mirror of
https://codeberg.org/guix/guix.git
synced 2025-10-02 02:15:12 +00:00
gnu: libxslt: Update to 1.1.43 [security-fixes].
The following CVEs were fixed: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces Additionally, a patch from Debian for generated IDs and reproduciblity no longer applies cleanly and is likely problematic or (partially?) unneeded. See <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902051> for the latest. * gnu/packages/xml.scm (libxslt): Update to 1.1.43. (source): Remove patch. * gnu/packages/patches/libxslt-generated-ids.patch: Delete it. * gnu/local.mk (dist_patch_DATA): Unregister it. Change-Id: Ia10d906bab090792d28524beda6aca79a5a21684
This commit is contained in:
John Kehayias
parent
4c983af432
commit
bee25d710f
3 changed files with 2 additions and 177 deletions
|
|
@ -1786,7 +1786,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libxcb-path-max.patch \
|
||||
%D%/packages/patches/libxml2-xpath0-Add-option-xpath0.patch \
|
||||
%D%/packages/patches/libwpd-gcc-compat.patch \
|
||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||
%D%/packages/patches/libxt-guix-search-paths.patch \
|
||||
%D%/packages/patches/lierolibre-check-unaligned-access.patch \
|
||||
%D%/packages/patches/lierolibre-is-free-software.patch \
|
||||
|
|
|
|||
|
|
@ -1,173 +0,0 @@
|
|||
This makes generated IDs deterministic.
|
||||
|
||||
Written by Daniel Veillard.
|
||||
|
||||
This should be fixed in next release (2.29).
|
||||
See https://bugzilla.gnome.org/show_bug.cgi?id=751621.
|
||||
|
||||
diff --git a/libxslt/functions.c b/libxslt/functions.c
|
||||
index 6448bde..5b00a6d 100644
|
||||
--- a/libxslt/functions.c
|
||||
+++ b/libxslt/functions.c
|
||||
@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
|
||||
}
|
||||
|
||||
/**
|
||||
+ * xsltCleanupIds:
|
||||
+ * @ctxt: the transformation context
|
||||
+ * @root: the root of the resulting document
|
||||
+ *
|
||||
+ * This clean up ids which may have been saved in Element contents
|
||||
+ * by xsltGenerateIdFunction() to provide stable IDs on elements.
|
||||
+ *
|
||||
+ * Returns the number of items cleaned or -1 in case of error
|
||||
+ */
|
||||
+int
|
||||
+xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) {
|
||||
+ xmlNodePtr cur;
|
||||
+ int count = 0;
|
||||
+
|
||||
+ if ((ctxt == NULL) || (root == NULL))
|
||||
+ return(-1);
|
||||
+ if (root->type != XML_ELEMENT_NODE)
|
||||
+ return(-1);
|
||||
+
|
||||
+ cur = root;
|
||||
+ while (cur != NULL) {
|
||||
+ if (cur->type == XML_ELEMENT_NODE) {
|
||||
+ if (cur->content != NULL) {
|
||||
+ cur->content = NULL;
|
||||
+ count++;
|
||||
+ }
|
||||
+ if (cur->children != NULL) {
|
||||
+ cur = cur->children;
|
||||
+ continue;
|
||||
+ }
|
||||
+ }
|
||||
+ if (cur->next != NULL) {
|
||||
+ cur = cur->next;
|
||||
+ continue;
|
||||
+ }
|
||||
+ do {
|
||||
+ cur = cur->parent;
|
||||
+ if (cur == NULL)
|
||||
+ break;
|
||||
+ if (cur == (xmlNodePtr) root) {
|
||||
+ cur = NULL;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (cur->next != NULL) {
|
||||
+ cur = cur->next;
|
||||
+ break;
|
||||
+ }
|
||||
+ } while (cur != NULL);
|
||||
+ }
|
||||
+
|
||||
+fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n",
|
||||
+ ctxt->nextid, count);
|
||||
+
|
||||
+ return(count);
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
* xsltGenerateIdFunction:
|
||||
* @ctxt: the XPath Parser context
|
||||
* @nargs: the number of arguments
|
||||
@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
|
||||
if (obj)
|
||||
xmlXPathFreeObject(obj);
|
||||
|
||||
- val = (long)((char *)cur - (char *)&base_address);
|
||||
+ /*
|
||||
+ * Try to provide stable ID for generated document:
|
||||
+ * - usually ID are computed to be placed on elements via attributes
|
||||
+ * so using the element as the node for the ID
|
||||
+ * - the cur->content should be a correct placeholder for this, we use
|
||||
+ * it to hold element node numbers in xmlXPathOrderDocElems to
|
||||
+ * speed up XPath too
|
||||
+ * - xsltCleanupIds() clean them up before handing the XSLT output
|
||||
+ * to the API client.
