rpms/libxslt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:imports/c10s/libxslt-1.1.39-6.el10
rpms:imports/c10s/libxslt-1.1.39-5.el10
rpms:imports/c10s/libxslt-1.1.39-4.el10
rpms:imports/c9/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-7.el9
rpms:imports/c8-beta/libxslt-1.1.32-6.el8
rpms:imports/c8-beta/libxslt-1.1.32-5.el8
rpms:imports/c8-beta/libxslt-1.1.32-3.el8
rpms:imports/c8s/libxslt-1.1.32-6.el8
rpms:imports/c8s/libxslt-1.1.32-5.el8
rpms:imports/c8s/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-6.el8
rpms:imports/c8/libxslt-1.1.32-5.el8
rpms:imports/c8/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-3.el8
...
pull from: rpms:c8
Branches Tags
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:imports/c10s/libxslt-1.1.39-6.el10
rpms:imports/c10s/libxslt-1.1.39-5.el10
rpms:imports/c10s/libxslt-1.1.39-4.el10
rpms:imports/c9/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-7.el9
rpms:imports/c8-beta/libxslt-1.1.32-6.el8
rpms:imports/c8-beta/libxslt-1.1.32-5.el8
rpms:imports/c8-beta/libxslt-1.1.32-3.el8
rpms:imports/c8s/libxslt-1.1.32-6.el8
rpms:imports/c8s/libxslt-1.1.32-5.el8
rpms:imports/c8s/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-6.el8
rpms:imports/c8/libxslt-1.1.32-5.el8
rpms:imports/c8/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-3.el8

No commits in common. "c9" and "c8" have entirely different histories.
c9 ... c8

9 changed files with 511 additions and 1188 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libxslt-1.1.34.tar.gz
SOURCES/libxslt-1.1.32.tar.gz

2
.libxslt.metadata
View File

@ -1 +1 @@
5b42a1166a1688207028e4a5e72090828dd2a61e SOURCES/libxslt-1.1.34.tar.gz
c47969f16747a72f9095b6a7a56d3afdd1e6e9ac SOURCES/libxslt-1.1.32.tar.gz

