nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: libxslt: Update to 1.1.29. 

* gnu/packages/patches/libxslt-CVE-2015-7995.patch,
gnu/packages/patches/libxslt-remove-date-timestamps.patch: Delete files.
* gnu/packages/xml.scm: Update to 1.1.29.
[source]: Remove patches.
master
Leo Famulari 2016-06-07 20:42:16 -04:00
parent ee86e7e148
commit 28b33172c9
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 3 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
gnu/packages/patches/libxslt-CVE-2015-7995.patch
View File

@ -1,29 +0,0 @@
From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 29 Oct 2015 19:33:23 +0800
Subject: [PATCH] Fix for type confusion in preprocessing attributes
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
---
libxslt/preproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxslt/preproc.c b/libxslt/preproc.c
index 0eb80a0..7f69325 100644
--- a/libxslt/preproc.c
+++ b/libxslt/preproc.c
@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
} else if (IS_XSLT_NAME(inst, "attribute")) {
xmlNodePtr parent = inst->parent;
- if ((parent == NULL) || (parent->ns == NULL) ||
+ if ((parent == NULL) ||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
((parent->ns != inst->ns) &&
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
--
2.6.3

66
gnu/packages/patches/libxslt-remove-date-timestamps.patch
View File

@ -1,66 +0,0 @@
Use deterministic SOURCE_DATE_EPOCH for embedded timestamps in generated documentation.
Written by Eduard Sanou.
https://bugzilla.gnome.org/show_bug.cgi?id=758148
--- libxslt-1.1.28.orig/libexslt/date.c
+++ libxslt-1.1.28/libexslt/date.c
@@ -46,6 +46,7 @@
#include "exslt.h"
#include <string.h>
+#include <errno.h>
#ifdef HAVE_MATH_H
#include <math.h>
@@ -747,21 +748,46 @@ static exsltDateValPtr
exsltDateCurrent (void)
{
struct tm localTm, gmTm;
+ struct tm *tb = NULL;
time_t secs;
int local_s, gm_s;
exsltDateValPtr ret;
+ char *source_date_epoch;
ret = exsltDateCreateDate(XS_DATETIME);
if (ret == NULL)
return NULL;
- /* get current time */
secs = time(NULL);
+ /*
+ * Allow the date and time to be set externally by an exported
+ * environment variable to enable reproducible builds.
+ */
+ source_date_epoch = getenv("SOURCE_DATE_EPOCH");
+ if (source_date_epoch) {
+ errno = 0;
+ secs = (time_t) strtol (source_date_epoch, NULL, 10);
+ if (errno == 0) {
+ tb = gmtime(&secs);
+ if (tb == NULL) {
+ /* SOURCE_DATE_EPOCH is not a valid date */
+ return NULL;
+ } else {
+ localTm = *tb;
+ }
+ } else {
+ /* SOURCE_DATE_EPOCH is not a valid number */
+ return NULL;
+ }
+ } else {
+ /* get current time */
#if HAVE_LOCALTIME_R
- localtime_r(&secs, &localTm);
+ localtime_r(&secs, &localTm);
#else
- localTm = *localtime(&secs);
+ localTm = *localtime(&secs);
#endif
+ }
+
/* get real year, not years since 1900 */
ret->value.date.year = localTm.tm_year + 1900;

8
gnu/packages/xml.scm
View File

@ -130,17 +130,15 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
(version "1.1.28")
(version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
"13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
(patches (search-patches "libxslt-generated-ids.patch"
"libxslt-remove-date-timestamps.patch"
"libxslt-CVE-2015-7995.patch"))))
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
(patches (search-patches "libxslt-generated-ids.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")
(synopsis "C library for applying XSLT stylesheets to XML documents")