Accepting request 397037 from home:kstreitova:branches:devel:libraries:c_c++

- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix
  type confusion in preprocessing attributes [bnc#952474],
  [CVE-2015-7995]

- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix
  type confusion in preprocessing attributes [bnc#952474],
  [CVE-2015-7995]

OBS-URL: https://build.opensuse.org/request/show/397037
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=49

libxslt-1.1.28-type_confusion_preprocess_attr.patch

@@ -0,0 +1,29 @@
+From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 29 Oct 2015 19:33:23 +0800
+Subject: Fix for type confusion in preprocessing attributes
+
+CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
+We need to check that the parent node is an element before dereferencing
+its namespace
+---
+ libxslt/preproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/preproc.c b/libxslt/preproc.c
+index 0eb80a0..7f69325 100644
+--- a/libxslt/preproc.c
++++ b/libxslt/preproc.c
+@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
+ 	} else if (IS_XSLT_NAME(inst, "attribute")) {
+ 	    xmlNodePtr parent = inst->parent;
+ 
+-	    if ((parent == NULL) || (parent->ns == NULL) ||
++	    if ((parent == NULL) ||
++	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
+ 		((parent->ns != inst->ns) &&
+ 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
+ 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
+-- 
+cgit v0.12
+

libxslt-python.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri May 20 13:55:16 UTC 2016 - kstreitova@suse.com
+
+- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix
+  type confusion in preprocessing attributes [bnc#952474],
+  [CVE-2015-7995]
+
 -------------------------------------------------------------------
 Wed Jan 16 08:57:51 UTC 2013 - dl8fcl@darc.de
 

libxslt-python.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libxslt-python
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,8 @@ Patch0:         libxslt-1.1.24-linkflags.patch
 # pbleser: don't build the doc subdir as it's broken and we don't install
 # it anyway; neither build the xsltproc subdir (not packaged here, faster)
 Patch1:         libxslt-do_not_build_doc_nor_xsltproc.patch
+# PATCH-FIX-UPSTREAM bnc#952474 CVE-2015-7995 kstreitova@suse.com -- fix for type confusion in preprocessing attributes
+Patch2:         libxslt-1.1.28-type_confusion_preprocess_attr.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{py_requires}
 Url:            http://xmlsoft.org/XSLT/
@@ -62,6 +64,7 @@ XSLT language with XPath functions written in Python.
 %setup -q -n libxslt-%{version}
 %patch0
 %patch1
+%patch2 -p1
 
 %build
 autoreconf --force --install

libxslt.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri May 20 13:53:45 UTC 2016 - kstreitova@suse.com
+
+- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix
+  type confusion in preprocessing attributes [bnc#952474],
+  [CVE-2015-7995]
+
 -------------------------------------------------------------------
 Thu Apr  9 06:47:23 UTC 2015 - suse@microstep-mis.com
 

libxslt.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libxslt
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,8 @@ Source3:        xslt-config.1.gz
 Patch0:         %{name}-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-config-fixes.patch
 Patch2:         0009-Make-generate-id-deterministic.patch
+# PATCH-FIX-UPSTREAM bnc#952474 CVE-2015-7995 kstreitova@suse.com -- fix for type confusion in preprocessing attributes
+Patch3:         libxslt-1.1.28-type_confusion_preprocess_attr.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpg-error-devel
@@ -122,6 +124,7 @@ This package contains xsltproc, a command line interface to the XSLT engine.
 %patch0
 %patch1
 %patch2 -p1
+%patch3 -p1
 
 %build
 autoreconf --force --install --verbose