887
SOURCES/f165525fe744e6fe3b377b480d6cc5f9c546d360.patch
View File

@ -1,887 +0,0 @@
From f165525fe744e6fe3b377b480d6cc5f9c546d360 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 20 Sep 2020 16:59:23 +0200
Subject: [PATCH] Recreate xsltproc man page with old Docbook stylesheet URL
Fixes #31.
---
doc/xsltproc.1 | 627 ++++++++++++-----------------------------------
doc/xsltproc.xml | 2 +-
2 files changed, 161 insertions(+), 468 deletions(-)
diff --git a/doc/xsltproc.1 b/doc/xsltproc.1
index 7393b6db..bbf4098f 100644
--- a/doc/xsltproc.1
+++ b/doc/xsltproc.1
@@ -1,7 +1,7 @@
'\" t
.\" Title: xsltproc
.\" Author: John Fleck <jfleck@inkstain.net>
-.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: $Date$
.\" Manual: xsltproc Manual
.\" Source: libxslt
@@ -27,72 +27,13 @@
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
-
-
-
-
-
.SH "NAME"
xsltproc \- command line XSLT processor
-
.SH "SYNOPSIS"
-
- .HP \w'\fBxsltproc\fR\ 'u
-
- \fBxsltproc\fR
- [
- [
- | \fB\-V\fR
- | \fB\-\-version\fR
- ]
- [
- | \fB\-v\fR
- | \fB\-\-verbose\fR
- ]
- [
- {
- | \fB\-o\fR
- | \fB\-\-output\fR
- }
- {
- | \fIFILE\fR
- | \fIDIRECTORY\fR
- }
- ]
- | \fB\-\-timing\fR
- | \fB\-\-repeat\fR
- | \fB\-\-debug\fR
- | \fB\-\-novalid\fR
- | \fB\-\-noout\fR
- | \fB\-\-maxdepth\ \fR\fB\fIVALUE\fR\fR
- | \fB\-\-html\fR
- | \fB\-\-encoding\ \fR\fB\fIENCODING\fR\fR\fB\ \fR
- | \fB\-\-param\ \fR\fB\fIPARAMNAME\fR\fR\fB\ \fR\fB\fIPARAMVALUE\fR\fR\fB\ \fR
- | \fB\-\-stringparam\ \fR\fB\fIPARAMNAME\fR\fR\fB\ \fR\fB\fIPARAMVALUE\fR\fR\fB\ \fR
- | \fB\-\-nonet\fR
- | \fB\-\-path\ "\fR\fB\fIPATH(S)\fR\fR\fB"\fR
- | \fB\-\-load\-trace\fR
- | \fB\-\-catalogs\fR
- | \fB\-\-xinclude\fR
- | [\ |\ \fB\-\-profile\fR\ |\ \fB\-\-norman\fR\ ]
- | \fB\-\-dumpextensions\fR
- | \fB\-\-nowrite\fR
- | \fB\-\-nomkdir\fR
- | \fB\-\-writesubtree\ \fR\fB\fIPATH\fR\fR
- | \fB\-\-nodtdattr\fR
- ]
- [\fISTYLESHEET\fR]
- {
- | \fIXML\-FILE\fR...
- | \-
- }
-
-
-
+.HP \w'\fBxsltproc\fR\ 'u
+\fBxsltproc\fR [[\fB\-V\fR | \fB\-\-version\fR] [\fB\-v\fR | \fB\-\-verbose\fR] [{\fB\-o\fR | \fB\-\-output\fR} {\fIFILE\fR | \fIDIRECTORY\fR}] | \fB\-\-timing\fR | \fB\-\-repeat\fR | \fB\-\-debug\fR | \fB\-\-novalid\fR | \fB\-\-noout\fR | \fB\-\-maxdepth\ \fR\fB\fIVALUE\fR\fR | \fB\-\-maxvars\ \fR\fB\fIVALUE\fR\fR | \fB\-\-maxparserdepth\ \fR\fB\fIVALUE\fR\fR | \fB\-\-huge\fR | \fB\-\-seed\-rand\ \fR\fB\fIVALUE\fR\fR | \fB\-\-html\fR | \fB\-\-encoding\ \fR\fB\fIENCODING\fR\fR\fB\ \fR | \fB\-\-param\ \fR\fB\fIPARAMNAME\fR\fR\fB\ \fR\fB\fIPARAMVALUE\fR\fR\fB\ \fR | \fB\-\-stringparam\ \fR\fB\fIPARAMNAME\fR\fR\fB\ \fR\fB\fIPARAMVALUE\fR\fR\fB\ \fR | \fB\-\-nonet\fR | \fB\-\-path\ "\fR\fB\fIPATH(S)\fR\fR\fB"\fR | \fB\-\-load\-trace\fR | \fB\-\-catalogs\fR | \fB\-\-xinclude\fR | \fB\-\-xincludestyle\fR | [\fB\-\-profile\fR\ |\ \fB\-\-norman\fR] | \fB\-\-dumpextensions\fR | \fB\-\-nowrite\fR | \fB\-\-nomkdir\fR | \fB\-\-writesubtree\ \fR\fB\fIPATH\fR\fR | \fB\-\-nodtdattr\fR] [\fISTYLESHEET\fR] {\fIXML\-FILE\fR... | \-}
.SH "DESCRIPTION"
-
-
- .PP
+.PP
\fBxsltproc\fR
is a command line tool for applying
XSLT
@@ -100,46 +41,32 @@ stylesheets to
XML
documents\&. It is part of
\fBlibxslt\fR(3), the XSLT C library for GNOME\&. While it was developed as part of the GNOME project, it can operate independently of the GNOME desktop\&.
-
- .PP
+.PP
\fBxsltproc\fR
is invoked from the command line with the name of the stylesheet to be used followed by the name of the file or files to which the stylesheet is to be applied\&. It will use the standard input if a filename provided is
\fB\-\fR
\&.
-
- .PP
+.PP
If a stylesheet is included in an
XML
document with a Stylesheet Processing Instruction, no stylesheet need to be named at the command line\&.
\fBxsltproc\fR
will automatically detect the included stylesheet and use it\&.
-
- .PP
+.PP
By default, output is to
stdout\&. You can specify a file for output using the
\fB\-o\fR
or
\fB\-\-output\fR
option\&.
-
-
.SH "OPTIONS"
-
-
- .PP
+.PP
\fBxsltproc\fR
accepts the following options (in alphabetical order):
-
-
-
-
- .PP
+.PP
\fB\-\-catalogs\fR
.RS 4
-
-
-
- Use the
+Use the
SGML
catalog specified in
\fBSGML_CATALOG_FILES\fR
@@ -148,154 +75,101 @@ to resolve the location of external entities\&. By default,
looks for the catalog specified in
\fBXML_CATALOG_FILES\fR\&. If that is not specified, it uses
/etc/xml/catalog\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-debug\fR
.RS 4
-
-
-
- Output an
+Output an
XML
tree of the transformed document for debugging purposes\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-dumpextensions\fR
.RS 4
-
-
-
- Dumps the list of all registered extensions on
+Dumps the list of all registered extensions on
stdout\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-html\fR
.RS 4
-
-
-
- The input document is an
+The input document is an
HTML
file\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-load\-trace\fR
.RS 4
-
-
-
- Display all the documents loaded during the processing to
+Display all the documents loaded during the processing to
stderr\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-maxdepth \fR\fB\fIVALUE\fR\fR
.RS 4
-
-
-
- Adjust the maximum depth of the template stack before
+Adjust the maximum depth of the template stack before
\fBlibxslt\fR(3)
concludes it is in an infinite loop\&. The default is 3000\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
+\fB\-\-maxvars \fR\fB\fIVALUE\fR\fR
+.RS 4
+Maximum number of variables\&. The default is 15000\&.
+.RE
+.PP
+\fB\-\-maxparserdepth \fR\fB\fIVALUE\fR\fR
+.RS 4
+Maximum element nesting level of parsed XML documents\&. The default is 256\&.
+.RE
+.PP
+\fB\-\-huge\fR
+.RS 4
+Relax hardcoded limits of the XML parser by setting the XML_PARSE_HUGE parser option\&.
+.RE
+.PP
+\fB\-\-seed\-rand \fR\fB\fIVALUE\fR\fR
+.RS 4
+Initialize pseudo random number generator with specific seed\&.
+.RE
+.PP
\fB\-\-nodtdattr\fR
.RS 4
-
-
-
- Do not apply default attributes from the document\*(Aqs
+Do not apply default attributes from the document\*(Aqs
DTD\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-nomkdir\fR
.RS 4
-
-
-
- Refuses to create directories\&.
-
-
- .RE
-
- .PP
+Refuses to create directories\&.
+.RE
+.PP
\fB\-\-nonet\fR
.RS 4
-
-
-
- Do not use the Internet to fetch
+Do not use the Internet to fetch
DTDs, entities or documents\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-noout\fR
.RS 4
-
-
-
- Do not output the result\&.
-
-
- .RE
-
- .PP
+Do not output the result\&.
+.RE
+.PP
\fB\-\-novalid\fR
.RS 4
-
-
-
- Skip loading the document\*(Aqs
+Skip loading the document\*(Aqs
DTD\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-nowrite\fR
.RS 4
-
-
-
- Refuses to write to any file or resource\&.
-
-
- .RE
-
- .PP
+Refuses to write to any file or resource\&.
+.RE
+.PP
\fB\-o\fR or \fB\-\-output\fR \fIFILE\fR | \fIDIRECTORY\fR
.RS 4
-
-
-
- Direct output to the given
+Direct output to the given
\fIFILE\fR\&. Using the option with a
\fIDIRECTORY\fR
directs the output files to the specified directory\&. This can be useful for multiple outputs (also known as "chunking") or manpage processing\&.
-
- .if n \{\
+.if n \{\
.sp
.\}
.RS 4
@@ -307,14 +181,12 @@ directs the output files to the specified directory\&. This can be useful for mu
\fBImportant\fR
.ps -1
.br
-
- The given directory
+The given directory
\fBmust\fR
already exist\&.
-
- .sp .5v
+.sp .5v
.RE
- .if n \{\
+.if n \{\
.sp
.\}
.RS 4
@@ -326,8 +198,7 @@ already exist\&.
\fBNote\fR
.ps -1
.br
-
- Make sure that
+Make sure that
\fIFILE\fR
and
\fIDIRECTORY\fR
@@ -338,82 +209,47 @@ as described in RFC 2396 and laters\&. This means, that e\&.g\&.
will maybe not work, but
\fB\-o directory/\fR
will\&.
-
- .sp .5v
+.sp .5v
.RE
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-encoding \fR\fB\fIENCODING\fR\fR
.RS 4
-
-
-
- Allow to specify the encoding for the input\&.
-
-
- .RE
- .PP
+Allow to specify the encoding for the input\&.
+.RE
+.PP
\fB\-\-param \fR\fB\fIPARAMNAME\fR\fR\fB \fR\fB\fIPARAMVALUE\fR\fR
.RS 4
-
-
-
- Pass a parameter of name
+Pass a parameter of name
\fIPARAMNAME\fR
and value
\fIPARAMVALUE\fR
to the stylesheet\&. You may pass multiple name/value pairs up to a maximum of 32\&. If the value being passed is a string, you can use
\fB\-\-stringparam\fR
instead, to avoid additional quote characters that appear in string expressions\&. Note: the XPath expression must be UTF\-8 encoded\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-path "\fR\fB\fIPATH(S)\fR\fR\fB"\fR
.RS 4
-
-
-
- Use the (space\- or colon\-separated) list of filesystem paths specified by
+Use the (space\- or colon\-separated) list of filesystem paths specified by
\fIPATHS\fR
to load
DTDs, entities or documents\&. Enclose space\-separated lists by quotation marks\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-profile\fR or \fB\-\-norman\fR
.RS 4
-
-
-
- Output profiling information detailing the amount of time spent in each part of the stylesheet\&. This is useful in optimizing stylesheet performance\&.
-
-
- .RE
-
- .PP
+Output profiling information detailing the amount of time spent in each part of the stylesheet\&. This is useful in optimizing stylesheet performance\&.
+.RE
+.PP
\fB\-\-repeat\fR
.RS 4
-
-
-
- Run the transformation 20 times\&. Used for timing tests\&.
-
-
- .RE
-
- .PP
+Run the transformation 20 times\&. Used for timing tests\&.
+.RE
+.PP
\fB\-\-stringparam \fR\fB\fIPARAMNAME\fR\fR\fB \fR\fB\fIPARAMVALUE\fR\fR
.RS 4
-
-
-
- Pass a parameter of name
