libxsltclass.txt from version control
- Rebuild docs
- Rebase patch libxslt-config-fixes.patch
- Remove patches fixed upstream:
* libxslt-CVE-2019-11068.patch
* libxslt-CVE-2019-13117.patch
* libxslt-CVE-2019-13118.patch
* libxslt-CVE-2019-18197.patch
-------------------------------------------------------------------
Mon Oct 21 13:55:37 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

16
libxslt.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libxslt
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
%define libname %{name}1
%define exname libexslt0
Name: libxslt
Version: 1.1.33
Version: 1.1.34
Release: 0
Summary: XSL Transformation Library
License: MIT AND GPL-2.0-or-later
@ -34,14 +34,6 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch
Patch1: libxslt-config-fixes.patch
Patch2: 0009-Make-generate-id-deterministic.patch
Patch3: libxslt-random-seed.patch
# PATCH-FIX-UPSTREAM bsc#1132160 CVE-2019-11068 Fix security framework bypass
Patch4: libxslt-CVE-2019-11068.patch
# PATCH-FIX-UPSTREAM bsc#1140095 CVE-2019-13117 Fix uninitialized read of xsl:number token
Patch5: libxslt-CVE-2019-13117.patch
# PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars
Patch6: libxslt-CVE-2019-13118.patch
# PATCH-FIX-UPSTREAM bsc#1154609 CVE-2019-18197 Fix dangling pointer in xsltCopyText
Patch7: libxslt-CVE-2019-18197.patch
BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel
BuildRequires: libtool
@ -111,10 +103,6 @@ xtend the
%patch1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
autoreconf -fvi