diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2022-09-19 15:24:22 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2022-09-19 15:24:22 +0000 |
commit | e685fee46cde62546839b510387b83445610681e (patch) | |
tree | a0d0455a3f29a7dda9983a24d6fa2e5f78d76dd7 | |
parent | 2dd72dca5742a6dc7574d716dcfdff8bc989b02c (diff) | |
download | pkgsrc-e685fee46cde62546839b510387b83445610681e.tar.gz |
Pullup ticket #6671 - requested by gutteridge
textproc/libxslt: security fix
Revisions pulled up:
- textproc/libxslt/Makefile 1.120
- textproc/libxslt/distinfo 1.69
- textproc/libxslt/patches/patch-libxslt_transform.c 1.1
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 13 21:34:00 UTC 2022
Modified Files:
pkgsrc/textproc/libxslt: Makefile distinfo
Added Files:
pkgsrc/textproc/libxslt/patches: patch-libxslt_transform.c
Log Message:
libxslt: address CVE-2021-30560
Cherry-picked from the (new) upstream's 1.1.35 release.
-rw-r--r-- | textproc/libxslt/Makefile | 4 | ||||
-rw-r--r-- | textproc/libxslt/distinfo | 3 | ||||
-rw-r--r-- | textproc/libxslt/patches/patch-libxslt_transform.c | 159 |
3 files changed, 163 insertions, 3 deletions
diff --git a/textproc/libxslt/Makefile b/textproc/libxslt/Makefile index 17ac32d7973..b3abe93531e 100644 --- a/textproc/libxslt/Makefile +++ b/textproc/libxslt/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.118 2022/04/18 19:10:09 adam Exp $ +# $NetBSD: Makefile,v 1.118.2.1 2022/09/19 15:24:22 bsiegert Exp $ .include "Makefile.common" -PKGREVISION= 8 +PKGREVISION= 10 BUILD_DEPENDS+= docbook-xml-[0-9]*:../../textproc/docbook-xml BUILD_DEPENDS+= docbook-xsl-[0-9]*:../../textproc/docbook-xsl diff --git a/textproc/libxslt/distinfo b/textproc/libxslt/distinfo index fc29f68d5f2..2616af27a69 100644 --- a/textproc/libxslt/distinfo +++ b/textproc/libxslt/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.68 2021/10/26 11:22:18 nia Exp $ +$NetBSD: distinfo,v 1.68.6.1 2022/09/19 15:24:22 bsiegert Exp $ BLAKE2s (libxslt-1.1.34.tar.gz) = e17d720708ac550a120ee49856cf3c4ea92663fc42e5011bbae1d3e660519183 SHA512 (libxslt-1.1.34.tar.gz) = 1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b Size (libxslt-1.1.34.tar.gz) = 3552258 bytes SHA1 (patch-configure) = a63c214c7f5e4c4f89307c18519240372382c2fa SHA1 (patch-libexslt_date.c) = 40ce3940a93b6a2dc804f62676909d3313e0ea52 +SHA1 (patch-libxslt_transform.c) = 6d76f6fd91a8729bb6a3b61f4866453c0fd08c62 diff --git a/textproc/libxslt/patches/patch-libxslt_transform.c b/textproc/libxslt/patches/patch-libxslt_transform.c new file mode 100644 index 00000000000..23ccf8f75a5 --- /dev/null +++ b/textproc/libxslt/patches/patch-libxslt_transform.c @@ -0,0 +1,159 @@ +$NetBSD: patch-libxslt_transform.c,v 1.1.2.2 2022/09/19 15:24:22 bsiegert Exp $ + +Address CVE-2021-30560 +https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 + +--- libxslt/transform.c.orig 2019-10-23 17:36:39.000000000 +0000 ++++ libxslt/transform.c +@@ -1895,7 +1895,7 @@ static void + xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node, + xsltStackElemPtr params) { + xmlNodePtr copy; +- xmlNodePtr delete = NULL, cur; ++ xmlNodePtr cur; + int nbchild = 0, oldSize; + int childno = 0, oldPos; + xsltTemplatePtr template; +@@ -1968,54 +1968,13 @@ xsltDefaultProcessOneNode(xsltTransformC + return; + } + /* +- * Handling of Elements: first pass, cleanup and