From 9526fbef4d8db67fe96f98d687b0370dd1e0c0b7 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 10 Sep 2017 09:26:16 +0300 Subject: [PATCH] gnu: libxslt: Update to 1.1.30. * gnu/packages/xml.scm (libxslt): Update to 1.1.30. [sources]: Remove one patch. * gnu/packages/patches/libxslt-CVE-2016-47738.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/libxslt-CVE-2016-4738.patch | 39 ------------------- gnu/packages/xml.scm | 5 +-- 3 files changed, 2 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/libxslt-CVE-2016-4738.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2376f972c6..34ceccb78e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -801,7 +801,6 @@ dist_patch_DATA = \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ - %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ %D%/packages/patches/libzip-CVE-2017-12858.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch deleted file mode 100644 index a7537c66ca..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-4738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738 -https://bugs.chromium.org/p/chromium/issues/detail?id=619006 - -Patch copied from upstream source repository: -https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 - -From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Fri, 10 Jun 2016 14:23:58 +0200 -Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion - -An empty decimal-separator could cause a heap overread. This can be -exploited to leak a couple of bytes after the buffer that holds the -pattern string. - -Found with afl-fuzz and ASan. ---- - libxslt/numbers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index d1549b4..e78c46b 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, - } - - /* We have finished the integer part, now work on fraction */ -- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { -+ if ( (*the_format != 0) && -+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { - format_info.add_decimal = TRUE; - the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ - } --- -2.10.2 - diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 994afbca1f..f1b515703b 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -168,15 +168,14 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.29") + (version "1.1.30") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 - "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + "1cxn21wi0wms3afhnlxwjm8iiykrk29bvckq6gc2d0yy2rhj6rds")) (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html")