aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpsykose <alice@ayaya.dev>2022-03-15 16:16:26 +0000
committerpsykose <alice@ayaya.dev>2022-03-15 17:16:26 +0100
commit408987fb03649502821903800bce6445c236a2c8 (patch)
tree8b6083040ab14a13e77229f8fe98bac360260e60
parent13da1fdef11c8145c6f3893f7d3b4d06b2c62b44 (diff)
downloadaports-408987fb03649502821903800bce6445c236a2c8.tar.gz
aports-408987fb03649502821903800bce6445c236a2c8.tar.bz2
aports-408987fb03649502821903800bce6445c236a2c8.tar.xz
main/libxslt: upgrade to 1.1.35
-rw-r--r--main/libxslt/APKBUILD17
-rw-r--r--main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch70
-rw-r--r--main/libxslt/Stop-using-maxParserDepth-XPath-limit.patch37
-rw-r--r--main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch42
4 files changed, 6 insertions, 160 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index 542caa143c..defc4a03d0 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -1,21 +1,19 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
pkgname=libxslt
-pkgver=1.1.34
-pkgrel=1
+pkgver=1.1.35
+pkgrel=0
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/"
arch="all"
license="custom"
makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev"
subpackages="$pkgname-dev $pkgname-doc"
-source="http://xmlsoft.org/sources/libxslt-$pkgver.tar.gz
- Stop-using-maxParserDepth-XPath-limit.patch
- Transfer-XPath-limits-to-XPtr-context.patch
- Dont-set-maxDepth-in-XPath-contexts.patch
- "
+source="https://download.gnome.org/sources/libxslt/${pkgver%.*}/libxslt-$pkgver.tar.xz"
# secfixes:
+# 1.1.35-r0:
+# - CVE-2021-30560
# 1.1.34-r0:
# - CVE-2019-13117
# - CVE-2019-13118
@@ -48,8 +46,5 @@ package() {
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
sha512sums="
-1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b libxslt-1.1.34.tar.gz
-e79a19b902dc72f9b04a70dfa9a4e242dced6903f3c78ed2aa562eebc99156ca71fe7f83662bafd94d1da7fdc8e447faee13d1c5e0bcf21b6a99eddbcccea129 Stop-using-maxParserDepth-XPath-limit.patch
-886c8a3b71848458d5713c998e473bfbdaed422110dd79d32eda514c9b24a404fd3a8c734b8ebc8c55d1c70eaf779c4ee6472e86f8666219b28e71dc1b894b8f Transfer-XPath-limits-to-XPtr-context.patch
-c4052ad3f0ffe737f8be4606ab1f65069a4c3eee18c4f34b0c4d6c6db4757b28c063bba029e031b2075954461f1cf0a4c1ed4db098289d60a8319f4c3358feb9 Dont-set-maxDepth-in-XPath-contexts.patch
+9dd4a699235f50ae9b75b25137e387471635b4b2da0a4e4380879cd49f1513470fcfbfd775269b066eac513a1ffa6860c77ec42747168e2348248f09f60c8c96 libxslt-1.1.35.tar.xz
"
diff --git a/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch b/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch
deleted file mode 100644
index 6b9dab8a85..0000000000
--- a/main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Wed, 26 Aug 2020 00:34:38 +0200
-Subject: [PATCH] Don't set maxDepth in XPath contexts
-
-The maximum recursion depth is hardcoded in libxml2 now.
----
- libxslt/functions.c | 2 +-
- tests/fuzz/fuzz.c | 11 ++---------
- 2 files changed, 3 insertions(+), 10 deletions(-)
-
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index 975ea790..7887dda7 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
- defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
- xptrctxt->opLimit = ctxt->context->opLimit;
- xptrctxt->opCount = ctxt->context->opCount;
-- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
-+ xptrctxt->depth = ctxt->context->depth;
-
- resObj = xmlXPtrEval(fragment, xptrctxt);
-
-diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
-index 75234ad6..780c2d41 100644
---- a/tests/fuzz/fuzz.c
-+++ b/tests/fuzz/fuzz.c
-@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
- xpctxt = tctxt->xpathCtxt;
-
- /* Resource limits to avoid timeouts and call stack overflows */
-- xpctxt->maxDepth = 500;
- xpctxt->opLimit = 500000;
-
- /* Test namespaces used in xpath.xml */
-@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
- return 0;
- }
-
--static void
--xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
-- ctxt->maxDepth = 200;
-- ctxt->opLimit = 100000;
--}
--
- xmlChar *
- xsltFuzzXslt(const char *data, size_t size) {
- xmlDocPtr xsltDoc;
-@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
- xmlFreeDoc(xsltDoc);
- return NULL;
- }
-- xsltSetXPathResourceLimits(sheet->xpathCtxt);
-+ sheet->xpathCtxt->opLimit = 100000;
- sheet->xpathCtxt->opCount = 0;
- if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
- xsltFreeStylesheet(sheet);
-@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
- xsltSetCtxtSecurityPrefs(sec, ctxt);
- ctxt->maxTemplateDepth = 100;
- ctxt->opLimit = 20000;
-- xsltSetXPathResourceLimits(ctxt->xpathCtxt);
-+ ctxt->xpathCtxt->opLimit = 100000;
- ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
-
- result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
---
-GitLab
-
diff --git a/main/libxslt/Stop-using-maxParserDepth-XPath-limit.patch b/main/libxslt/Stop-using-maxParserDepth-XPath-limit.patch
deleted file mode 100644
index ee9c2aad6b..0000000000
--- a/main/libxslt/Stop-using-maxParserDepth-XPath-limit.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 17 Aug 2020 03:42:11 +0200
-Subject: [PATCH] Stop using maxParserDepth XPath limit
-
-This will be removed again from libxml2.
----
- tests/fuzz/fuzz.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
-index f502ca2c..75234ad6 100644
---- a/tests/fuzz/fuzz.c
-+++ b/tests/fuzz/fuzz.c
-@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
- xpctxt = tctxt->xpathCtxt;
-
- /* Resource limits to avoid timeouts and call stack overflows */
-- xpctxt->maxParserDepth = 15;
-- xpctxt->maxDepth = 100;
-+ xpctxt->maxDepth = 500;
- xpctxt->opLimit = 500000;
-
- /* Test namespaces used in xpath.xml */
-@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
-
- static void
- xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
-- ctxt->maxParserDepth = 15;
-- ctxt->maxDepth = 100;
-+ ctxt->maxDepth = 200;
- ctxt->opLimit = 100000;
- }
-
---
-GitLab
-
diff --git a/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch b/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch
deleted file mode 100644
index e943e79045..0000000000
--- a/main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 17 Aug 2020 04:27:13 +0200
-Subject: [PATCH] Transfer XPath limits to XPtr context
-
-Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
-XPath limits.
----
- libxslt/functions.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index b350545a..975ea790 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
- goto out_fragment;
- }
-
-+#if LIBXML_VERSION >= 20911 || \
-+ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
-+ xptrctxt->opLimit = ctxt->context->opLimit;
-+ xptrctxt->opCount = ctxt->context->opCount;
-+ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
-+
-+ resObj = xmlXPtrEval(fragment, xptrctxt);
-+
-+ ctxt->context->opCount = xptrctxt->opCount;
-+#else
- resObj = xmlXPtrEval(fragment, xptrctxt);
-- xmlXPathFreeContext(xptrctxt);
- #endif
-
-+ xmlXPathFreeContext(xptrctxt);
-+#endif /* LIBXML_XPTR_ENABLED */
-+
- if (resObj == NULL)
- goto out_fragment;
-
---
-GitLab
-