Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=de69670335f92854b7ffdd6257f1c9728df14b4b
commit de69670335f92854b7ffdd6257f1c9728df14b4b Author: Miklos Vajna <[email protected]> Date: Mon Sep 28 10:23:28 2009 +0200 libxslt-1.1.26-1-i686 - version bump diff --git a/source/lib/libxslt/CVE-2008-2935.patch b/source/lib/libxslt/CVE-2008-2935.patch deleted file mode 100644 index c9ab232..0000000 --- a/source/lib/libxslt/CVE-2008-2935.patch +++ /dev/null @@ -1,152 +0,0 @@ -Index: libexslt/crypto.c -=================================================================== ---- libexslt/crypto.c (revision 1479) -+++ libexslt/crypto.c (working copy) -@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP - int str_len = 0, bin_len = 0, hex_len = 0; - xmlChar *key = NULL, *str = NULL, *padkey = NULL; - xmlChar *bin = NULL, *hex = NULL; -+ xsltTransformContextPtr tctxt = NULL; - -- if ((nargs < 1) || (nargs > 3)) { -+ if (nargs != 2) { - xmlXPathSetArityError (ctxt); - return; - } -+ tctxt = xsltXPathGetTransformContext(ctxt); - - str = xmlXPathPopString (ctxt); - str_len = xmlUTF8Strlen (str); -@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP - } - - key = xmlXPathPopString (ctxt); -- key_len = xmlUTF8Strlen (str); -+ key_len = xmlUTF8Strlen (key); - - if (key_len == 0) { - xmlXPathReturnEmptyString (ctxt); -@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP - return; - } - -- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); -+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); -+ if (padkey == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } -+ memset(padkey, 0, RC4_KEY_LENGTH + 1); -+ - key_size = xmlUTF8Strsize (key, key_len); -+ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } - memcpy (padkey, key, key_size); -- memset (padkey + key_size, '\0', sizeof (padkey)); - - /* encrypt it */ - bin_len = str_len; - bin = xmlStrdup (str); - if (bin == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); -+ tctxt->state = XSLT_STATE_STOPPED; - xmlXPathReturnEmptyString (ctxt); - goto done; - } -@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP - hex_len = str_len * 2 + 1; - hex = xmlMallocAtomic (hex_len); - if (hex == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); -+ tctxt->state = XSLT_STATE_STOPPED; - xmlXPathReturnEmptyString (ctxt); - goto done; - } -@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP - int str_len = 0, bin_len = 0, ret_len = 0; - xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin = - NULL, *ret = NULL; -+ xsltTransformContextPtr tctxt = NULL; - -- if ((nargs < 1) || (nargs > 3)) { -+ if (nargs != 2) { - xmlXPathSetArityError (ctxt); - return; - } -+ tctxt = xsltXPathGetTransformContext(ctxt); - - str = xmlXPathPopString (ctxt); - str_len = xmlUTF8Strlen (str); -@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP - } - - key = xmlXPathPopString (ctxt); -- key_len = xmlUTF8Strlen (str); -+ key_len = xmlUTF8Strlen (key); - - if (key_len == 0) { - xmlXPathReturnEmptyString (ctxt); -@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP - return; - } - -- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); -+ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); -+ if (padkey == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } -+ memset(padkey, 0, RC4_KEY_LENGTH + 1); - key_size = xmlUTF8Strsize (key, key_len); -+ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } - memcpy (padkey, key, key_size); -- memset (padkey + key_size, '\0', sizeof (padkey)); - - /* decode hex to binary */ - bin_len = str_len; - bin = xmlMallocAtomic (bin_len); -+ if (bin == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } - ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len); - - /* decrypt the binary blob */ - ret = xmlMallocAtomic (ret_len); -+ if (ret == NULL) { -+ xsltTransformError(tctxt, NULL, tctxt->inst, -+ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); -+ tctxt->state = XSLT_STATE_STOPPED; -+ xmlXPathReturnEmptyString (ctxt); -+ goto done; -+ } - PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len); - - xmlXPathReturnString (ctxt, ret); - -+done: - if (key != NULL) - xmlFree (key); - if (str != NULL) diff --git a/source/lib/libxslt/FrugalBuild b/source/lib/libxslt/FrugalBuild index ce258e2..cb81d99 100644 --- a/source/lib/libxslt/FrugalBuild +++ b/source/lib/libxslt/FrugalBuild @@ -3,8 +3,8 @@ # Maintainer: Zsolt Szalai <[email protected]> pkgname=libxslt -pkgver=1.1.24 -pkgrel=3 +pkgver=1.1.26 +pkgrel=1 pkgdesc="XML stylesheet transformation library" url="http://xmlsoft.org/XSLT/"; up2date="Flastarchive http://xmlsoft.org/sources/ .tar.gz" @@ -12,10 +12,8 @@ groups=('lib') archs=('i686' 'x86_64' 'ppc') depends=('libgcrypt' 'libxml2') makedepends=('python') -source=(http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz \ - CVE-2008-2935.patch) -sha1sums=('b5402e24abff5545ed76f6a55049cbebc664bd58' \ - '018183759b431aaabe094ecadbdb30df80613dd8') +source=(http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz) +sha1sums=('69f74df8228b504a87e2b257c2d5238281c65154') build() { Fbuild --without-debug --with-plugins --with-debugger _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