counting ++ * Handling of Elements: first pass, counting + */ + cur = node->children; + while (cur != NULL) { +- switch (cur->type) { +- case XML_TEXT_NODE: +- case XML_CDATA_SECTION_NODE: +- case XML_DOCUMENT_NODE: +- case XML_HTML_DOCUMENT_NODE: +- case XML_ELEMENT_NODE: +- case XML_PI_NODE: +- case XML_COMMENT_NODE: +- nbchild++; +- break; +- case XML_DTD_NODE: +- /* Unlink the DTD, it's still reachable using doc->intSubset */ +- if (cur->next != NULL) +- cur->next->prev = cur->prev; +- if (cur->prev != NULL) +- cur->prev->next = cur->next; +- break; +- default: +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: skipping node type %d\n", +- cur->type)); +-#endif +- delete = cur; +- } ++ if (IS_XSLT_REAL_NODE(cur)) ++ nbchild++; + cur = cur->next; +- if (delete != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); +-#endif +- xmlUnlinkNode(delete); +- xmlFreeNode(delete); +- delete = NULL; +- } +- } +- if (delete != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, +- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); +-#endif +- xmlUnlinkNode(delete); +- xmlFreeNode(delete); +- delete = NULL; + } + + /* +@@ -4864,7 +4823,7 @@ xsltApplyTemplates(xsltTransformContextP + xsltStylePreCompPtr comp = (xsltStylePreCompPtr) castedComp; + #endif + int i; +- xmlNodePtr cur, delNode = NULL, oldContextNode; ++ xmlNodePtr cur, oldContextNode; + xmlNodeSetPtr list = NULL, oldList; + xsltStackElemPtr withParams = NULL; + int oldXPProximityPosition, oldXPContextSize; +@@ -4998,73 +4957,9 @@ xsltApplyTemplates(xsltTransformContextP + else + cur = NULL; + while (cur != NULL) { +- switch (cur->type) { +- case XML_TEXT_NODE: +- if ((IS_BLANK_NODE(cur)) && +- (cur->parent != NULL) && +- (cur->parent->type == XML_ELEMENT_NODE) && +- (ctxt->style->stripSpaces != NULL)) { +- const xmlChar *val; +- +- if (cur->parent->ns != NULL) { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- cur->parent->name, +- cur->parent->ns->href); +- if (val == NULL) { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- BAD_CAST "*", +- cur->parent->ns->href); +- } +- } else { +- val = (const xmlChar *) +- xmlHashLookup2(ctxt->style->stripSpaces, +- cur->parent->name, NULL); +- } +- if ((val != NULL) && +- (xmlStrEqual(val, (xmlChar *) "strip"))) { +- delNode = cur; +- break; +- } +- } +- /* Intentional fall-through */ +- case XML_ELEMENT_NODE: +- case XML_DOCUMENT_NODE: +- case XML_HTML_DOCUMENT_NODE: +- case XML_CDATA_SECTION_NODE: +- case XML_PI_NODE: +- case XML_COMMENT_NODE: +- xmlXPathNodeSetAddUnique(list, cur); +- break; +- case XML_DTD_NODE: +- /* Unlink the DTD, it's still reachable +- * using doc->intSubset */ +- if (cur->next != NULL) +- cur->next->prev = cur->prev; +- if (cur->prev != NULL) +- cur->prev->next = cur->next; +- break; +- case XML_NAMESPACE_DECL: +- break; +- default: +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, +- "xsltApplyTemplates: skipping cur type %d\n", +- cur->type)); +-#endif +- delNode = cur; +- } ++ if (IS_XSLT_REAL_NODE(cur)) ++ xmlXPathNodeSetAddUnique(list, cur); + cur = cur->next; +- if (delNode != NULL) { +-#ifdef WITH_XSLT_DEBUG_PROCESS +- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, +- "xsltApplyTemplates: removing ignorable blank cur\n")); +-#endif +- xmlUnlinkNode(delNode); +- xmlFreeNode(delNode); +- delNode = NULL; +- } + } + } + |