diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-10-23 04:24:34 -0300 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-11-01 18:50:30 +0000 |
commit | 15d065f8bf5e73b1d88ca046d99933d217781aab (patch) | |
tree | 6aec4044c9a58530836e69d7e604e82a8466b6fb /main/libxslt | |
parent | a768534b7471a45e098289cfc2096678a0c18f32 (diff) | |
download | aports-15d065f8bf5e73b1d88ca046d99933d217781aab.tar.bz2 aports-15d065f8bf5e73b1d88ca046d99933d217781aab.tar.xz |
main/libxslt: upgrade to 1.1.34
Drop python2 bindings due to pending EOL of python2. There is no python3
support upstream, so no python3 bindings are generated instead.
Closes !689
Diffstat (limited to 'main/libxslt')
-rw-r--r-- | main/libxslt/APKBUILD | 37 | ||||
-rw-r--r-- | main/libxslt/CVE-2019-11068.patch | 120 |
2 files changed, 15 insertions, 142 deletions
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD index a8da85328b..a955193ea1 100644 --- a/main/libxslt/APKBUILD +++ b/main/libxslt/APKBUILD @@ -1,24 +1,28 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Contributor: Francesco Colista <fcolista@alpinelinux.org> pkgname=libxslt -pkgver=1.1.33 -pkgrel=1 +pkgver=1.1.34 +pkgrel=0 pkgdesc="XML stylesheet transformation library" url="http://xmlsoft.org/XSLT/" arch="all" license="custom" -makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev" -subpackages="$pkgname-dev $pkgname-doc py2-$pkgname:py2" -source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz - CVE-2019-11068.patch - " -builddir="$srcdir/$pkgname-$pkgver" +makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev" +subpackages="$pkgname-dev $pkgname-doc" +source="http://xmlsoft.org/sources/libxslt-$pkgver.tar.gz" # secfixes: +# 1.1.33-r3: +# - CVE-2019-18197 # 1.1.33-r1: -# - CVE-2019-11068 +# - CVE-2019-11068 # 1.1.29-r1: -# - CVE-2017-5029 +# - CVE-2017-5029 + +prepare() { + default_prepare + chmod 644 python/tests/* +} build() { cd "$builddir" @@ -36,15 +40,4 @@ package() { make DESTDIR="$pkgdir" install install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } - -py2() { - pkgdesc="$pkgname python2 bindings" - provides="py-libxslt=$pkgver-r$pkgrel" # for backward compatibility - replaces="py-libxslt" # for backward compatibility - - install -d "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ -} - -sha512sums="ebbe438a38bf6355950167d3b580edc22baa46a77068c18c42445c1c9c716d42bed3b30c5cd5bec359ab32d03843224dae458e9e32dc61693e7cf4bab23536e0 libxslt-1.1.33.tar.gz -9a97c5038809aaf64cb4eb7d67b95acc4b62236d7613a5f753e2a0f4c9e707c22cd07bda2e518d3f36a40b9ed5aa93496b743998c7adadb84ca147e045e35948 CVE-2019-11068.patch" +sha512sums="1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b libxslt-1.1.34.tar.gz" diff --git a/main/libxslt/CVE-2019-11068.patch b/main/libxslt/CVE-2019-11068.patch deleted file mode 100644 index 260f35d1a3..0000000000 --- a/main/libxslt/CVE-2019-11068.patch +++ /dev/null @@ -1,120 +0,0 @@ -From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sun, 24 Mar 2019 09:51:39 +0100 -Subject: [PATCH] Fix security framework bypass - -xsltCheckRead and xsltCheckWrite return -1 in case of error but callers -don't check for this condition and allow access. With a specially -crafted URL, xsltCheckRead could be tricked into returning an error -because of a supposedly invalid URL that would still be loaded -succesfully later on. - -Fixes #12. - -Thanks to Felix Wilhelm for the report. ---- - libxslt/documents.c | 18 ++++++++++-------- - libxslt/imports.c | 9 +++++---- - libxslt/transform.c | 9 +++++---- - libxslt/xslt.c | 9 +++++---- - 4 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/libxslt/documents.c b/libxslt/documents.c -index 3f3a7312..4aad11bb 100644 ---- a/libxslt/documents.c -+++ b/libxslt/documents.c -@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) { - int res; - - res = xsltCheckRead(ctxt->sec, ctxt, URI); -- if (res == 0) { -- xsltTransformError(ctxt, NULL, NULL, -- "xsltLoadDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(ctxt, NULL, NULL, -+ "xsltLoadDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) { - int res; - - res = xsltCheckRead(sec, NULL, URI); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltLoadStyleDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltLoadStyleDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -diff --git a/libxslt/imports.c b/libxslt/imports.c -index 874870cc..3783b247 100644 ---- a/libxslt/imports.c -+++ b/libxslt/imports.c -@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) { - int secres; - - secres = xsltCheckRead(sec, NULL, URI); -- if (secres == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsl:import: read rights for %s denied\n", -- URI); -+ if (secres <= 0) { -+ if (secres == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsl:import: read rights for %s denied\n", -+ URI); - goto error; - } - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 13793914..0636dbd0 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node, - */ - if (ctxt->sec != NULL) { - ret = xsltCheckWrite(ctxt->sec, ctxt, filename); -- if (ret == 0) { -- xsltTransformError(ctxt, NULL, inst, -- "xsltDocumentElem: write rights for %s denied\n", -- filename); -+ if (ret <= 0) { -+ if (ret == 0) -+ xsltTransformError(ctxt, NULL, inst, -+ "xsltDocumentElem: write rights for %s denied\n", -+ filename); - xmlFree(URL); - xmlFree(filename); - return; -diff --git a/libxslt/xslt.c b/libxslt/xslt.c -index 780a5ad7..a234eb79 100644 ---- a/libxslt/xslt.c -+++ b/libxslt/xslt.c -@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) { - int res; - - res = xsltCheckRead(sec, NULL, filename); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltParseStylesheetFile: read rights for %s denied\n", -- filename); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltParseStylesheetFile: read rights for %s denied\n", -+ filename); - return(NULL); - } - } --- -2.18.1 - |