diff --git a/libxslt-1.1.33.tar.gz b/libxslt-1.1.33.tar.gz deleted file mode 100644 index e2a142d..0000000 --- a/libxslt-1.1.33.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8 -size 3444093 diff --git a/libxslt-1.1.33.tar.gz.asc b/libxslt-1.1.33.tar.gz.asc deleted file mode 100644 index 3b3c146..0000000 --- a/libxslt-1.1.33.tar.gz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8 -407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf -mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4 -BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL -QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs -sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w= -=iAm8 ------END PGP SIGNATURE----- diff --git a/libxslt-1.1.34.tar.gz b/libxslt-1.1.34.tar.gz new file mode 100644 index 0000000..4d50b6d --- /dev/null +++ b/libxslt-1.1.34.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f +size 3552258 diff --git a/libxslt-1.1.34.tar.gz.asc b/libxslt-1.1.34.tar.gz.asc new file mode 100644 index 0000000..cd78352 --- /dev/null +++ b/libxslt-1.1.34.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl257GgACgkQFViLJllr +6l2vVggAjJEHmASiS56SxhPOsGqbfBihM66gQFoIymQfMu2430N1GSTkLsfbkJO8 +8yBX11NjzK/m9uxwshMW3rVCU7EpL3PUimN3reXdPiQj9hAOAWF1V3BZNevbQC2E +FCIraioukaidf8sjUG4/sGpK/gOcP/3hYoN0HUoBigCNJjDqhijxM3M3GJJtCASp +jL4CQbs2OmxW8ixOZbuWEESvFFHUgYRsdZjRVN+GRfSOvJjxypurmYwQ3RjO7JxL +2FY8qKQ+xpeID8NV8F5OUEvWBjk1QS133VTqBZNlONdnEtV/og6jNu5k0O/Kvhup +caR+8TMErOcLr9OgDklO6DoYyAsf9Q== +=g4i4 +-----END PGP SIGNATURE----- diff --git a/libxslt-CVE-2019-11068.patch b/libxslt-CVE-2019-11068.patch deleted file mode 100644 index ed32dbe..0000000 --- a/libxslt-CVE-2019-11068.patch +++ /dev/null @@ -1,120 +0,0 @@ -From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sun, 24 Mar 2019 09:51:39 +0100 -Subject: [PATCH] Fix security framework bypass - -xsltCheckRead and xsltCheckWrite return -1 in case of error but callers -don't check for this condition and allow access. With a specially -crafted URL, xsltCheckRead could be tricked into returning an error -because of a supposedly invalid URL that would still be loaded -succesfully later on. - -Fixes #12. - -Thanks to Felix Wilhelm for the report. ---- - libxslt/documents.c | 18 ++++++++++-------- - libxslt/imports.c | 9 +++++---- - libxslt/transform.c | 9 +++++---- - libxslt/xslt.c | 9 +++++---- - 4 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/libxslt/documents.c b/libxslt/documents.c -index 3f3a7312..4aad11bb 100644 ---- a/libxslt/documents.c -+++ b/libxslt/documents.c -@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) { - int res; - - res = xsltCheckRead(ctxt->sec, ctxt, URI); -- if (res == 0) { -- xsltTransformError(ctxt, NULL, NULL, -- "xsltLoadDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(ctxt, NULL, NULL, -+ "xsltLoadDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) { - int res; - - res = xsltCheckRead(sec, NULL, URI); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltLoadStyleDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltLoadStyleDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -diff --git a/libxslt/imports.c b/libxslt/imports.c -index 874870cc..3783b247 100644 ---- a/libxslt/imports.c -+++ b/libxslt/imports.c -@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) { - int secres; - - secres = xsltCheckRead(sec, NULL, URI); -- if (secres == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsl:import: read rights for %s denied\n", -- URI); -+ if (secres <= 0) { -+ if (secres == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsl:import: read rights for %s denied\n", -+ URI); - goto error; - } - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 13793914..0636dbd0 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node, - */ - if (ctxt->sec != NULL) { - ret = xsltCheckWrite(ctxt->sec, ctxt, filename); -- if (ret == 0) { -- xsltTransformError(ctxt, NULL, inst, -- "xsltDocumentElem: write rights for %s denied\n", -- filename); -+ if (ret <= 0) { -+ if (ret == 0) -+ xsltTransformError(ctxt, NULL, inst, -+ "xsltDocumentElem: write rights for %s denied\n", -+ filename); - xmlFree(URL); - xmlFree(filename); - return; -diff --git a/libxslt/xslt.c b/libxslt/xslt.c -index 780a5ad7..a234eb79 100644 ---- a/libxslt/xslt.c -+++ b/libxslt/xslt.c -@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) { - int res; - - res = xsltCheckRead(sec, NULL, filename); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltParseStylesheetFile: read rights for %s denied\n", -- filename); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltParseStylesheetFile: read rights for %s denied\n", -+ filename); - return(NULL); - } - } --- -2.18.1 - diff --git a/libxslt-CVE-2019-13117.patch b/libxslt-CVE-2019-13117.patch deleted file mode 100644 index 8fdae24..0000000 --- a/libxslt-CVE-2019-13117.