+Pass a parameter of name
\fIPARAMNAME\fR
and value
\fIPARAMVALUE\fR
@@ -422,268 +258,136 @@ where
is a string rather than a node identifier\&.
\fBNote:\fR
The string must be UTF\-8 encoded\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-timing\fR
.RS 4
-
-
-
- Display the time used for parsing the stylesheet, parsing the document and applying the stylesheet and saving the result\&. Displayed in milliseconds\&.
-
-
- .RE
-
- .PP
+Display the time used for parsing the stylesheet, parsing the document and applying the stylesheet and saving the result\&. Displayed in milliseconds\&.
+.RE
+.PP
\fB\-v\fR or \fB\-\-verbose\fR
.RS 4
-
-
-
- Output each step taken by
+Output each step taken by
\fBxsltproc\fR
in processing the stylesheet and the document\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-V\fR or \fB\-\-version\fR
.RS 4
-
-
-
- Show the version of
+Show the version of
\fBlibxml\fR(3)
and
\fBlibxslt\fR(3)
used\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-writesubtree \fR\fB\fIPATH\fR\fR
.RS 4
-
-
-
- Allow file write only within the
+Allow file write only within the
\fIPATH\fR
subtree\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fB\-\-xinclude\fR
.RS 4
-
-
-
- Process the input document using the XInclude specification\&. More details on this can be found in the XInclude specification:
+Process the input document using the XInclude specification\&. More details on this can be found in the XInclude specification:
\m[blue]\fB\%http://www.w3.org/TR/xinclude/\fR\m[]
-
-
- .RE
-
-
-
+.RE
+.PP
+\fB\-\-xincludestyle\fR
+.RS 4
+Process the stylesheet with XInclude\&.
+.RE
.SH "ENVIRONMENT"
-
-
-
-
-
- .PP
+.PP
\fBSGML_CATALOG_FILES\fR
.RS 4
-
-
-
- SGML
+SGML
catalog behavior can be changed by redirecting queries to the user\*(Aqs own set of catalogs\&. This can be done by setting the
\fBSGML_CATALOG_FILES\fR
environment variable to a list of catalogs\&. An empty one should deactivate loading the default
/etc/sgml/catalog
catalog\&.
-
-
- .RE
-
- .PP
+.RE
+.PP
\fBXML_CATALOG_FILES\fR
.RS 4
-
-
-
- XML
+XML
catalog behavior can be changed by redirecting queries to the user\*(Aqs own set of catalogs\&. This can be done by setting the
\fBXML_CATALOG_FILES\fR
environment variable to a list of catalogs\&. An empty one should deactivate loading the default
/etc/xml/catalog
catalog\&.
-
-
- .RE
-
-
-
+.RE
.SH "DIAGNOSTICS"
-
-
- .PP
+.PP
\fBxsltproc\fR
return codes provide information that can be used when calling it from scripts\&.
-
-
-
-
- .PP
+.PP
\fB0\fR
.RS 4
-
-
-
- No error (normal operation)
-
-
- .RE
-
- .PP
+No error (normal operation)
+.RE
+.PP
\fB1\fR
.RS 4
-
-
-
- No argument
-
-
- .RE
-
- .PP
+No argument
+.RE
+.PP
\fB2\fR
.RS 4
-
-
-
- Too many parameters
-
-
- .RE
-
- .PP
+Too many parameters
+.RE
+.PP
\fB3\fR
.RS 4
-
-
-
- Unknown option
-
-
- .RE
-
- .PP
+Unknown option
+.RE
+.PP
\fB4\fR
.RS 4
-
-
-
- Failed to parse the stylesheet
-
-
- .RE
-
- .PP
+Failed to parse the stylesheet
+.RE
+.PP
\fB5\fR
.RS 4
-
-
-
- Error in the stylesheet
-
-
- .RE
-
- .PP
+Error in the stylesheet
+.RE
+.PP
\fB6\fR
.RS 4
-
-
-
- Error in one of the documents
-
-
- .RE
-
- .PP
+Error in one of the documents
+.RE
+.PP
\fB7\fR
.RS 4
-
-
-
- Unsupported xsl:output method
-
-
- .RE
-
- .PP
+Unsupported xsl:output method
+.RE
+.PP
\fB8\fR
.RS 4
-
-
-
- String parameter contains both quote and double\-quotes
-
-
- .RE
-
- .PP
+String parameter contains both quote and double\-quotes
+.RE
+.PP
\fB9\fR
.RS 4
-
-
-
- Internal processing error
-
-
- .RE
-
- .PP
+Internal processing error
+.RE
+.PP
\fB10\fR
.RS 4
-
-
-
- Processing was stopped by a terminating message
-
-
- .RE
-
- .PP
+Processing was stopped by a terminating message
+.RE
+.PP
\fB11\fR
.RS 4
-
-
-
- Could not write the result to the output file
-
-
- .RE
-
-
-
+Could not write the result to the output file
+.RE
.SH "SEE ALSO"
-
-
- .PP
+.PP
\fBlibxml\fR(3),
\fBlibxslt\fR(3)
-
- .PP
+.PP
More information can be found at
.sp
.RS 4
@@ -694,12 +398,10 @@ More information can be found at
.sp -1
.IP \(bu 2.3
.\}
-
- \fBlibxml\fR(3)
+\fBlibxml\fR(3)
web page
\m[blue]\fB\%http://www.xmlsoft.org/\fR\m[]
-
- .RE
+.RE
.sp
.RS 4
.ie n \{\
@@ -709,24 +411,15 @@ web page
.sp -1
.IP \(bu 2.3
.\}
-
- W3C
+W3C
XSLT
page
\m[blue]\fB\%http://www.w3.org/TR/xslt\fR\m[]
-
- .RE
+.RE
.sp
-
-
-
.SH "AUTHOR"
.PP
\fBJohn Fleck\fR <\&jfleck@inkstain\&.net\&>
-.br
-
-
-
.RS 4
Author.
.RE
diff --git a/doc/xsltproc.xml b/doc/xsltproc.xml
index 8b78693e..051cbc01 100644
--- a/doc/xsltproc.xml
+++ b/doc/xsltproc.xml
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl"
- href="http://cdn.docbook.org/release/xsl/current//manpages/docbook.xsl"?>
+ href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
--
GitLab

