main/libxslt: upgrade to 1.1.30

4 files changed, 3 insertions, 226 deletions

diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index 84e3fefcad..2966404e7e 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -1,8 +1,8 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 # Contributor: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=libxslt
-pkgver=1.1.29
-pkgrel=3
+pkgver=1.1.30
+pkgrel=0
 pkgdesc="XML stylesheet transformation library"
 url="http://xmlsoft.org/XSLT/"
 arch="all"
@@ -11,7 +11,6 @@ depends=
 makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python2-dev"
 subpackages="$pkgname-dev $pkgname-doc py-$pkgname:py"
 source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz
-	CVE-2017-5029.patch
 	"
 builddir="$srcdir"/$pkgname-$pkgver
 
@@ -45,5 +44,4 @@ py() {
 	install -d "$subpkgdir"/usr/lib
 	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
 }
-sha512sums="a1ce555a74a9dabe65e8f64bb66e27e77760fd76940d88f2d59f58dd63ca73c8ae59f3fcbd8e76c8f92ff992fb0c09328528c20ea38ccac83e63252106bf5f31  libxslt-1.1.29.tar.gz
-586182c5cabf86605bc628c98fcc18ee7120c5917dab25e2f4c013660ccda34f44f4b6c46a7d7473baaa1c208e306c5b4012cc95770e1be88c7aec9121880aa7  CVE-2017-5029.patch"
+sha512sums="d24e37398503b6bc29245a993738df51bf3948c4a8f052eedd7eac0a9fcff2d5b54220f37070c46f763e073c34bdb3153c9f129aa0df60c3d7cf7eadbbf15986  libxslt-1.1.30.tar.gz"
diff --git a/main/libxslt/CVE-2015-7995.patch b/main/libxslt/CVE-2015-7995.patch
deleted file mode 100644
index 1f679e81e5..0000000000
--- a/main/libxslt/CVE-2015-7995.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/libxslt/preproc.c b/libxslt/preproc.c
-index 0eb80a0..7f69325 100644
---- a/libxslt/preproc.c
-+++ b/libxslt/preproc.c
-@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
- 	} else if (IS_XSLT_NAME(inst, "attribute")) {
- 	    xmlNodePtr parent = inst->parent;
- 
--	    if ((parent == NULL) || (parent->ns == NULL) ||
-+	    if ((parent == NULL) ||
-+	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
- 		((parent->ns != inst->ns) &&
- 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
- 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
-
diff --git a/main/libxslt/CVE-2017-5029.patch b/main/libxslt/CVE-2017-5029.patch
deleted file mode 100644
index 2881fc144b..0000000000
--- a/main/libxslt/CVE-2017-5029.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Thu, 12 Jan 2017 15:39:52 +0100
-Subject: Check for integer overflow in xsltAddTextString
-
-Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
-exploited to trigger an out of bounds write on 64-bit systems.
-
-Originally reported to Chromium:
-
-https://crbug.com/676623
----
- libxslt/transform.c     | 25 ++++++++++++++++++++++---
- libxslt/xsltInternals.h |  4 ++--
- 2 files changed, 24 insertions(+), 5 deletions(-)
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 519133f..02bff34 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
-         return(target);
- 
-     if (ctxt->lasttext == target->content) {
-+        int minSize;
- 
--	if (ctxt->lasttuse + len >= ctxt->lasttsize) {
-+        /* Check for integer overflow accounting for NUL terminator. */
-+        if (len >= INT_MAX - ctxt->lasttuse) {
-+            xsltTransformError(ctxt, NULL, target,
-+                "xsltCopyText: text allocation failed\n");
-+            return(NULL);
-+        }
-+        minSize = ctxt->lasttuse + len + 1;
-+
-+        if (ctxt->lasttsize < minSize) {
- 	    xmlChar *newbuf;
- 	    int size;
-+            int extra;
-+
-+            /* Double buffer size but increase by at least 100 bytes. */
-+            extra = minSize < 100 ? 100 : minSize;
-+
-+            /* Check for integer overflow. */
-+            if (extra > INT_MAX - ctxt->lasttsize) {
-+                size = INT_MAX;
-+            }
-+            else {
-+                size = ctxt->lasttsize + extra;
-+            }
- 
--	    size = ctxt->lasttsize + len + 100;
--	    size *= 2;
- 	    newbuf = (xmlChar *) xmlRealloc(target->content,size);
- 	    if (newbuf == NULL) {
- 		xsltTransformError(ctxt, NULL, target,
-diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
-index 060b178..5ad1771 100644
---- a/libxslt/xsltInternals.h
-+++ b/libxslt/xsltInternals.h
-@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
-      * Speed optimization when coalescing text nodes
-      */
-     const xmlChar  *lasttext;		/* last text node content */
--    unsigned int    lasttsize;		/* last text node size */
--    unsigned int    lasttuse;		/* last text node use */
-+    int             lasttsize;		/* last text node size */
-+    int             lasttuse;		/* last text node use */
-     /*
-      * Per Context Debugging
