mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-05-06 12:56:39 +02:00
main/libxslt: upgrade to 1.1.35
This commit is contained in:
psykose
Ariadne Conill
parent
1cd4037ac2
commit
d66c52c853
@ -1,21 +1,19 @@
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
|
||||
pkgname=libxslt
|
||||
pkgver=1.1.34
|
||||
pkgrel=1
|
||||
pkgver=1.1.35
|
||||
pkgrel=0
|
||||
pkgdesc="XML stylesheet transformation library"
|
||||
url="http://xmlsoft.org/XSLT/"
|
||||
arch="all"
|
||||
license="custom"
|
||||
makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev"
|
||||
subpackages="$pkgname-dev $pkgname-doc"
|
||||
source="http://xmlsoft.org/sources/libxslt-$pkgver.tar.gz
|
||||
Stop-using-maxParserDepth-XPath-limit.patch
|
||||
Transfer-XPath-limits-to-XPtr-context.patch
|
||||
Dont-set-maxDepth-in-XPath-contexts.patch
|
||||
"
|
||||
source="https://download.gnome.org/sources/libxslt/${pkgver%.*}/libxslt-$pkgver.tar.xz"
|
||||
|
||||
# secfixes:
|
||||
# 1.1.35-r0:
|
||||
# - CVE-2021-30560
|
||||
# 1.1.34-r0:
|
||||
# - CVE-2019-13117
|
||||
# - CVE-2019-13118
|
||||
@ -48,8 +46,5 @@ package() {
|
||||
install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
|
||||
}
|
||||
sha512sums="
|
||||
1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b libxslt-1.1.34.tar.gz
|
||||
e79a19b902dc72f9b04a70dfa9a4e242dced6903f3c78ed2aa562eebc99156ca71fe7f83662bafd94d1da7fdc8e447faee13d1c5e0bcf21b6a99eddbcccea129 Stop-using-maxParserDepth-XPath-limit.patch
|
||||
886c8a3b71848458d5713c998e473bfbdaed422110dd79d32eda514c9b24a404fd3a8c734b8ebc8c55d1c70eaf779c4ee6472e86f8666219b28e71dc1b894b8f Transfer-XPath-limits-to-XPtr-context.patch
|
||||
c4052ad3f0ffe737f8be4606ab1f65069a4c3eee18c4f34b0c4d6c6db4757b28c063bba029e031b2075954461f1cf0a4c1ed4db098289d60a8319f4c3358feb9 Dont-set-maxDepth-in-XPath-contexts.patch
|
||||
9dd4a699235f50ae9b75b25137e387471635b4b2da0a4e4380879cd49f1513470fcfbfd775269b066eac513a1ffa6860c77ec42747168e2348248f09f60c8c96 libxslt-1.1.35.tar.xz
|
||||
"
|
||||
|
||||
@ -1,70 +0,0 @@
|
||||
From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Wed, 26 Aug 2020 00:34:38 +0200
|
||||
Subject: [PATCH] Don't set maxDepth in XPath contexts
|
||||
|
||||
The maximum recursion depth is hardcoded in libxml2 now.