120
SOURCES/libxslt-1.1.32-CVE-2019-11068.patch Normal file
View File

@ -0,0 +1,120 @@
From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 24 Mar 2019 09:51:39 +0100
Subject: [PATCH] Fix security framework bypass
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.
Fixes #12.
Thanks to Felix Wilhelm for the report.
---
libxslt/documents.c | 18 ++++++++++--------
libxslt/imports.c | 9 +++++----
libxslt/transform.c | 9 +++++----
libxslt/xslt.c | 9 +++++----
4 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/libxslt/documents.c b/libxslt/documents.c
index 3f3a7312..4aad11bb 100644
--- a/libxslt/documents.c
+++ b/libxslt/documents.c
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
int res;
res = xsltCheckRead(ctxt->sec, ctxt, URI);
- if (res == 0) {
- xsltTransformError(ctxt, NULL, NULL,
- "xsltLoadDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(ctxt, NULL, NULL,
+ "xsltLoadDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
int res;
res = xsltCheckRead(sec, NULL, URI);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltLoadStyleDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltLoadStyleDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
diff --git a/libxslt/imports.c b/libxslt/imports.c
index 874870cc..3783b247 100644
--- a/libxslt/imports.c
+++ b/libxslt/imports.c
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
int secres;
secres = xsltCheckRead(sec, NULL, URI);
- if (secres == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsl:import: read rights for %s denied\n",
- URI);
+ if (secres <= 0) {
+ if (secres == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsl:import: read rights for %s denied\n",
+ URI);
goto error;
}
}
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 13793914..0636dbd0 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
*/
if (ctxt->sec != NULL) {
ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
- if (ret == 0) {
- xsltTransformError(ctxt, NULL, inst,
- "xsltDocumentElem: write rights for %s denied\n",
- filename);
+ if (ret <= 0) {
+ if (ret == 0)
+ xsltTransformError(ctxt, NULL, inst,
+ "xsltDocumentElem: write rights for %s denied\n",
+ filename);
xmlFree(URL);
xmlFree(filename);
return;
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 780a5ad7..a234eb79 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
int res;
res = xsltCheckRead(sec, NULL, filename);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltParseStylesheetFile: read rights for %s denied\n",
- filename);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltParseStylesheetFile: read rights for %s denied\n",
+ filename);
return(NULL);
}
}
--
2.24.1

30
SOURCES/libxslt-1.1.32-CVE-2019-18197.patch Normal file
View File

@ -0,0 +1,30 @@
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 17 Aug 2019 16:51:53 +0200
Subject: [PATCH] Fix dangling pointer in xsltCopyText
xsltCopyText didn't reset ctxt->lasttext in some cases which could
lead to various memory errors in relation with CDATA sections in input
documents.
Found by OSS-Fuzz.
---
libxslt/transform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 95ebd073..d7ab0b66 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
if ((copy->content = xmlStrdup(cur->content)) == NULL)
return NULL;
}
+
+ ctxt->lasttext = NULL;
} else {
/*
* normal processing. keep counters to extend the text node
--
2.22.0