-      */
--- 
-cgit v0.12
-
diff --git a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch b/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
deleted file mode 100644
index b1d6e44aea..0000000000
--- a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 70213d9c9a86adac841247b249dc188ba2aab3db Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 28 Sep 2012 21:04:39 +0200
-Subject: [PATCH] Fix regression: Default namespace not correctly used
-To: libvir-list@redhat.com
-
-https://bugzilla.gnome.org/show_bug.cgi?id=684564
-
-Signed-off-by: Daniel Veillard <veillard@redhat.com>
----
- libxslt/transform.c       | 14 ++++++++------
- tests/docs/Makefile.am    |  1 +
- tests/docs/bug-179.xml    |  1 +
- tests/general/Makefile.am |  1 +
- tests/general/bug-179.out |  9 +++++++++
- tests/general/bug-179.xsl | 24 ++++++++++++++++++++++++
- 6 files changed, 44 insertions(+), 6 deletions(-)
- create mode 100644 tests/docs/bug-179.xml
- create mode 100644 tests/general/bug-179.out
- create mode 100644 tests/general/bug-179.xsl
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index de2ef3c..35701de 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -4075,7 +4075,7 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
-         } else if (xmlStrEqual(prefix, BAD_CAST "xml")) {
-             prefix = NULL;
-         }
--    } else if (prefix != NULL) {
-+    } else {
- 	xmlNsPtr ns;
- 	/*
- 	* SPEC XSLT 1.0:
-@@ -4090,11 +4090,13 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
- 	    * TODO: Check this in the compilation layer in case it's a
- 	    * static value.
- 	    */
--            xsltTransformError(ctxt, NULL, inst,
--                "xsl:element: The QName '%s:%s' has no "
--                "namespace binding in scope in the stylesheet; "
--                "this is an error, since the namespace was not "
--                "specified by the instruction itself.\n", prefix, name);
-+            if (prefix != NULL) {
-+                xsltTransformError(ctxt, NULL, inst,
-+                    "xsl:element: The QName '%s:%s' has no "
-+                    "namespace binding in scope in the stylesheet; "
-+                    "this is an error, since the namespace was not "
-+                    "specified by the instruction itself.\n", prefix, name);
-+            }
- 	} else
- 	    nsName = ns->href;
-     }
-diff --git a/tests/docs/Makefile.am b/tests/docs/Makefile.am
-index 9e2204f..12a97a8 100644
---- a/tests/docs/Makefile.am
-+++ b/tests/docs/Makefile.am
-@@ -168,6 +168,7 @@ EXTRA_DIST =	\
- 	bug-167.xml \
- 	bug-168.xml \
- 	bug-169.xml \
-+	bug-179.xml \
- 	character.xml \
- 	array.xml \
- 	items.xml
-diff --git a/tests/docs/bug-179.xml b/tests/docs/bug-179.xml
-new file mode 100644
-index 0000000..69d62f2
---- /dev/null
-+++ b/tests/docs/bug-179.xml
-@@ -0,0 +1 @@
-+<doc/>
-diff --git a/tests/general/Makefile.am b/tests/general/Makefile.am
-index 24d0d43..fd1e695 100644
---- a/tests/general/Makefile.am
-+++ b/tests/general/Makefile.am
-@@ -186,6 +186,7 @@ EXTRA_DIST = \
-     bug-176.out bug-176.xsl \
-     bug-177.out bug-177.xsl \
-     bug-178.out bug-178.xsl \
-+    bug-179.out bug-179.xsl \
-     character.out character.xsl \
-     character2.out character2.xsl \
-     itemschoose.out itemschoose.xsl \
-diff --git a/tests/general/bug-179.out b/tests/general/bug-179.out
-new file mode 100644
-index 0000000..0a7e67d
---- /dev/null
-+++ b/tests/general/bug-179.out
-@@ -0,0 +1,9 @@
-+<?xml version="1.0"?>
-+<root xmlns="my::namespace">
-+  <foo>...</foo>
-+  <bar>...</bar>
-+  <foobar>...</foobar>
-+  <baz>...</baz>
-+  <doc>...</doc>
-+  <baz>...</baz>
-+</root>
-diff --git a/tests/general/bug-179.xsl b/tests/general/bug-179.xsl
-new file mode 100644
-index 0000000..5847e9a
---- /dev/null
-+++ b/tests/general/bug-179.xsl
-@@ -0,0 +1,24 @@
-+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-+                              xmlns="my::namespace">
-+
-+<xsl:variable name="var">baz</xsl:variable>
-+
-+<xsl:output indent="yes"/>
-+
-+<xsl:template match="/">
-+    <root> <!-- This is in the correct namespace "my::namespace" -->
-+        <foo>...</foo> <!-- OK. -->
-+        <xsl:element name="bar">...</xsl:element> <!-- Still okay. -->
-+
-+        <!-- Wrong! These are without namespace. -->
-+        <xsl:element name="{concat('foo', 'bar')}">...</xsl:element>
-+        <xsl:element name="{$var}">...</xsl:element>
-+        <xsl:element name="{local-name(*)}">...</xsl:element>
-+
-+        <!-- Explicitly setting the namespace fixes this. -->
-+        <xsl:element name="{$var}" namespace="my::namespace">...</xsl:element>
-+    </root>
-+</xsl:template>
-+
-+</xsl:stylesheet>
-+
--- 
-1.7.11.4
-