Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxslt for openSUSE:Factory checked in at 2021-06-04 22:42:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxslt (Old) and /work/SRC/openSUSE:Factory/.libxslt.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt" Fri Jun 4 22:42:30 2021 rev:62 rq:896775 version:1.1.34 Changes: -------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2019-12-07 15:23:18.919729418 +0100 +++ /work/SRC/openSUSE:Factory/.libxslt.new.1898/libxslt.changes 2021-06-04 22:42:35.851065323 +0200 @@ -1,0 +2,8 @@ +Tue Jun 1 10:41:44 UTC 2021 - Pedro Monreal <[email protected]> + +- Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit +- Add upstream patches: + * libxslt-Stop-using-maxParserDepth-XPath-limit.patch + * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch + +------------------------------------------------------------------- New: ---- libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch libxslt-Stop-using-maxParserDepth-XPath-limit.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.BHeTpM/_old 2021-06-04 22:42:36.731066293 +0200 +++ /var/tmp/diff_new_pack.BHeTpM/_new 2021-06-04 22:42:36.731066293 +0200 @@ -1,7 +1,7 @@ # # spec file for package libxslt # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Version: 1.1.34 Release: 0 Summary: XSL Transformation Library -License: MIT AND GPL-2.0-or-later +License: GPL-2.0-or-later AND MIT Group: Development/Libraries/C and C++ URL: http://xmlsoft.org/XSLT/ Source0: ftp://xmlsoft.org/libxslt/libxslt-%{version}.tar.gz @@ -34,10 +34,14 @@ Patch1: libxslt-config-fixes.patch Patch2: 0009-Make-generate-id-deterministic.patch Patch3: libxslt-random-seed.patch +# PATCH-FIX-UPSTREAM gitlab.gnome.org/GNOME/libxslt/commit/9ae2f94df1721e002941b40665efb762aefcea1a +Patch4: libxslt-Stop-using-maxParserDepth-XPath-limit.patch +# PATCH-FIX-UPSTREAM gitlab.gnome.org/GNOME/libxslt/commit/77c26bad0433541f486b1e7ced44ca9979376908 +Patch5: libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool -BuildRequires: libxml2-devel +BuildRequires: libxml2-devel >= 2.9.12 BuildRequires: pkgconfig Obsoletes: libxslt-python @@ -88,7 +92,7 @@ %package tools Summary: Extended Stylesheet Language (XSL) Transformation utilities -License: MIT AND GPL-2.0-or-later +License: GPL-2.0-or-later AND MIT Group: Development/Tools/Other Provides: %{name} = %{version} Provides: xsltproc = %{version} @@ -103,6 +107,8 @@ %patch1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build autoreconf -fvi ++++++ libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch ++++++ >From 77c26bad0433541f486b1e7ced44ca9979376908 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Wed, 26 Aug 2020 00:34:38 +0200 Subject: [PATCH] Don't set maxDepth in XPath contexts The maximum recursion depth is hardcoded in libxml2 now. --- libxslt/functions.c | 2 +- tests/fuzz/fuzz.c | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) Index: libxslt-1.1.34/tests/fuzz/fuzz.c =================================================================== --- libxslt-1.1.34.orig/tests/fuzz/fuzz.c +++ libxslt-1.1.34/tests/fuzz/fuzz.c @@ -168,7 +168,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_ xpctxt = tctxt->xpathCtxt; /* Resource limits to avoid timeouts and call stack overflows */ - xpctxt->maxDepth = 500; xpctxt->opLimit = 500000; /* Test namespaces used in xpath.xml */ @@ -299,12 +298,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_U return 0; } -static void -xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { - ctxt->maxDepth = 200; - ctxt->opLimit = 100000; -} - xmlChar * xsltFuzzXslt(const char *data, size_t size) { xmlDocPtr xsltDoc; @@ -334,7 +327,7 @@ xsltFuzzXslt(const char *data, size_t si xmlFreeDoc(xsltDoc); return NULL; } - xsltSetXPathResourceLimits(sheet->xpathCtxt); + sheet->xpathCtxt->opLimit = 100000; sheet->xpathCtxt->opCount = 0; if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) { xsltFreeStylesheet(sheet); @@ -346,7 +339,7 @@ xsltFuzzXslt(const char *data, size_t si xsltSetCtxtSecurityPrefs(sec, ctxt); ctxt->maxTemplateDepth = 100; ctxt->opLimit = 20000; - xsltSetXPathResourceLimits(ctxt->xpathCtxt); + ctxt->xpathCtxt->opLimit = 100000; ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount; result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt); ++++++ libxslt-Stop-using-maxParserDepth-XPath-limit.patch ++++++ >From 9ae2f94df1721e002941b40665efb762aefcea1a Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <[email protected]> Date: Mon, 17 Aug 2020 03:42:11 +0200 Subject: [PATCH] Stop using maxParserDepth XPath limit This will be removed again from libxml2. --- tests/fuzz/fuzz.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c index f502ca2c..75234ad6 100644 --- a/tests/fuzz/fuzz.c +++ b/tests/fuzz/fuzz.c @@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, xpctxt = tctxt->xpathCtxt; /* Resource limits to avoid timeouts and call stack overflows */ - xpctxt->maxParserDepth = 15; - xpctxt->maxDepth = 100; + xpctxt->maxDepth = 500; xpctxt->opLimit = 500000; /* Test namespaces used in xpath.xml */ @@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, static void xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { - ctxt->maxParserDepth = 15; - ctxt->maxDepth = 100; + ctxt->maxDepth = 200; ctxt->opLimit = 100000; } -- GitLab