313
SOURCES/libxslt-1.1.32-unexpected-rvt-flag.patch Normal file
View File

@ -0,0 +1,313 @@
From 7d81bd62d5788a9e2931c20a3d0a6be7e703c608 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 23 Jul 2018 22:52:12 +0200
Subject: [PATCH] Fix EXSLT functions returning RVTs from outer scopes
The RVTs referenced from function results must not be blindly registered
as local, as they might be part of variables from an outer scope. Remove
LOCAL/VARIABLE distinction for RVTs. Don't register as local RVT
unconditionally when reflagging as LOCAL. Instead, register function
result RVTs from inner variables as local RVTs when they're released in
xsltFreeStackElem. Keep local function result RVTs xsltReleaseLocalRVTs
instead of reregistering.
Closes: https://gitlab.gnome.org/GNOME/libxslt/issues/2
Thanks to Daniel Mendler and Martin Gieseking for the reports.
---
libexslt/functions.c | 11 ++++++++++-
libxslt/transform.c | 17 ++++++++++++++---
libxslt/variables.c | 27 +++++++++++----------------
libxslt/variables.h | 12 ++----------
tests/docs/bug-210.xml | 1 +
tests/docs/bug-211.xml | 1 +
tests/general/bug-210.out | 2 ++
tests/general/bug-210.xsl | 20 ++++++++++++++++++++
tests/general/bug-211.out | 2 ++
tests/general/bug-211.xsl | 26 ++++++++++++++++++++++++++
10 files changed, 89 insertions(+), 30 deletions(-)
create mode 100644 tests/docs/bug-210.xml
create mode 100644 tests/docs/bug-211.xml
create mode 100644 tests/general/bug-210.out
create mode 100644 tests/general/bug-210.xsl
create mode 100644 tests/general/bug-211.out
create mode 100644 tests/general/bug-211.xsl
diff --git a/libexslt/functions.c b/libexslt/functions.c
index 2b83ca34..b7b968f8 100644
--- a/libexslt/functions.c
+++ b/libexslt/functions.c
@@ -426,7 +426,15 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
}
}
/*
- * actual processing
+ * Actual processing. Note that contextVariable is set to NULL which
+ * means that RVTs returned from functions always end up as local RVTs,
+ * not as variable fragments if the function is called in the select
+ * expression of an xsl:variable. This is a hack that only works because
+ * xsltReleaseLocalRVTs isn't called after processing xsl:variable.
+ *
+ * It would probably be better to remove the fragile contextVariable
+ * logic and make xsltEvalVariable move the required RVTs into the
+ * variable manually.
*/
fake = xmlNewDocNode(tctxt->output, NULL,
(const xmlChar *)"fake", NULL);
@@ -766,6 +774,7 @@ exsltFuncResultElem (xsltTransformContextPtr ctxt,
return;
}
/* Mark as function result. */
+ xsltRegisterLocalRVT(ctxt, container);
container->psvi = XSLT_RVT_FUNC_RESULT;
oldInsert = ctxt->insert;
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 90d2731d..d7af31f1 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -2295,6 +2295,7 @@ static void
xsltReleaseLocalRVTs(xsltTransformContextPtr ctxt, xmlDocPtr base)
{
xmlDocPtr cur = ctxt->localRVT, tmp;
+ xmlDocPtr prev = NULL;
if (cur == base)
return;
@@ -2308,16 +2309,26 @@ xsltReleaseLocalRVTs(xsltTransformContextPtr ctxt, xmlDocPtr base)
xsltReleaseRVT(ctxt, tmp);
} else if (tmp->psvi == XSLT_RVT_GLOBAL) {
xsltRegisterPersistRVT(ctxt, tmp);
- } else if (tmp->psvi != XSLT_RVT_FUNC_RESULT) {
+ } else if (tmp->psvi == XSLT_RVT_FUNC_RESULT) {
+ if (prev == NULL)
+ ctxt->localRVT = tmp;
+ else
+ prev->next = (xmlNodePtr) tmp;
+ tmp->prev = (xmlNodePtr) prev;
+ prev = tmp;
+ } else {
xmlGenericError(xmlGenericErrorContext,
"xsltReleaseLocalRVTs: Unexpected RVT flag %p\n",
tmp->psvi);
}
} while (cur != base);
+ if (prev == NULL)
+ ctxt->localRVT = base;
+ else
+ prev->next = (xmlNodePtr) base;
if (base != NULL)
- base->prev = NULL;
- ctxt->localRVT = base;
+ base->prev = (xmlNodePtr) prev;
}
/**
diff --git a/libxslt/variables.c b/libxslt/variables.c
index fe6f299c..8f88e573 100644
--- a/libxslt/variables.c
+++ b/libxslt/variables.c
@@ -123,7 +123,7 @@ xsltRegisterTmpRVT(xsltTransformContextPtr ctxt, xmlDocPtr RVT)
return(-1);
RVT->prev = NULL;
- RVT->psvi = XSLT_RVT_VARIABLE;
+ RVT->psvi = XSLT_RVT_LOCAL;
/*
* We'll restrict the lifetime of user-created fragments
@@ -163,6 +163,7 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
return(-1);
RVT->prev = NULL;
+ RVT->psvi = XSLT_RVT_LOCAL;
/*
* When evaluating "select" expressions of xsl:variable
@@ -173,7 +174,6 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
if ((ctxt->contextVariable != NULL) &&
(XSLT_TCTXT_VARIABLE(ctxt)->flags & XSLT_VAR_IN_SELECT))
{
- RVT->psvi = XSLT_RVT_VARIABLE;
RVT->next = (xmlNodePtr) XSLT_TCTXT_VARIABLE(ctxt)->fragment;
XSLT_TCTXT_VARIABLE(ctxt)->fragment = RVT;
return(0);
@@ -183,7 +183,6 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
* If not reference by a returning instruction (like EXSLT's function),
* then this fragment will be freed, when the instruction exits.
*/
- RVT->psvi = XSLT_RVT_LOCAL;
RVT->next = (xmlNodePtr) ctxt->localRVT;
if (ctxt->localRVT != NULL)
ctxt->localRVT->prev = (xmlNodePtr) RVT;
@@ -314,14 +313,8 @@ xsltFlagRVTs(xsltTransformContextPtr ctxt, xmlXPathObjectPtr obj, void *val) {
#endif
if (val == XSLT_RVT_LOCAL) {
- if (doc->psvi != XSLT_RVT_FUNC_RESULT) {
- xmlGenericError(xmlGenericErrorContext,
- "xsltFlagRVTs: Invalid transition %p => LOCAL\n",
- doc->psvi);
- return(-1);
- }
-
- xsltRegisterLocalRVT(ctxt, doc);
+ if (doc->psvi == XSLT_RVT_FUNC_RESULT)
+ doc->psvi = XSLT_RVT_LOCAL;
} else if (val == XSLT_RVT_GLOBAL) {
if (doc->psvi != XSLT_RVT_LOCAL) {
xmlGenericError(xmlGenericErrorContext,
@@ -585,10 +578,12 @@ xsltFreeStackElem(xsltStackElemPtr elem) {
cur = elem->fragment;
elem->fragment = (xmlDocPtr) cur->next;
- if (cur->psvi == XSLT_RVT_VARIABLE) {
- xsltReleaseRVT((xsltTransformContextPtr) elem->context,
- cur);
- } else if (cur->psvi != XSLT_RVT_FUNC_RESULT) {
+ if (cur->psvi == XSLT_RVT_LOCAL) {
+ xsltReleaseRVT(elem->context, cur);
+ } else if (cur->psvi == XSLT_RVT_FUNC_RESULT) {
+ xsltRegisterLocalRVT(elem->context, cur);
+ cur->psvi = XSLT_RVT_FUNC_RESULT;
+ } else {
xmlGenericError(xmlGenericErrorContext,
"xsltFreeStackElem: Unexpected RVT flag %p\n",
cur->psvi);
@@ -992,7 +987,7 @@ xsltEvalVariable(xsltTransformContextPtr ctxt, xsltStackElemPtr variable,
* the Result Tree Fragment.
*/
variable->fragment = container;
- container->psvi = XSLT_RVT_VARIABLE;
+ container->psvi = XSLT_RVT_LOCAL;
oldOutput = ctxt->output;
oldInsert = ctxt->insert;
diff --git a/libxslt/variables.h b/libxslt/variables.h
index 24acf8d1..039288fb 100644
--- a/libxslt/variables.h
+++ b/libxslt/variables.h
@@ -45,14 +45,6 @@ extern "C" {
*/
#define XSLT_RVT_LOCAL ((void *)1)
-/**
- * XSLT_RVT_VARIABLE:
- *
- * RVT is part of a local variable and destroyed after the variable goes out
- * of scope.
- */
-#define XSLT_RVT_VARIABLE ((void *)2)
-
/**
* XSLT_RVT_FUNC_RESULT:
*
@@ -60,14 +52,14 @@ extern "C" {
* destroyed after exiting a template and will be reset to XSLT_RVT_LOCAL or
* XSLT_RVT_VARIABLE in the template that receives the return value.
*/
-#define XSLT_RVT_FUNC_RESULT ((void *)3)
+#define XSLT_RVT_FUNC_RESULT ((void *)2)
/**
* XSLT_RVT_GLOBAL:
*
* RVT is part of a global variable.
*/
-#define XSLT_RVT_GLOBAL ((void *)4)
+#define XSLT_RVT_GLOBAL ((void *)3)
/*
* Interfaces for the variable module.
diff --git a/tests/docs/bug-210.xml b/tests/docs/bug-210.xml
new file mode 100644
index 00000000..69d62f2c
--- /dev/null
+++ b/tests/docs/bug-210.xml
@@ -0,0 +1 @@
+<doc/>
diff --git a/tests/docs/bug-211.xml b/tests/docs/bug-211.xml
new file mode 100644
index 00000000..69d62f2c
--- /dev/null
+++ b/tests/docs/bug-211.xml
@@ -0,0 +1 @@
+<doc/>
diff --git a/tests/general/bug-210.out b/tests/general/bug-210.out
new file mode 100644
index 00000000..445906d6
--- /dev/null
+++ b/tests/general/bug-210.out
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<var>value</var>
diff --git a/tests/general/bug-210.xsl b/tests/general/bug-210.xsl
new file mode 100644
index 00000000..1915171d
--- /dev/null
+++ b/tests/general/bug-210.xsl
@@ -0,0 +1,20 @@
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common"
+ xmlns:func="http://exslt.org/functions"
+ xmlns:my="my-namespace"
+ extension-element-prefixes="exsl func">
+
+<xsl:template match="/">
+ <xsl:variable name="var">
+ <var>value</var>
+ </xsl:variable>
+ <xsl:copy-of select="my:func($var)"/>
+</xsl:template>
+
+<func:function name="my:func">
+ <xsl:param name="var"/>
+ <func:result select="$var"/>
+</func:function>
+
+</xsl:stylesheet>
diff --git a/tests/general/bug-211.out b/tests/general/bug-211.out
new file mode 100644
index 00000000..7b3cf11c
--- /dev/null
+++ b/tests/general/bug-211.out
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+__
diff --git a/tests/general/bug-211.xsl b/tests/general/bug-211.xsl
new file mode 100644
index 00000000..557f5fb3
--- /dev/null
+++ b/tests/general/bug-211.xsl
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:str="http://exslt.org/strings"
+ xmlns:fn="http://exslt.org/functions"
+ xmlns:adoc="http://asciidoc.org/"
+ extension-element-prefixes="fn">
+
+ <fn:function name="adoc:sanitize">
+ <xsl:param name="id"/>
+ <xsl:variable name="tmp" select="str:replace($id, '__', '_')"/>
+ <xsl:choose>
+ <xsl:when test="contains($tmp, '__')">
+ <fn:result select="adoc:sanitize($tmp)"/>
+ </xsl:when>
+ <xsl:otherwise>
+ <fn:result select="$id"/>
+ </xsl:otherwise>
+ </xsl:choose>
+ </fn:function>
+
+ <xsl:template match="*">
+ <xsl:value-of select="adoc:sanitize('________')"/>
+ </xsl:template>
+
+</xsl:stylesheet>
--
GitLab