|
||||
+ * - other nodes types use the node address method but that should
|
||||
+ * not end up in resulting document ID
|
||||
+ * - we can enable this by default without risk of performance issues
|
||||
+ * only the one pass xsltCleanupIds() is added
|
||||
+ */
|
||||
+ if (cur->type == XML_ELEMENT_NODE) {
|
||||
+ if (cur->content == NULL) {
|
||||
+ xsltTransformContextPtr tctxt;
|
||||
+
|
||||
+ tctxt = xsltXPathGetTransformContext(ctxt);
|
||||
+ if (tctxt == NULL) {
|
||||
+ val = (long)((char *)cur - (char *)&base_address);
|
||||
+ } else {
|
||||
+ tctxt->nextid++;
|
||||
+ val = tctxt->nextid;
|
||||
+ cur->content = (void *) (val);
|
||||
+ }
|
||||
+ } else {
|
||||
+ val = (long) cur->content;
|
||||
+ }
|
||||
+ } else {
|
||||
+ val = (long)((char *)cur - (char *)&base_address);
|
||||
+ }
|
||||
+
|
||||
if (val >= 0) {
|
||||
sprintf((char *)str, "idp%ld", val);
|
||||
} else {
|
||||
diff --git a/libxslt/functions.h b/libxslt/functions.h
|
||||
index e0e0bf9..4a1e163 100644
|
||||
--- a/libxslt/functions.h
|
||||
+++ b/libxslt/functions.h
|
||||
@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL
|
||||
int nargs);
|
||||
|
||||
/*
|
||||
+ * Cleanup for ID generation
|
||||
+ */
|
||||
+XSLTPUBFUN int XSLTCALL
|
||||
+ xsltCleanupIds (xsltTransformContextPtr ctxt,
|
||||
+ xmlNodePtr root);
|
||||
+
|
||||
+/*
|
||||
* And the registration
|
||||
*/
|
||||
|
||||
diff --git a/libxslt/transform.c b/libxslt/transform.c
|
||||
index 24f9eb2..2bdf6bf 100644
|
||||
--- a/libxslt/transform.c
|
||||
+++ b/libxslt/transform.c
|
||||
@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) {
|
||||
cur->traceCode = (unsigned long*) &xsltDefaultTrace;
|
||||
cur->xinclude = xsltGetXIncludeDefault();
|
||||
cur->keyInitLevel = 0;
|
||||
+ cur->nextid = 0;
|
||||
|
||||
return(cur);
|
||||
|
||||
@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc,
|
||||
if (root != NULL) {
|
||||
const xmlChar *doctype = NULL;
|
||||
|
||||
+ /*
|
||||
+ * cleanup ids which may have been saved in Elements content ptrs
|
||||
+ */
|
||||
+ if (ctxt->nextid != 0) {
|
||||
+ xsltCleanupIds(ctxt, root);
|
||||
+ }
|
||||
+
|
||||
if ((root->ns != NULL) && (root->ns->prefix != NULL))
|
||||
doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name);
|
||||
if (doctype == NULL)
|
||||
diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
|
||||
index 95e8fe6..8eedae4 100644
|
||||
--- a/libxslt/xsltInternals.h
|
||||
+++ b/libxslt/xsltInternals.h
|
||||
@@ -1782,6 +1782,8 @@ struct _xsltTransformContext {
|
||||
int maxTemplateVars;
|
||||
unsigned long opLimit;
|
||||
unsigned long opCount;
|
||||
+
|
||||
+ unsigned long nextid;/* for generating stable ids */
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
@ -324,7 +324,7 @@ formulas and hyperlinks to multiple worksheets in an Excel 2007+ XLSX file.")
|
|||
(define-public libxslt
|
||||
(package
|
||||
(name "libxslt")
|
||||
(version "1.1.37")
|
||||
(version "1.1.43")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://gnome/sources"
|
||||
|
|
@ -332,8 +332,7 @@ formulas and hyperlinks to multiple worksheets in an Excel 2007+ XLSX file.")
|
|||
"/libxslt-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1d1s2bk0m6d7bzml9w90ycl0jlpcy4v07595cwaddk17h3f2fjrs"))
|
||||
(patches (search-patches "libxslt-generated-ids.patch"))))
|
||||
"0fhqy01x99iia8306czakxza4spzyn88w4bin4sw5bx57hw6ngas"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
(list #:phases
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue