main/libxslt: security upgrade to 1.1.28 (CVE-2012-6139)

fixes #1759

2 files changed, 4 insertions, 137 deletions

diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index 6c359b992e..52f5fa4346 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libxslt
-pkgver=1.1.27
-pkgrel=1
+pkgver=1.1.28
+pkgrel=0
 pkgdesc="XML stylesheet transformation library"
 url="http://xmlsoft.org/XSLT/"
 arch="all"
@@ -9,7 +9,7 @@ license="custom"
 depends=
 makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python-dev"
 subpackages="$pkgname-dev $pkgname-doc py-$pkgname:py"
-patches="libxslt-Fix-regression-Default-namespace-not-correctly-used.patch"
+patches=
 source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz
 	$patches"
 
@@ -39,5 +39,4 @@ py() {
 	install -d "$subpkgdir"/usr/lib
 	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
 }
-md5sums="4d01ff464b9ea7236925a1adf147c7f8  libxslt-1.1.27.tar.gz
-4009f95496a7e97dd4269e7e43544e9c  libxslt-Fix-regression-Default-namespace-not-correctly-used.patch"
+md5sums="9667bf6f9310b957254fdcf6596600b7  libxslt-1.1.28.tar.gz"
diff --git a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch b/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
deleted file mode 100644
index b1d6e44aea..0000000000
--- a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 70213d9c9a86adac841247b249dc188ba2aab3db Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 28 Sep 2012 21:04:39 +0200
-Subject: [PATCH] Fix regression: Default namespace not correctly used
-To: libvir-list@redhat.com
-
-https://bugzilla.gnome.org/show_bug.cgi?id=684564
-
-Signed-off-by: Daniel Veillard <veillard@redhat.com>
----
- libxslt/transform.c       | 14 ++++++++------
- tests/docs/Makefile.am    |  1 +
- tests/docs/bug-179.xml    |  1 +
- tests/general/Makefile.am |  1 +
- tests/general/bug-179.out |  9 +++++++++
- tests/general/bug-179.xsl | 24 ++++++++++++++++++++++++
- 6 files changed, 44 insertions(+), 6 deletions(-)
- create mode 100644 tests/docs/bug-179.xml
- create mode 100644 tests/general/bug-179.out
- create mode 100644 tests/general/bug-179.xsl
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index de2ef3c..35701de 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -4075,7 +4075,7 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
-         } else if (xmlStrEqual(prefix, BAD_CAST "xml")) {
-             prefix = NULL;
-         }
--    } else if (prefix != NULL) {
-+    } else {
- 	xmlNsPtr ns;
- 	/*
- 	* SPEC XSLT 1.0:
-@@ -4090,11 +4090,13 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
- 	    * TODO: Check this in the compilation layer in case it's a
- 	    * static value.
- 	    */
--            xsltTransformError(ctxt, NULL, inst,
--                "xsl:element: The QName '%s:%s' has no "
--                "namespace binding in scope in the stylesheet; "
--                "this is an error, since the namespace was not "
--                "specified by the instruction itself.\n", prefix, name);
-+            if (prefix != NULL) {
-+                xsltTransformError(ctxt, NULL, inst,
-+                    "xsl:element: The QName '%s:%s' has no "
-+                    "namespace binding in scope in the stylesheet; "
-+                    "this is an error, since the namespace was not "
-+                    "specified by the instruction itself.\n", prefix, name);
-+            }
- 	} else
- 	    nsName = ns->href;
-     }
-diff --git a/tests/docs/Makefile.am b/tests/docs/Makefile.am
-index 9e2204f..12a97a8 100644
---- a/tests/docs/Makefile.am
-+++ b/tests/docs/Makefile.am
-@@ -168,6 +168,7 @@ EXTRA_DIST =	\
- 	bug-167.xml \
- 	bug-168.xml \
- 	bug-169.xml \
-+	bug-179.xml \
- 	character.xml \
- 	array.xml \
- 	items.xml
-diff --git a/tests/docs/bug-179.xml b/tests/docs/bug-179.xml
-new file mode 100644
-index 0000000..69d62f2
---- /dev/null
-+++ b/tests/docs/bug-179.xml
-@@ -0,0 +1 @@
-+<doc/>
-diff --git a/tests/general/Makefile.am b/tests/general/Makefile.am
-index 24d0d43..fd1e695 100644
---- a/tests/general/Makefile.am
-+++ b/tests/general/Makefile.am
-@@ -186,6 +186,7 @@ EXTRA_DIST = \
-     bug-176.out bug-176.xsl \
-     bug-177.out bug-177.xsl \
-     bug-178.out bug-178.xsl \
-+    bug-179.out bug-179.xsl \
-     character.out character.xsl \
-     character2.out character2.xsl \
-     itemschoose.out itemschoose.xsl \
-diff --git a/tests/general/bug-179.out b/tests/general/bug-179.out
-new file mode 100644
-index 0000000..0a7e67d
---- /dev/null
-+++ b/tests/general/bug-179.out
-@@ -0,0 +1,9 @@
-+<?xml version="1.0"?>
-+<root xmlns="my::namespace">
-+  <foo>...</foo>
-+  <bar>...</bar>
-+  <foobar>...</foobar>
-+  <baz>...</baz>
-+  <doc>...</doc>
-+  <baz>...</baz>
-+</root>
-diff --git a/tests/general/bug-179.xsl b/tests/general/bug-179.xsl
-new file mode 100644
-index 0000000..5847e9a
---- /dev/null
-+++ b/tests/general/bug-179.xsl
-@@ -0,0 +1,24 @@
-+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-+                              xmlns="my::namespace">
-+
-+<xsl:variable name="var">baz</xsl:variable>
-+
-+<xsl:output indent="yes"/>
-+
-+<xsl:template match="/">
-+    <root> <!-- This is in the correct namespace "my::namespace" -->
-+        <foo>...</foo> <!-- OK. -->
-+        <xsl:element name="bar">...</xsl:element> <!-- Still okay. -->
-+
-+        <!-- Wrong! These are without namespace. -->
-+        <xsl:element name="{concat('foo', 'bar')}">...</xsl:element>
-+        <xsl:element name="{$var}">...</xsl:element>
-+        <xsl:element name="{local-name(*)}">...</xsl:element>
-+
-+        <!-- Explicitly setting the namespace fixes this. -->
-+        <xsl:element name="{$var}" namespace="my::namespace">...</xsl:element>
-+    </root>
-+</xsl:template>
-+
-+</xsl:stylesheet>
-+
--- 
-1.7.11.4
-