[pkgsrc/pkgsrc-2017Q1]: pkgsrc/textproc/libxslt Pullup ticket #5463 - request...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2017Q1]: pkgsrc/textproc/libxslt Pullup ticket #5463 - request...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 06:55:43 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7e8936b8c973
branches:  pkgsrc-2017Q1
changeset: 360387:7e8936b8c973
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Mon May 29 18:35:08 2017 +0000

description:
Pullup ticket #5463 - requested by sevan
textproc/libxslt: security fix

Revisions pulled up:
- textproc/libxslt/Makefile                                     1.105
- textproc/libxslt/distinfo                                     1.60
- textproc/libxslt/patches/patch-CVE-2017-5029                  1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Tue May 23 23:37:01 UTC 2017

   Modified Files:
           pkgsrc/textproc/libxslt: Makefile distinfo
   Added Files:
           pkgsrc/textproc/libxslt/patches: patch-CVE-2017-5029

   Log Message:
   Add patch for CVE-2017-5029

diffstat:

 textproc/libxslt/Makefile                    |   4 +-
 textproc/libxslt/distinfo                    |   3 +-
 textproc/libxslt/patches/patch-CVE-2017-5029 |  58 ++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 3 deletions(-)

diffs (88 lines):

diff -r ee2194cafc1f -r 7e8936b8c973 textproc/libxslt/Makefile
--- a/textproc/libxslt/Makefile Mon May 29 18:21:24 2017 +0000
+++ b/textproc/libxslt/Makefile Mon May 29 18:35:08 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.104 2016/07/09 06:39:06 wiz Exp $
+# $NetBSD: Makefile,v 1.104.6.1 2017/05/29 18:35:08 bsiegert Exp $
 
-PKGREVISION= 1
+PKGREVISION= 2
 .include "Makefile.common"
 
 BUILD_DEPENDS+=        docbook-xml-[0-9]*:../../textproc/docbook-xml
diff -r ee2194cafc1f -r 7e8936b8c973 textproc/libxslt/distinfo
--- a/textproc/libxslt/distinfo Mon May 29 18:21:24 2017 +0000
+++ b/textproc/libxslt/distinfo Mon May 29 18:35:08 2017 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.57 2016/05/29 21:06:46 wiz Exp $
+$NetBSD: distinfo,v 1.57.8.1 2017/05/29 18:35:08 bsiegert Exp $
 
 SHA1 (libxslt-1.1.29.tar.gz) = edcaeabb3555ae44853bdc406ee9521fb65c620d
 RMD160 (libxslt-1.1.29.tar.gz) = 40a5202b3967db6b01cd6c0e722a9e459cac7960
 SHA512 (libxslt-1.1.29.tar.gz) = a1ce555a74a9dabe65e8f64bb66e27e77760fd76940d88f2d59f58dd63ca73c8ae59f3fcbd8e76c8f92ff992fb0c09328528c20ea38ccac83e63252106bf5f31
 Size (libxslt-1.1.29.tar.gz) = 3428524 bytes
+SHA1 (patch-CVE-2017-5029) = 98658fa048e440ef72460d4e082c0fd282154aa1
 SHA1 (patch-ae) = 40ce3940a93b6a2dc804f62676909d3313e0ea52
 SHA1 (patch-ah) = f92809ab34e53962ec8b62e50ded7a27c89f10f8
diff -r ee2194cafc1f -r 7e8936b8c973 textproc/libxslt/patches/patch-CVE-2017-5029
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libxslt/patches/patch-CVE-2017-5029      Mon May 29 18:35:08 2017 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-CVE-2017-5029,v 1.1.2.2 2017/05/29 18:35:08 bsiegert Exp $
+
+Patch for CVE-2017-5029 from:
+ https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
+
+
+--- libxslt/xsltInternals.h.orig       2017-05-23 23:14:05.625798800 +0000
++++ libxslt/xsltInternals.h
+@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
+      * Speed optimization when coalescing text nodes
+      */
+     const xmlChar  *lasttext;         /* last text node content */
+-    unsigned int    lasttsize;                /* last text node size */
+-    unsigned int    lasttuse;         /* last text node use */
++    int                   lasttsize;          /* last text node size */
++    int                   lasttuse;           /* last text node use */
+     /*
+      * Per Context Debugging
+      */
+
+--- libxslt/transform.c.orig   2017-05-23 23:14:23.480987400 +0000
++++ libxslt/transform.c
+@@ -816,13 +816,32 @@ xsltAddTextString(xsltTransformContextPt
+         return(target);
+ 
+     if (ctxt->lasttext == target->content) {
++      int minSize;
+ 
+-      if (ctxt->lasttuse + len >= ctxt->lasttsize) {
++      /* Check for integer overflow accounting for NUL terminator. */
++      if (len >= INT_MAX - ctxt->lasttuse) {
++          xsltTransformError(ctxt, NULL, target,
++              "xsltCopyText: text allocation failed\n");
++          return(NULL);
++      }
++      minSize = ctxt->lasttuse + len + 1;
++
++      if (ctxt->lasttsize < minSize) {
+           xmlChar *newbuf;
+           int size;
++          int extra;
++
++          /* Double buffer size but increase by at least 100 bytes. */
++          extra = minSize < 100 ? 100 : minSize;
++
++          /* Check for integer overflow. */
++          if (extra > INT_MAX - ctxt->lasttsize) {
++              size = INT_MAX;
++          }
++          else {
++              size = ctxt->lasttsize + extra;
++          }
+ 
+-          size = ctxt->lasttsize + len + 100;
+-          size *= 2;
+           newbuf = (xmlChar *) xmlRealloc(target->content,size);
+           if (newbuf == NULL) {
+               xsltTransformError(ctxt, NULL, target,

Prev by Date: [pkgsrc/pkgsrc-2017Q1]: pkgsrc/security/libassuan2 Pullup ticket #5466 - requ...
Next by Date: [pkgsrc/pkgsrc-2017Q1]: pkgsrc/net/samba4 Pullup ticket #5431 - requested by he
Previous by Thread: [pkgsrc/pkgsrc-2017Q1]: pkgsrc/security/libassuan2 Pullup ticket #5466 - requ...
Next by Thread: [pkgsrc/pkgsrc-2017Q1]: pkgsrc/net/samba4 Pullup ticket #5431 - requested by he
Indexes:

Home | Main Index | Thread Index | Old Index