diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-10-29 10:40:26 -0300 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-31 16:41:40 +0000 |
commit | 36f4bd78050ec6ce2ad65444031df6c1f3db5cc9 (patch) | |
tree | eecaf27bc17013607e82c70e6af8e9e2c4b8e882 | |
parent | 86ef329cc2823eae118325dcc977c43bd7368d53 (diff) |
main/libxslt: fix CVE-2019-18197
ref #10916
Closes !914
-rw-r--r-- | main/libxslt/APKBUILD | 12 | ||||
-rw-r--r-- | main/libxslt/CVE-2019-18197.patch | 30 |
2 files changed, 38 insertions, 4 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD index a8da85328ba..a4e3616ae6e 100644 --- a/main/libxslt/APKBUILD +++ b/main/libxslt/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> pkgname=libxslt pkgver=1.1.33 -pkgrel=1 +pkgrel=2 pkgdesc="XML stylesheet transformation library" url="http://xmlsoft.org/XSLT/" arch="all" @@ -11,14 +11,17 @@ makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev" subpackages="$pkgname-dev $pkgname-doc py2-$pkgname:py2" source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz CVE-2019-11068.patch + CVE-2019-18197.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.1.33-r2: +# - CVE-2019-18197 # 1.1.33-r1: -# - CVE-2019-11068 +# - CVE-2019-11068 # 1.1.29-r1: -# - CVE-2017-5029 +# - CVE-2017-5029 build() { cd "$builddir" @@ -47,4 +50,5 @@ py2() { } sha512sums="ebbe438a38bf6355950167d3b580edc22baa46a77068c18c42445c1c9c716d42bed3b30c5cd5bec359ab32d03843224dae458e9e32dc61693e7cf4bab23536e0 libxslt-1.1.33.tar.gz -9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch" +9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch +ec0a7cd35f9078a3939ef6c695f183d9a0da5dd837d0a7f586b89a07c0c0782384501e4c1532b4d9ee7e94e717c37179f470bae59923d0074b309f09b5bf18fa CVE-2019-18197.patch" diff --git a/main/libxslt/CVE-2019-18197.patch b/main/libxslt/CVE-2019-18197.patch new file mode 100644 index 00000000000..a8c7cf541d0 --- /dev/null +++ b/main/libxslt/CVE-2019-18197.patch @@ -0,0 +1,30 @@ +From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 17 Aug 2019 16:51:53 +0200 +Subject: [PATCH] Fix dangling pointer in xsltCopyText + +xsltCopyText didn't reset ctxt->lasttext in some cases which could +lead to various memory errors in relation with CDATA sections in input +documents. + +Found by OSS-Fuzz. +--- + libxslt/transform.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd073..d7ab0b66 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node +-- +2.22.0 + |