|
||||
---
|
||||
libxslt/functions.c | 2 +-
|
||||
tests/fuzz/fuzz.c | 11 ++---------
|
||||
2 files changed, 3 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/libxslt/functions.c b/libxslt/functions.c
|
||||
index 975ea790..7887dda7 100644
|
||||
--- a/libxslt/functions.c
|
||||
+++ b/libxslt/functions.c
|
||||
@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
|
||||
defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
|
||||
xptrctxt->opLimit = ctxt->context->opLimit;
|
||||
xptrctxt->opCount = ctxt->context->opCount;
|
||||
- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
|
||||
+ xptrctxt->depth = ctxt->context->depth;
|
||||
|
||||
resObj = xmlXPtrEval(fragment, xptrctxt);
|
||||
|
||||
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
|
||||
index 75234ad6..780c2d41 100644
|
||||
--- a/tests/fuzz/fuzz.c
|
||||
+++ b/tests/fuzz/fuzz.c
|
||||
@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
|
||||
xpctxt = tctxt->xpathCtxt;
|
||||
|
||||
/* Resource limits to avoid timeouts and call stack overflows */
|
||||
- xpctxt->maxDepth = 500;
|
||||
xpctxt->opLimit = 500000;
|
||||
|
||||
/* Test namespaces used in xpath.xml */
|
||||
@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void
|
||||
-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
|
||||
- ctxt->maxDepth = 200;
|
||||
- ctxt->opLimit = 100000;
|
||||
-}
|
||||
-
|
||||
xmlChar *
|
||||
xsltFuzzXslt(const char *data, size_t size) {
|
||||
xmlDocPtr xsltDoc;
|
||||
@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
|
||||
xmlFreeDoc(xsltDoc);
|
||||
return NULL;
|
||||
}
|
||||
- xsltSetXPathResourceLimits(sheet->xpathCtxt);
|
||||
+ sheet->xpathCtxt->opLimit = 100000;
|
||||
sheet->xpathCtxt->opCount = 0;
|
||||
if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
|
||||
xsltFreeStylesheet(sheet);
|
||||
@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
|
||||
xsltSetCtxtSecurityPrefs(sec, ctxt);
|
||||
ctxt->maxTemplateDepth = 100;
|
||||
ctxt->opLimit = 20000;
|
||||
- xsltSetXPathResourceLimits(ctxt->xpathCtxt);
|
||||
+ ctxt->xpathCtxt->opLimit = 100000;
|
||||
ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
|
||||
|
||||
result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Mon, 17 Aug 2020 03:42:11 +0200
|
||||
Subject: [PATCH] Stop using maxParserDepth XPath limit
|
||||
|
||||
This will be removed again from libxml2.
|
||||
---
|
||||
tests/fuzz/fuzz.c | 6 ++----
|
||||
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
|
||||
index f502ca2c..75234ad6 100644
|
||||
--- a/tests/fuzz/fuzz.c
|
||||
+++ b/tests/fuzz/fuzz.c
|
||||
@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
|
||||
xpctxt = tctxt->xpathCtxt;
|
||||
|
||||
/* Resource limits to avoid timeouts and call stack overflows */
|
||||
- xpctxt->maxParserDepth = 15;
|
||||
- xpctxt->maxDepth = 100;
|
||||
+ xpctxt->maxDepth = 500;
|
||||
xpctxt->opLimit = 500000;
|
||||
|
||||
/* Test namespaces used in xpath.xml */
|
||||
@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
|
||||
|
||||
static void
|
||||
xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
|
||||
- ctxt->maxParserDepth = 15;
|
||||
- ctxt->maxDepth = 100;
|
||||
+ ctxt->maxDepth = 200;
|
||||
ctxt->opLimit = 100000;
|
||||
}
|
||||
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,42 +0,0 @@
|
||||
From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Mon, 17 Aug 2020 04:27:13 +0200
|
||||
Subject: [PATCH] Transfer XPath limits to XPtr context
|
||||
|
||||
Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
|
||||
XPath limits.
|
||||
---
|
||||
libxslt/functions.c | 14 +++++++++++++-
|
||||
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libxslt/functions.c b/libxslt/functions.c
|
||||
index b350545a..975ea790 100644
|
||||
--- a/libxslt/functions.c
|
||||
+++ b/libxslt/functions.c
|
||||
@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
|
||||
goto out_fragment;
|
||||
}
|
||||
|
||||
+#if LIBXML_VERSION >= 20911 || \
|
||||
+ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
|
||||
+ xptrctxt->opLimit = ctxt->context->opLimit;
|
||||
+ xptrctxt->opCount = ctxt->context->opCount;
|
||||
+ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
|
||||
+
|
||||
+ resObj = xmlXPtrEval(fragment, xptrctxt);
|
||||
+
|
||||
+ ctxt->context->opCount = xptrctxt->opCount;
|
||||
+#else
|
||||
resObj = xmlXPtrEval(fragment, xptrctxt);
|
||||
- xmlXPathFreeContext(xptrctxt);
|
||||
#endif
|
||||
|
||||
+ xmlXPathFreeContext(xptrctxt);
|
||||
+#endif /* LIBXML_XPTR_ENABLED */
|
||||
+
|
||||
if (resObj == NULL)
|
||||
goto out_fragment;
|
||||
|
||||
--
|
||||
GitLab
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user