diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-10-29 10:40:26 -0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-31 16:42:33 +0000 |
| commit | d67f5711d1824ce0ddb4568df672ae2976f81f58 (patch) | |
| tree | 9de4e0a832bf47ad3c5eab999a7762bec6146061 | |
| parent | 4439c8307bf1bcbfd41da5d84bea80adf54c5273 (diff) | |
| download | aports-d67f5711d1824ce0ddb4568df672ae2976f81f58.tar.bz2 aports-d67f5711d1824ce0ddb4568df672ae2976f81f58.tar.xz | |
main/libxslt: fix CVE-2019-18197
ref #10916
Closes !917
| -rw-r--r-- | main/libxslt/APKBUILD | 12 | ||||
| -rw-r--r-- | main/libxslt/CVE-2019-18197.patch | 30 |
2 files changed, 38 insertions, 4 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD index e8c16c027d..c4d0ab1bd8 100644 --- a/main/libxslt/APKBUILD +++ b/main/libxslt/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> pkgname=libxslt pkgver=1.1.31 -pkgrel=1 +pkgrel=2 pkgdesc="XML stylesheet transformation library" url="http://xmlsoft.org/XSLT/" arch="all" @@ -11,14 +11,17 @@ makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev" subpackages="$pkgname-dev $pkgname-doc py-$pkgname:py" source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz CVE-2019-11068.patch + CVE-2019-18197.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.1.31-r2: +# - CVE-2019-18197 # 1.1.31-r1: -# - CVE-2019-11068 +# - CVE-2019-11068 # 1.1.29-r1: -# - CVE-2017-5029 +# - CVE-2017-5029 build() { cd "$builddir" @@ -45,4 +48,5 @@ py() { } sha512sums="9012d643625d827b131c825a103f2e2a5f3cbd45d3cdf3318378e8f046da8d084db51c6b0078b5850a26adc81ba3bf357101d65ef510eff54c8b416a71efed92 libxslt-1.1.31.tar.gz -9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch" +9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch +ec0a7cd35f9078a3939ef6c695f183d9a0da5dd837d0a7f586b89a07c0c0782384501e4c1532b4d9ee7e94e717c37179f470bae59923d0074b309f09b5bf18fa CVE-2019-18197.patch" diff --git a/main/libxslt/CVE-2019-18197.patch b/main/libxslt/CVE-2019-18197.patch new file mode 100644 index 0000000000..a8c7cf541d --- /dev/null +++ b/main/libxslt/CVE-2019-18197.patch @@ -0,0 +1,30 @@ +From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 17 Aug 2019 16:51:53 +0200 +Subject: [PATCH] Fix dangling pointer in xsltCopyText + +xsltCopyText didn't reset ctxt->lasttext in some cases which could +lead to various memory errors in relation with CDATA sections in input +documents. + +Found by OSS-Fuzz. +--- + libxslt/transform.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd073..d7ab0b66 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node +-- +2.22.0 + |