aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-29 10:40:26 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-31 16:41:40 +0000
commit36f4bd78050ec6ce2ad65444031df6c1f3db5cc9 (patch)
treeeecaf27bc17013607e82c70e6af8e9e2c4b8e882
parent86ef329cc2823eae118325dcc977c43bd7368d53 (diff)
main/libxslt: fix CVE-2019-18197
ref #10916 Closes !914
Diffstat
-rw-r--r--main/libxslt/APKBUILD12
-rw-r--r--main/libxslt/CVE-2019-18197.patch30
2 files changed, 38 insertions, 4 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index a8da85328ba..a4e3616ae6e 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
pkgname=libxslt
pkgver=1.1.33
-pkgrel=1
+pkgrel=2
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/"
arch="all"
@@ -11,14 +11,17 @@ makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev"
subpackages="$pkgname-dev $pkgname-doc py2-$pkgname:py2"
source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
CVE-2019-11068.patch
+ CVE-2019-18197.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 1.1.33-r2:
+# - CVE-2019-18197
# 1.1.33-r1:
-# - CVE-2019-11068
+# - CVE-2019-11068
# 1.1.29-r1:
-# - CVE-2017-5029
+# - CVE-2017-5029
build() {
cd "$builddir"
@@ -47,4 +50,5 @@ py2() {
}
sha512sums="ebbe438a38bf6355950167d3b580edc22baa46a77068c18c42445c1c9c716d42bed3b30c5cd5bec359ab32d03843224dae458e9e32dc61693e7cf4bab23536e0 libxslt-1.1.33.tar.gz
-9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch"
+9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch
+ec0a7cd35f9078a3939ef6c695f183d9a0da5dd837d0a7f586b89a07c0c0782384501e4c1532b4d9ee7e94e717c37179f470bae59923d0074b309f09b5bf18fa CVE-2019-18197.patch"
diff --git a/main/libxslt/CVE-2019-18197.patch b/main/libxslt/CVE-2019-18197.patch
new file mode 100644
index 00000000000..a8c7cf541d0
--- /dev/null
+++ b/main/libxslt/CVE-2019-18197.patch
@@ -0,0 +1,30 @@
+From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 17 Aug 2019 16:51:53 +0200
+Subject: [PATCH] Fix dangling pointer in xsltCopyText
+
+xsltCopyText didn't reset ctxt->lasttext in some cases which could
+lead to various memory errors in relation with CDATA sections in input
+documents.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd073..d7ab0b66 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
+ if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ return NULL;
+ }
++
++ ctxt->lasttext = NULL;
+ } else {
+ /*
+ * normal processing. keep counters to extend the text node
+--
+2.22.0
+
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-20 02:26:12 +0000