151
SOURCES/libxslt-1.1.34-test-fuzz-build.patch
View File

@ -1,151 +0,0 @@
From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 17 Aug 2020 03:42:11 +0200
Subject: [PATCH 1/3] Stop using maxParserDepth XPath limit
This will be removed again from libxml2.
---
tests/fuzz/fuzz.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
index f502ca2c..75234ad6 100644
--- a/tests/fuzz/fuzz.c
+++ b/tests/fuzz/fuzz.c
@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
xpctxt = tctxt->xpathCtxt;
/* Resource limits to avoid timeouts and call stack overflows */
- xpctxt->maxParserDepth = 15;
- xpctxt->maxDepth = 100;
+ xpctxt->maxDepth = 500;
xpctxt->opLimit = 500000;
/* Test namespaces used in xpath.xml */
@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
static void
xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
- ctxt->maxParserDepth = 15;
- ctxt->maxDepth = 100;
+ ctxt->maxDepth = 200;
ctxt->opLimit = 100000;
}
--
2.34.1
From 824657768aea2cce9c23e72ba8085cb5e44350c7 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 17 Aug 2020 04:27:13 +0200
Subject: [PATCH 2/3] Transfer XPath limits to XPtr context
Expressions like document('doc.xml#xpointer(evil_expr)') ignored the
XPath limits.
---
libxslt/functions.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/libxslt/functions.c b/libxslt/functions.c
index b350545a..975ea790 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
goto out_fragment;
}
+#if LIBXML_VERSION >= 20911 || \
+ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+ xptrctxt->opLimit = ctxt->context->opLimit;
+ xptrctxt->opCount = ctxt->context->opCount;
+ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
+
+ resObj = xmlXPtrEval(fragment, xptrctxt);
+
+ ctxt->context->opCount = xptrctxt->opCount;
+#else
resObj = xmlXPtrEval(fragment, xptrctxt);
- xmlXPathFreeContext(xptrctxt);
#endif
+ xmlXPathFreeContext(xptrctxt);
+#endif /* LIBXML_XPTR_ENABLED */
+
if (resObj == NULL)
goto out_fragment;
--
2.34.1
From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 26 Aug 2020 00:34:38 +0200
Subject: [PATCH 3/3] Don't set maxDepth in XPath contexts
The maximum recursion depth is hardcoded in libxml2 now.
---
libxslt/functions.c | 2 +-
tests/fuzz/fuzz.c | 11 ++---------
2 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/libxslt/functions.c b/libxslt/functions.c
index 975ea790..7887dda7 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
xptrctxt->opLimit = ctxt->context->opLimit;
xptrctxt->opCount = ctxt->context->opCount;
- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
+ xptrctxt->depth = ctxt->context->depth;
resObj = xmlXPtrEval(fragment, xptrctxt);
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
index 75234ad6..780c2d41 100644
--- a/tests/fuzz/fuzz.c
+++ b/tests/fuzz/fuzz.c
@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
xpctxt = tctxt->xpathCtxt;
/* Resource limits to avoid timeouts and call stack overflows */
- xpctxt->maxDepth = 500;
xpctxt->opLimit = 500000;
/* Test namespaces used in xpath.xml */
@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
return 0;
}
-static void
-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
- ctxt->maxDepth = 200;
- ctxt->opLimit = 100000;
-}
-
xmlChar *
xsltFuzzXslt(const char *data, size_t size) {
xmlDocPtr xsltDoc;
@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
xmlFreeDoc(xsltDoc);
return NULL;
}
- xsltSetXPathResourceLimits(sheet->xpathCtxt);
+ sheet->xpathCtxt->opLimit = 100000;
sheet->xpathCtxt->opCount = 0;
if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
xsltFreeStylesheet(sheet);
@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
xsltSetCtxtSecurityPrefs(sec, ctxt);
ctxt->maxTemplateDepth = 100;
ctxt->opLimit = 20000;
- xsltSetXPathResourceLimits(ctxt->xpathCtxt);
+ ctxt->xpathCtxt->opLimit = 100000;
ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
--
2.34.1

63
SOURCES/libxslt-1.1.34-tutorial2-dtd.patch
View File

@ -1,63 +0,0 @@
From 461af8b9ed05cae188b24db71949a9e7758693e7 Mon Sep 17 00:00:00 2001
From: David King <amigadave@amigadave.com>
Date: Thu, 27 Jan 2022 15:33:17 +0000
Subject: [PATCH 1/2] Use DocBook URL for tutorial DTD
---
doc/tutorial2/libxslt_pipes.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/tutorial2/libxslt_pipes.xml b/doc/tutorial2/libxslt_pipes.xml
index 9a672a9b..2aaac95f 100644
--- a/doc/tutorial2/libxslt_pipes.xml
+++ b/doc/tutorial2/libxslt_pipes.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="iso-8859-2"?>
-<!DOCTYPE article
-SYSTEM "file:///usr/share/docbook/docbook-xml-4.3/docbookx.dtd">
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<article id="libxslt">
<articleinfo>
--
2.34.1
From 634065b39285841eef7dab5bfb2a8ac71b0a5d05 Mon Sep 17 00:00:00 2001
From: David King <amigadave@amigadave.com>
Date: Fri, 28 Jan 2022 09:35:03 +0000
Subject: [PATCH 2/2] Fix validity of tutorial XML
Move the title element before articleinfo.
https://tdg.docbook.org/tdg/4.5/article.html
---
doc/tutorial2/libxslt_pipes.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/tutorial2/libxslt_pipes.xml b/doc/tutorial2/libxslt_pipes.xml
index 2aaac95f..f6fa0d64 100644
--- a/doc/tutorial2/libxslt_pipes.xml
+++ b/doc/tutorial2/libxslt_pipes.xml
@@ -3,6 +3,8 @@
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<article id="libxslt">
+<title>libxslt: An Extended Tutorial</title>
+
<articleinfo>
<author><firstname>Panos</firstname><surname>Louridas</surname></author>
<copyright>
@@ -34,8 +36,6 @@
</legalnotice>
</articleinfo>
-<title>libxslt: An Extended Tutorial</title>
-
<sect1><title>Introduction</title>
<para>The Extensible Stylesheet Language Transformations (XSLT)
--
2.34.1