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sat, 27 Apr 2019 11:19:48 +0200 -Subject: [PATCH] Fix uninitialized read of xsl:number token - -Found by OSS-Fuzz. ---- - libxslt/numbers.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index 89e1f668..75c31eba 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, - tokens->tokens[tokens->nTokens].token = val - 1; - ix += len; - val = xmlStringCurrentChar(NULL, format+ix, &len); -- } -+ } else { -+ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; -+ tokens->tokens[tokens->nTokens].width = 1; -+ } - } else if ( (val == (xmlChar)'A') || - (val == (xmlChar)'a') || - (val == (xmlChar)'I') || --- -2.21.0 - diff --git a/libxslt-CVE-2019-13118.patch b/libxslt-CVE-2019-13118.patch deleted file mode 100644 index 3ff8916..0000000 --- a/libxslt-CVE-2019-13118.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Mon, 3 Jun 2019 13:14:45 +0200 -Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars - -The character type in xsltFormatNumberConversion was too narrow and -an invalid character/length combination could be passed to -xsltNumberFormatDecimal, resulting in an uninitialized read. - -Found by OSS-Fuzz. ---- - libxslt/numbers.c | 5 +++-- - tests/docs/bug-222.xml | 1 + - tests/general/bug-222.out | 2 ++ - tests/general/bug-222.xsl | 6 ++++++ - 4 files changed, 12 insertions(+), 2 deletions(-) - create mode 100644 tests/docs/bug-222.xml - create mode 100644 tests/general/bug-222.out - create mode 100644 tests/general/bug-222.xsl - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index f1ed8846..20b99d5a 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: - number = floor((scale * number + 0.5)) / scale; - if ((self->grouping != NULL) && - (self->grouping[0] != 0)) { -+ int gchar; - - len = xmlStrlen(self->grouping); -- pchar = xsltGetUTF8Char(self->grouping, &len); -+ gchar = xsltGetUTF8Char(self->grouping, &len); - xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], - format_info.integer_digits, - format_info.group, -- pchar, len); -+ gchar, len); - } else - xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], - format_info.integer_digits, -diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml -new file mode 100644 -index 00000000..69d62f2c ---- /dev/null -+++ b/tests/docs/bug-222.xml -@@ -0,0 +1 @@ -+ -diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out -new file mode 100644 -index 00000000..e3139698 ---- /dev/null -+++ b/tests/general/bug-222.out -@@ -0,0 +1,2 @@ -+ -+1⠢0 -diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl -new file mode 100644 -index 00000000..e32dc473 ---- /dev/null -+++ b/tests/general/bug-222.xsl -@@ -0,0 +1,6 @@ -+ -+ -+ -+ -+ -+ --- -2.21.0 - diff --git a/libxslt-CVE-2019-18197.patch b/libxslt-CVE-2019-18197.patch deleted file mode 100644 index 9c58ff8..0000000 --- a/libxslt-CVE-2019-18197.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sat, 17 Aug 2019 16:51:53 +0200 -Subject: [PATCH] Fix dangling pointer in xsltCopyText - -xsltCopyText didn't reset ctxt->lasttext in some cases which could -lead to various memory errors in relation with CDATA sections in input -documents. - -Found by OSS-Fuzz. ---- - libxslt/transform.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 95ebd073..d7ab0b66 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, - if ((copy->content = xmlStrdup(cur->content)) == NULL) - return NULL; - } -+ -+ ctxt->lasttext = NULL; - } else { - /* - * normal processing. keep counters to extend the text node --- -2.22.0 - diff --git a/libxslt-config-fixes.patch b/libxslt-config-fixes.patch index 3d4ffba..d6024d4 100644 --- a/libxslt-config-fixes.patch +++ b/libxslt-config-fixes.patch @@ -1,21 +1,13 @@ ---- xsltConf.sh.in.orig 2012-12-06 08:43:13.843408831 +0100 -+++ xsltConf.sh.in 2012-12-06 08:43:22.617391851 +0100 -@@ -2,6 +2,6 @@ +Index: xsltConf.sh.in +=================================================================== +--- xsltConf.sh.in.orig ++++ xsltConf.sh.in +@@ -2,7 +2,7 @@ # Configuration file for using the xslt library # XSLT_LIBDIR="@XSLT_LIBDIR@" -XSLT_LIBS="@XSLT_LIBS@" +XSLT_LIBS="-lxslt" + XSLT_PRIVATE_LIBS="@XSLT_PRIVATE_LIBS@" XSLT_INCLUDEDIR="@XSLT_INCLUDEDIR@" MODULE_VERSION="xslt-@VERSION@" ---- xslt-config.in.orig 2012-12-06 08:42:48.797457330 +0100 -+++ xslt-config.in 2012-12-06 08:43:10.402415492 +0100 -@@ -89,7 +89,7 @@ - shift - done - --the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@" -+the_libs="-lxslt" - if test "$includedir" != "/usr/include"; then - the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`" - else diff --git a/libxslt.changes b/libxslt.changes index a775489..9008044 100644 --- a/libxslt.changes +++ b/libxslt.changes @@ -1,3 +1,90 @@ +------------------------------------------------------------------- +Wed Nov 20 12:58:31 UTC 2019 - Pedro Monreal Gonzalez + +- Update to 1.1.34: Oct 30 2019 + * Documentation: + - Fix EXSLT web pages, Regenerate web pages + - Fix Git link in news.html + - Minor documentation fixes after recent changes + - Regenerate symbols and API docs + - Regenerate EXSLT website + * Portability: + - Remove stubs when compiling without debugger or profiler + - configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries + - configure.ac: Conditionally determine whether xml2-config should pass + shared libraries or static libraries + - xslt-config.in: Fix broken --prefix=DIR support + - libexslt.pc.in: Do not expose private library dependencies unless invoked + - libxslt.pc.in: Do not expose private library dependencies unless invoked + - Fix -Wformat-overflow warning (GCC 9) + - Stop including ansidecl.h + - Remove WIN32_EXTRA_* variables + - Build without winsock + * Bug Fixes: + - xsl:template without name and match attributes should not be allowed + - Make sure that Python tests exit with error code + - Improve handling of invalid UTF-8 in format-number + - Fix dangling pointer in xsltCopyText + - Fix memory leak in pattern compilation error path + - Fix uninitialized read with UTF-8 grouping chars + - Fix integer overflow in FORMAT_GYEAR + - Fix performance regression with xsl:number + - Backup XPath context node in xsltInitCtxtKey + - Fix unsigned integer overflow in date.c + - Fix insertion of xsl:fallback content + - Avoid quadratic behavior in xsltSaveResultTo + - Fix numbering in non-Latin scripts + - Fix uninitialized read of xsl:number token + - Fix integer overflow in _exsltDateDayInWeek + - Rework xsltAttrVT allocation + - Fix check of xsltTestCompMatch return value + - Fix security framework bypass + - Use xmlNewTextChild in EXSLT dyn:map + - Fix float casts in exsltDateDuration + - Always set context node before calling XPath iterators + - Fix attribute precedence with xsl:use-attribute-sets + - Backup context node in exsltFuncFunctionFunction + - Initialize ctxt->output before evaluating global vars + - Fix memory leak in EXSLT functions error path + * Improvements: + - Fix -Wimplicit-fallthrough warnings + - Adjust number of API index pages + - Make xsltCompileRelativePathPattern non-recursive + - Check that crypto:rc4_decrypt produces valid UTF-8 + - Avoid recursion in keys.c:skipPredicate + - xslt-config.in: Simply handling of $all_flags + - xslt-config.in: Add a --dynamic option to --libs + - xslt-config.in: Simplify basic library handling + - xslt-config.in: Remove unused variable + - xslt-config: Simply handling of --cflags + - Improve fuzzers + - Always reuse XPath context + - Compile with -Wextra + - Make profiler support optional + - Hide unused code when compiling without debugger + - Reorganize fuzzing code + - Optional operation limit + - Improve seed corpus and dictionary + - Reuse XPath context when compiling stylesheets + - Reuse XPath context in dyn:map + - Reuse XPath context in saxon:expression + - Add libFuzzer targets + - Adjust error message in expected test output + - Change bug tracker URL + - Change git repo URL + - Regenerate NEWS + - Fix misleading indentation in security.c + * Cleanups: + - Remove empty TODO file + - Remove generated file libxsltclass.txt from version control + - Rebuild docs +- Rebase patch libxslt-config-fixes.patch +- Remove patches fixed upstream: + * libxslt-CVE-2019-11068.patch + * libxslt-CVE-2019-13117.patch + * libxslt-CVE-2019-13118.patch + * libxslt-CVE-2019-18197.patch + ------------------------------------------------------------------- Mon Oct 21 13:55:37 UTC 2019 - Pedro Monreal Gonzalez diff --git a/libxslt.spec b/libxslt.spec index 4f23698..259ddd8 100644 --- a/libxslt.spec +++ b/libxslt.spec @@ -1,7 +1,7 @@ # # spec file for package libxslt # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define libname %{name}1 %define exname libexslt0 Name: libxslt -Version: 1.1.33 +Version: 1.1.34 Release: 0 Summary: XSL Transformation Library License: MIT AND GPL-2.0-or-later @@ -34,14 +34,6 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch Patch1: libxslt-config-fixes.patch Patch2: 0009-Make-generate-id-deterministic.patch Patch3: libxslt-random-seed.patch -# PATCH-FIX-UPSTREAM bsc#1132160 CVE-2019-11068 Fix security framework bypass -Patch4: libxslt-CVE-2019-11068.patch -# PATCH-FIX-UPSTREAM bsc#1140095 CVE-2019-13117 Fix uninitialized read of xsl:number token -Patch5: libxslt-CVE-2019-13117.patch -# PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars -Patch6: libxslt-CVE-2019-13118.patch -# PATCH-FIX-UPSTREAM bsc#1154609 CVE-2019-18197 Fix dangling pointer in xsltCopyText -Patch7: libxslt-CVE-2019-18197.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool @@ -111,10 +103,6 @@ xtend the %patch1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %build autoreconf -fvi