daftaupe/opt
1
0
Fork 0
forked from ports/opt
Code Pull Requests Activity

libxslt: 1.1.28 -> 1.1.29

Browse Source
This commit is contained in:
Danny Rawlins 2016-08-10 20:29:45 +10:00
parent 31d861f600
commit ee5bfee59e
4 changed files with 9 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libxslt/.footprint
View File

@ -38,9 +38,9 @@ lrwxrwxrwx root/root usr/lib/libexslt.so.0 -> libexslt.so.0.8.17
drwxr-xr-x root/root usr/lib/libxslt-plugins/
-rw-r--r-- root/root usr/lib/libxslt.a
-rwxr-xr-x root/root usr/lib/libxslt.la
lrwxrwxrwx root/root usr/lib/libxslt.so -> libxslt.so.1.1.28
lrwxrwxrwx root/root usr/lib/libxslt.so.1 -> libxslt.so.1.1.28
-rwxr-xr-x root/root usr/lib/libxslt.so.1.1.28
lrwxrwxrwx root/root usr/lib/libxslt.so -> libxslt.so.1.1.29
lrwxrwxrwx root/root usr/lib/libxslt.so.1 -> libxslt.so.1.1.29
-rwxr-xr-x root/root usr/lib/libxslt.so.1.1.29
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/libexslt.pc
-rw-r--r-- root/root usr/lib/pkgconfig/libxslt.pc

3
libxslt/.md5sum
View File

@ -1,2 +1 @@
b97b695cbe4171f8cb10df41f652aba5 CVE-2015-7995.patch
9667bf6f9310b957254fdcf6596600b7 libxslt-1.1.28.tar.gz
a129d3c44c022de3b9dcf6d6f288d72e libxslt-1.1.29.tar.gz

29
libxslt/CVE-2015-7995.patch
View File

@ -1,29 +0,0 @@
From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 29 Oct 2015 19:33:23 +0800
Subject: Fix for type confusion in preprocessing attributes
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
---
libxslt/preproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxslt/preproc.c b/libxslt/preproc.c
index 0eb80a0..7f69325 100644
--- a/libxslt/preproc.c
+++ b/libxslt/preproc.c
@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
} else if (IS_XSLT_NAME(inst, "attribute")) {
xmlNodePtr parent = inst->parent;
- if ((parent == NULL) || (parent->ns == NULL) ||
+ if ((parent == NULL) ||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
((parent->ns != inst->ns) &&
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
--
cgit v0.11.2

11
libxslt/Pkgfile
View File

@ -5,21 +5,20 @@
# Depends on: libxml2 zlib xz
name=libxslt
version=1.1.28
release=3
source=(ftp://xmlsoft.org/libxml2/$name-$version.tar.gz
CVE-2015-7995.patch)
version=1.1.29
release=1
source=(http://xmlsoft.org/sources/$name-$version.tar.gz)
build() {
cd $name-$version
patch -p1 -i $SRC/CVE-2015-7995.patch
./configure \
--prefix=/usr \
--without-python \
--without-crypto
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
make DESTDIR=$PKG install