131
SPECS/libxslt.spec
View File

@ -1,7 +1,14 @@
%if 0%{?rhel} > 7
# Disable python2 build by default
%bcond_with python2
%else
%bcond_without python2
%endif
Name: libxslt
Summary: Library providing the Gnome XSLT engine
Version: 1.1.34
Release: 9%{?dist}
Version: 1.1.32
Release: 6%{?dist}
License: MIT
URL: http://xmlsoft.org/XSLT
@ -12,18 +19,20 @@ BuildRequires: automake
BuildRequires: libtool
BuildRequires: make
BuildRequires: gcc
BuildRequires: %{_bindir}/libgcrypt-config
BuildRequires: pkgconfig(libxml-2.0) >= 2.6.27
# Fedora specific patches
Patch0: multilib.patch
Patch1: libxslt-1.1.26-utf8-docs.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1467435
# https://bugzilla.redhat.com/show_bug.cgi?id=1765632
Patch2: multilib2.patch
Patch3: f165525fe744e6fe3b377b480d6cc5f9c546d360.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2047326
Patch4: libxslt-1.1.34-tutorial2-dtd.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2047653
Patch5: libxslt-1.1.34-test-fuzz-build.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1775517
Patch3: libxslt-1.1.32-CVE-2019-18197.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1715732
Patch4: libxslt-1.1.32-CVE-2019-11068.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1860467
Patch5: libxslt-1.1.32-unexpected-rvt-flag.patch
%description
This C library allows to transform XML files into other XML files
@ -34,26 +43,27 @@ installed. The xsltproc command is a command line interface to the XSLT engine
%package devel
Summary: Development libraries and header files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libgcrypt-devel%{?_isa}
Requires: libgpg-error-devel%{?_isa}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%if 0
# Upstream package has not been ported to Python 3. I have
# converted this section so it could be used to compile the
# Python 3 bindings one day once that has happened, but
# commented it out. - RWMJ 2019-09-10
%package -n python3-libxslt
Summary: Python 3 bindings for %{name}
BuildRequires: python3-devel
BuildRequires: python3-libxml2
%if %{with python2}
%package -n python2-libxslt
Summary: Python 2 bindings for %{name}
BuildRequires: python2-devel
BuildRequires: python2-libxml2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: python3-libxml2
%{?python_provide:%python_provide python3-%{name}}
Requires: python2-libxml2
%{?python_provide:%python_provide python2-libxslt}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
%description -n python3-libxslt
%description -n python2-libxslt
The libxslt-python package contains a module that permits applications
written in the Python programming language to use the interface
supplied by the libxslt library to apply XSLT transformations.
@ -62,7 +72,7 @@ This library allows to parse sytlesheets, uses the libxml2-python
to load and save XML and HTML files. Direct access to XPath and
the XSLT transformation context are possible to extend the XSLT language
with XPath functions written in Python.
%endif
%endif # with python2
%prep
%autosetup -p1
@ -70,9 +80,7 @@ chmod 644 python/tests/*
%build
autoreconf -vfi
#export PYTHON=%{__python3}
#%configure --disable-static --disable-silent-rules --with-python
%configure --disable-static --disable-silent-rules --with-python=no --with-crypto=no
%configure --disable-static --disable-silent-rules
%make_build
%install
@ -118,76 +126,29 @@ rm -vrf %{buildroot}%{_docdir}
%{_libdir}/pkgconfig/libexslt.pc
%{_bindir}/xslt-config
%if 0
%files -n python3-libxslt
%{python3_sitearch}/libxslt.py*
%{python3_sitearch}/libxsltmod.so
%{python3_sitearch}/__pycache__/nbd*.py*
%if %{with python2}
%files -n python2-libxslt
%{python2_sitearch}/libxslt.py*
%{python2_sitearch}/libxsltmod.so
%doc python/libxsltclass.txt
%doc python/tests/*.py
%doc python/tests/*.xml
%doc python/tests/*.xsl
%endif
%endif # with python2
%changelog
* Fri Jan 28 2022 David King <amigadave@amigadave.com> - 1.1.34-9
- Fix validity of tutorial XML (#2047326)
- Fix build of tests/fuzz (#2047653)
* Mon Aug 24 2020 David King <dking@redhat.com> - 1.1.32-6
- Fix unexpected RVT flag error (#1860467)
* Thu Jan 27 2022 David King <amigadave@amigadave.com> - 1.1.34-8
- Fix DTD in tutorial XML (#2047326)
* Thu Jan 09 2020 David King <dking@redhat.com> - 1.1.32-5
- Fix CVE-2019-18197 (#1775517)
- Fix CVE-2019-11068 (#1715732)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.1.34-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jan 09 2020 David King <dking@redhat.com> - 1.1.32-4
- Fix multilib issues with devel subpackage (#1765632)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.1.34-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Sep 14 2020 Gwyn Ciesla <gwync@protonmail.com> - 1.1.34-4
- Patch for incorrect man page stylesheet.
* Tue Sep 1 2020 Simo Sorce <simo@redhat.com> - 1.1.34-3
- Drop crypto dependency.
- The "cryptography" implemented in exslt is outdated and bad supporting only
insecure algorithms (RC4, SHA1, MD5, MD4), and should not be used anyway.
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Mar 09 2020 Gwyn Ciesla <gwync@protonmail.com> - 1.1.34-1
- 1.1.34
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.33-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 11 2019 Jakub Jelen <jjelen@redhat.com> - 1.1.33-4
- Do not build python bindings even if the python is available
- Fix CVE-2019-13117 (#1728547)
- Fix CVE-2019-13118 (#1728542)
* Tue Sep 10 2019 Richard W.M. Jones <rjones@redhat.com> - 1.1.33-3
- Comment out Python bindings until upstream can convert them to Python 3.
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.33-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 07 2019 David King <amigadave@amigadave.com> - 1.1.33-1
- Update to 1.1.33
- Fix CVE-2019-11068 (#1709698)
* Mon May 06 2019 Artem S. Tashkinov <artem@tashkinov.com> - 1.1.32-5
- Apply an extra patch to fix PR1467435 and make it possible to coinstall
libxslt-devel.x64 and libxslt-devel.i686
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.32-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.32-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 25 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.1.32-3
- Conditionalize the python2 subpackage
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.32-2
- Fix typo in Requires