aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-23 04:24:34 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-11-01 18:50:30 +0000
commit15d065f8bf5e73b1d88ca046d99933d217781aab (patch)
tree6aec4044c9a58530836e69d7e604e82a8466b6fb
parenta768534b7471a45e098289cfc2096678a0c18f32 (diff)
downloadaports-15d065f8bf5e73b1d88ca046d99933d217781aab.tar.gz
aports-15d065f8bf5e73b1d88ca046d99933d217781aab.tar.bz2
aports-15d065f8bf5e73b1d88ca046d99933d217781aab.tar.xz
main/libxslt: upgrade to 1.1.34
Drop python2 bindings due to pending EOL of python2. There is no python3 support upstream, so no python3 bindings are generated instead. Closes !689
-rw-r--r--main/libxslt/APKBUILD37
-rw-r--r--main/libxslt/CVE-2019-11068.patch120
2 files changed, 15 insertions, 142 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index a8da85328b..a955193ea1 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -1,24 +1,28 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
pkgname=libxslt
-pkgver=1.1.33
-pkgrel=1
+pkgver=1.1.34
+pkgrel=0
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/"
arch="all"
license="custom"
-makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev"
-subpackages="$pkgname-dev $pkgname-doc py2-$pkgname:py2"
-source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
- CVE-2019-11068.patch
- "
-builddir="$srcdir/$pkgname-$pkgver"
+makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://xmlsoft.org/sources/libxslt-$pkgver.tar.gz"
# secfixes:
+# 1.1.33-r3:
+# - CVE-2019-18197
# 1.1.33-r1:
-# - CVE-2019-11068
+# - CVE-2019-11068
# 1.1.29-r1:
-# - CVE-2017-5029
+# - CVE-2017-5029
+
+prepare() {
+ default_prepare
+ chmod 644 python/tests/*
+}
build() {
cd "$builddir"
@@ -36,15 +40,4 @@ package() {
make DESTDIR="$pkgdir" install
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
-
-py2() {
- pkgdesc="$pkgname python2 bindings"
- provides="py-libxslt=$pkgver-r$pkgrel" # for backward compatibility
- replaces="py-libxslt" # for backward compatibility
-
- install -d "$subpkgdir"/usr/lib
- mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
-}
-
-sha512sums="ebbe438a38bf6355950167d3b580edc22baa46a77068c18c42445c1c9c716d42bed3b30c5cd5bec359ab32d03843224dae458e9e32dc61693e7cf4bab23536e0 libxslt-1.1.33.tar.gz
-9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch"
+sha512sums="1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b libxslt-1.1.34.tar.gz"
diff --git a/main/libxslt/CVE-2019-11068.patch b/main/libxslt/CVE-2019-11068.patch
deleted file mode 100644
index 260f35d1a3..0000000000
--- a/main/libxslt/CVE-2019-11068.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sun, 24 Mar 2019 09:51:39 +0100
-Subject: [PATCH] Fix security framework bypass
-
-xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
-don't check for this condition and allow access. With a specially
-crafted URL, xsltCheckRead could be tricked into returning an error
-because of a supposedly invalid URL that would still be loaded
-succesfully later on.
-
-Fixes #12.
-
-Thanks to Felix Wilhelm for the report.
----
- libxslt/documents.c | 18 ++++++++++--------
- libxslt/imports.c | 9 +++++----
- libxslt/transform.c | 9 +++++----
- libxslt/xslt.c | 9 +++++----
- 4 files changed, 25 insertions(+), 20 deletions(-)
-
-diff --git a/libxslt/documents.c b/libxslt/documents.c
-index 3f3a7312..4aad11bb 100644
---- a/libxslt/documents.c
-+++ b/libxslt/documents.c
-@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(ctxt->sec, ctxt, URI);
-- if (res == 0) {
-- xsltTransformError(ctxt, NULL, NULL,
-- "xsltLoadDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(ctxt, NULL, NULL,
-+ "xsltLoadDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(sec, NULL, URI);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltLoadStyleDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltLoadStyleDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-diff --git a/libxslt/imports.c b/libxslt/imports.c
-index 874870cc..3783b247 100644
---- a/libxslt/imports.c
-+++ b/libxslt/imports.c
-@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
- int secres;
-
- secres = xsltCheckRead(sec, NULL, URI);
-- if (secres == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsl:import: read rights for %s denied\n",
-- URI);
-+ if (secres <= 0) {
-+ if (secres == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsl:import: read rights for %s denied\n",
-+ URI);
- goto error;
- }
- }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 13793914..0636dbd0 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
- */
- if (ctxt->sec != NULL) {
- ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
-- if (ret == 0) {
-- xsltTransformError(ctxt, NULL, inst,
-- "xsltDocumentElem: write rights for %s denied\n",
-- filename);
-+ if (ret <= 0) {
-+ if (ret == 0)
-+ xsltTransformError(ctxt, NULL, inst,
-+ "xsltDocumentElem: write rights for %s denied\n",
-+ filename);
- xmlFree(URL);
- xmlFree(filename);
- return;
-diff --git a/libxslt/xslt.c b/libxslt/xslt.c
-index 780a5ad7..a234eb79 100644
---- a/libxslt/xslt.c
-+++ b/libxslt/xslt.c
-@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
- int res;
-
- res = xsltCheckRead(sec, NULL, filename);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltParseStylesheetFile: read rights for %s denied\n",
-- filename);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltParseStylesheetFile: read rights for %s denied\n",
-+ filename);
- return(NULL);
- }
- }
---
-2.18.1
-