mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: libxslt: Update to 1.1.29.
* gnu/packages/patches/libxslt-CVE-2015-7995.patch, gnu/packages/patches/libxslt-remove-date-timestamps.patch: Delete files. * gnu/packages/xml.scm: Update to 1.1.29. [source]: Remove patches.
This commit is contained in:
parent
ee86e7e148
commit
28b33172c9
3 changed files with 3 additions and 100 deletions
|
@ -1,29 +0,0 @@
|
|||
From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Veillard <veillard@redhat.com>
|
||||
Date: Thu, 29 Oct 2015 19:33:23 +0800
|
||||
Subject: [PATCH] Fix for type confusion in preprocessing attributes
|
||||
|
||||
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
|
||||
We need to check that the parent node is an element before dereferencing
|
||||
its namespace
|
||||
---
|
||||
libxslt/preproc.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libxslt/preproc.c b/libxslt/preproc.c
|
||||
index 0eb80a0..7f69325 100644
|
||||
--- a/libxslt/preproc.c
|
||||
+++ b/libxslt/preproc.c
|
||||
@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
|
||||
} else if (IS_XSLT_NAME(inst, "attribute")) {
|
||||
xmlNodePtr parent = inst->parent;
|
||||
|
||||
- if ((parent == NULL) || (parent->ns == NULL) ||
|
||||
+ if ((parent == NULL) ||
|
||||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
|
||||
((parent->ns != inst->ns) &&
|
||||
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
|
||||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
|
||||
--
|
||||
2.6.3
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
Use deterministic SOURCE_DATE_EPOCH for embedded timestamps in generated documentation.
|
||||
|
||||
Written by Eduard Sanou.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=758148
|
||||
|
||||
--- libxslt-1.1.28.orig/libexslt/date.c
|
||||
+++ libxslt-1.1.28/libexslt/date.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "exslt.h"
|
||||
|
||||
#include <string.h>
|
||||
+#include <errno.h>
|
||||
|
||||
#ifdef HAVE_MATH_H
|
||||
#include <math.h>
|
||||
@@ -747,21 +748,46 @@ static exsltDateValPtr
|
||||
exsltDateCurrent (void)
|
||||
{
|
||||
struct tm localTm, gmTm;
|
||||
+ struct tm *tb = NULL;
|
||||
time_t secs;
|
||||
int local_s, gm_s;
|
||||
exsltDateValPtr ret;
|
||||
+ char *source_date_epoch;
|
||||
|
||||
ret = exsltDateCreateDate(XS_DATETIME);
|
||||
if (ret == NULL)
|
||||
return NULL;
|
||||
|
||||
- /* get current time */
|
||||
secs = time(NULL);
|
||||
+ /*
|
||||
+ * Allow the date and time to be set externally by an exported
|
||||
+ * environment variable to enable reproducible builds.
|
||||
+ */
|
||||
+ source_date_epoch = getenv("SOURCE_DATE_EPOCH");
|
||||
+ if (source_date_epoch) {
|
||||
+ errno = 0;
|
||||
+ secs = (time_t) strtol (source_date_epoch, NULL, 10);
|
||||
+ if (errno == 0) {
|
||||
+ tb = gmtime(&secs);
|
||||
+ if (tb == NULL) {
|
||||
+ /* SOURCE_DATE_EPOCH is not a valid date */
|
||||
+ return NULL;
|
||||
+ } else {
|
||||
+ localTm = *tb;
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* SOURCE_DATE_EPOCH is not a valid number */
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* get current time */
|
||||
#if HAVE_LOCALTIME_R
|
||||
- localtime_r(&secs, &localTm);
|
||||
+ localtime_r(&secs, &localTm);
|
||||
#else
|
||||
- localTm = *localtime(&secs);
|
||||
+ localTm = *localtime(&secs);
|
||||
#endif
|
||||
+ }
|
||||
+
|
||||
|
||||
/* get real year, not years since 1900 */
|
||||
ret->value.date.year = localTm.tm_year + 1900;
|
|
@ -130,17 +130,15 @@ (define-public python2-libxml2
|
|||
(define-public libxslt
|
||||
(package
|
||||
(name "libxslt")
|
||||
(version "1.1.28")
|
||||
(version "1.1.29")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
|
||||
(patches (search-patches "libxslt-generated-ids.patch"
|
||||
"libxslt-remove-date-timestamps.patch"
|
||||
"libxslt-CVE-2015-7995.patch"))))
|
||||
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
|
||||
(patches (search-patches "libxslt-generated-ids.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(home-page "http://xmlsoft.org/XSLT/index.html")
|
||||
(synopsis "C library for applying XSLT stylesheets to XML documents")
|
||||
|
|
Loading…
Reference in a new issue