commit: e06a4aed9969ad025d82fadde2da1f4f7b98d2fd Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Apr 17 16:34:42 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Apr 17 16:34:42 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e06a4aed
dev-libs/libxslt: drop 1.1.34-r2 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/libxslt/Manifest | 2 - .../files/libxslt-1.1.34-CVE-2021-30560.patch | 194 --------------------- .../files/libxslt-1.1.34-libxml2-2.9.12.patch | 120 ------------- dev-libs/libxslt/libxslt-1.1.34-r2.ebuild | 72 -------- 4 files changed, 388 deletions(-) diff --git a/dev-libs/libxslt/Manifest b/dev-libs/libxslt/Manifest index 4a8fc6108e27..e925f79f8190 100644 --- a/dev-libs/libxslt/Manifest +++ b/dev-libs/libxslt/Manifest @@ -1,3 +1 @@ -DIST libxslt-1.1.34.tar.gz 3552258 BLAKE2B f043a0357e0705ab68041adf4031a6b3e0b5c3d396691c988a34963a0ee0ebe3bede2d1d7a0c5f0c42c046183653c94f4b51e10e35980a039c8cad446e84ad86 SHA512 1516a11ad608b04740674060d2c5d733b88889de5e413b9a4e8bf8d1a90d712149df6d2b1345b615f529d7c7d3fa6dae12e544da828b39c7d415e54c0ee0776b -DIST libxslt-1.1.34.tar.gz.asc 488 BLAKE2B fff407ab2c2bbafa804e5a1f84ca447c706d75fd7489c99ac6040b625d0417a0e6c189be3457e6cc6ecd6b7860829875ea95a132fef24f8a532156361f8a5308 SHA512 9b155d4571daede99cdbf2813a85fb04812737b5e23d3f7c9840225b38f3dbf171623a21645daaee190e7ff9ba38bde932922e96a2a2312c203ffa9917c3baea DIST libxslt-1.1.35.tar.xz 1827548 BLAKE2B 9667a93e61f50098a512c1351bce2ee937fc5d29488d010b525122d28ffedc73e0930402f3df2d378161a031dc016a15f0f03bdc343f0c4aa5d0b5c454f8002d SHA512 9dd4a699235f50ae9b75b25137e387471635b4b2da0a4e4380879cd49f1513470fcfbfd775269b066eac513a1ffa6860c77ec42747168e2348248f09f60c8c96 diff --git a/dev-libs/libxslt/files/libxslt-1.1.34-CVE-2021-30560.patch b/dev-libs/libxslt/files/libxslt-1.1.34-CVE-2021-30560.patch deleted file mode 100644 index dcda176c513a..000000000000 --- a/dev-libs/libxslt/files/libxslt-1.1.34-CVE-2021-30560.patch +++ /dev/null @@ -1,194 +0,0 @@ -https://gitlab.gnome.org/GNOME/libxslt/-/issues/56 -https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 -https://gitlab.gnome.org/GNOME/libxslt/-/issues/51 -https://bugs.gentoo.org/790218 - -From: Nick Wellnhofer <wellnho...@aevum.de> -Date: Sat, 12 Jun 2021 20:02:53 +0200 -Subject: [PATCH] Fix use-after-free in xsltApplyTemplates - -xsltApplyTemplates without a select expression could delete nodes in -the source document. - -1. Text nodes with strippable whitespace - -Whitespace from input documents is already stripped, so there's no -need to strip it again. Under certain circumstances, xsltApplyTemplates -could be fooled into deleting text nodes that are still referenced, -resulting in a use-after-free. - -2. The DTD - -The DTD was only unlinked, but there's no good reason to do this just -now. Maybe it was meant as a micro-optimization. - -3. Unknown nodes - -Useless and dangerous as well, especially with XInclude nodes. -See https://gitlab.gnome.org/GNOME/libxml2/-/issues/268 - -Simply stop trying to uselessly delete nodes when applying a template. -This part of the code is probably a leftover from a time where -xsltApplyStripSpaces wasn't implemented yet. Also note that -xsltApplyTemplates with a select expression never tried to delete -nodes. - -Also stop xsltDefaultProcessOneNode from deleting nodes for the same -reasons. - -This fixes CVE-2021-30560. ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -1895,7 +1895,7 @@ static void - xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node, - xsltStackElemPtr params) { - xmlNodePtr copy; -- xmlNodePtr delete = NULL, cur; -+ xmlNodePtr cur; - int nbchild = 0, oldSize; - int childno = 0, oldPos; - xsltTemplatePtr template; -@@ -1968,54 +1968,13 @@ xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node, - return; - } - /* -- * Handling of Elements: first pass, cleanup and counting -+ * Handling of Elements: first pass, counting - */ - cur = node->children; - while (cur != NULL) { -- switch (cur->type) { -- case XML_TEXT_NODE: -- case XML_CDATA_SECTION_NODE: -- case XML_DOCUMENT_NODE: -- case XML_HTML_DOCUMENT_NODE: -- case XML_ELEMENT_NODE: -- case XML_PI_NODE: -- case XML_COMMENT_NODE: -- nbchild++; -- break; -- case XML_DTD_NODE: -- /* Unlink the DTD, it's still reachable using doc->intSubset */ -- if (cur->next != NULL) -- cur->next->prev = cur->prev; -- if (cur->prev != NULL) -- cur->prev->next = cur->next; -- break; -- default: --#ifdef WITH_XSLT_DEBUG_PROCESS -- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, -- "xsltDefaultProcessOneNode: skipping node type %d\n", -- cur->type)); --#endif -- delete = cur; -- } -+ if (IS_XSLT_REAL_NODE(cur)) -+ nbchild++; - cur = cur->next; -- if (delete != NULL) { --#ifdef WITH_XSLT_DEBUG_PROCESS -- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, -- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); --#endif -- xmlUnlinkNode(delete); -- xmlFreeNode(delete); -- delete = NULL; -- } -- } -- if (delete != NULL) { --#ifdef WITH_XSLT_DEBUG_PROCESS -- XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext, -- "xsltDefaultProcessOneNode: removing ignorable blank node\n")); --#endif -- xmlUnlinkNode(delete); -- xmlFreeNode(delete); -- delete = NULL; - } - - /* -@@ -4864,7 +4823,7 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node, - xsltStylePreCompPtr comp = (xsltStylePreCompPtr) castedComp; - #endif - int i; -- xmlNodePtr cur, delNode = NULL, oldContextNode; -+ xmlNodePtr cur, oldContextNode; - xmlNodeSetPtr list = NULL, oldList; - xsltStackElemPtr withParams = NULL; - int oldXPProximityPosition, oldXPContextSize; -@@ -4998,73 +4957,9 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node, - else - cur = NULL; - while (cur != NULL) { -- switch (cur->type) { -- case XML_TEXT_NODE: -- if ((IS_BLANK_NODE(cur)) && -- (cur->parent != NULL) && -- (cur->parent->type == XML_ELEMENT_NODE) && -- (ctxt->style->stripSpaces != NULL)) { -- const xmlChar *val; -- -- if (cur->parent->ns != NULL) { -- val = (const xmlChar *) -- xmlHashLookup2(ctxt->style->stripSpaces, -- cur->parent->name, -- cur->parent->ns->href); -- if (val == NULL) { -- val = (const xmlChar *) -- xmlHashLookup2(ctxt->style->stripSpaces, -- BAD_CAST "*", -- cur->parent->ns->href); -- } -- } else { -- val = (const xmlChar *) -- xmlHashLookup2(ctxt->style->stripSpaces, -- cur->parent->name, NULL); -- } -- if ((val != NULL) && -- (xmlStrEqual(val, (xmlChar *) "strip"))) { -- delNode = cur; -- break; -- } -- } -- /* Intentional fall-through */ -- case XML_ELEMENT_NODE: -- case XML_DOCUMENT_NODE: -- case XML_HTML_DOCUMENT_NODE: -- case XML_CDATA_SECTION_NODE: -- case XML_PI_NODE: -- case XML_COMMENT_NODE: -- xmlXPathNodeSetAddUnique(list, cur); -- break; -- case XML_DTD_NODE: -- /* Unlink the DTD, it's still reachable -- * using doc->intSubset */ -- if (cur->next != NULL) -- cur->next->prev = cur->prev; -- if (cur->prev != NULL) -- cur->prev->next = cur->next; -- break; -- case XML_NAMESPACE_DECL: -- break; -- default: --#ifdef WITH_XSLT_DEBUG_PROCESS -- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, -- "xsltApplyTemplates: skipping cur type %d\n", -- cur->type)); --#endif -- delNode = cur; -- } -+ if (IS_XSLT_REAL_NODE(cur)) -+ xmlXPathNodeSetAddUnique(list, cur); - cur = cur->next; -- if (delNode != NULL) { --#ifdef WITH_XSLT_DEBUG_PROCESS -- XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext, -- "xsltApplyTemplates: removing ignorable blank cur\n")); --#endif -- xmlUnlinkNode(delNode); -- xmlFreeNode(delNode); -- delNode = NULL; -- } - } - } - -GitLab diff --git a/dev-libs/libxslt/files/libxslt-1.1.34-libxml2-2.9.12.patch b/dev-libs/libxslt/files/libxslt-1.1.34-libxml2-2.9.12.patch deleted file mode 100644 index 635fb576d3de..000000000000 --- a/dev-libs/libxslt/files/libxslt-1.1.34-libxml2-2.9.12.patch +++ /dev/null @@ -1,120 +0,0 @@ -https://gitlab.gnome.org/GNOME/libxslt/-/commit/9ae2f94df1721e002941b40665efb762aefcea1a -https://gitlab.gnome.org/GNOME/libxslt/-/commit/824657768aea2cce9c23e72ba8085cb5e44350c7 -https://gitlab.gnome.org/GNOME/libxslt/-/commit/77c26bad0433541f486b1e7ced44ca9979376908 - -From: Nick Wellnhofer <wellnho...@aevum.de> -Date: Mon, 17 Aug 2020 03:42:11 +0200 -Subject: [PATCH] Stop using maxParserDepth XPath limit - -This will be removed again from libxml2. ---- a/tests/fuzz/fuzz.c -+++ b/tests/fuzz/fuzz.c -@@ -183,8 +183,7 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, - xpctxt = tctxt->xpathCtxt; - - /* Resource limits to avoid timeouts and call stack overflows */ -- xpctxt->maxParserDepth = 15; -- xpctxt->maxDepth = 100; -+ xpctxt->maxDepth = 500; - xpctxt->opLimit = 500000; - - /* Test namespaces used in xpath.xml */ -@@ -317,8 +316,7 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, - - static void - xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { -- ctxt->maxParserDepth = 15; -- ctxt->maxDepth = 100; -+ ctxt->maxDepth = 200; - ctxt->opLimit = 100000; - } - -From: Nick Wellnhofer <wellnho...@aevum.de> -Date: Mon, 17 Aug 2020 04:27:13 +0200 -Subject: [PATCH] Transfer XPath limits to XPtr context - -Expressions like document('doc.xml#xpointer(evil_expr)') ignored the -XPath limits. ---- a/libxslt/functions.c -+++ b/libxslt/functions.c -@@ -178,10 +178,22 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) - goto out_fragment; - } - -+#if LIBXML_VERSION >= 20911 || \ -+ defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) -+ xptrctxt->opLimit = ctxt->context->opLimit; -+ xptrctxt->opCount = ctxt->context->opCount; -+ xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; -+ -+ resObj = xmlXPtrEval(fragment, xptrctxt); -+ -+ ctxt->context->opCount = xptrctxt->opCount; -+#else - resObj = xmlXPtrEval(fragment, xptrctxt); -- xmlXPathFreeContext(xptrctxt); - #endif - -+ xmlXPathFreeContext(xptrctxt); -+#endif /* LIBXML_XPTR_ENABLED */ -+ - if (resObj == NULL) - goto out_fragment; - -From: Nick Wellnhofer <wellnho...@aevum.de> -Date: Wed, 26 Aug 2020 00:34:38 +0200 -Subject: [PATCH] Don't set maxDepth in XPath contexts - -The maximum recursion depth is hardcoded in libxml2 now. ---- a/libxslt/functions.c -+++ b/libxslt/functions.c -@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI) - defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - xptrctxt->opLimit = ctxt->context->opLimit; - xptrctxt->opCount = ctxt->context->opCount; -- xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth; -+ xptrctxt->depth = ctxt->context->depth; - - resObj = xmlXPtrEval(fragment, xptrctxt); - ---- a/tests/fuzz/fuzz.c -+++ b/tests/fuzz/fuzz.c -@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, - xpctxt = tctxt->xpathCtxt; - - /* Resource limits to avoid timeouts and call stack overflows */ -- xpctxt->maxDepth = 500; - xpctxt->opLimit = 500000; - - /* Test namespaces used in xpath.xml */ -@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p, - return 0; - } - --static void --xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) { -- ctxt->maxDepth = 200; -- ctxt->opLimit = 100000; --} -- - xmlChar * - xsltFuzzXslt(const char *data, size_t size) { - xmlDocPtr xsltDoc; -@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) { - xmlFreeDoc(xsltDoc); - return NULL; - } -- xsltSetXPathResourceLimits(sheet->xpathCtxt); -+ sheet->xpathCtxt->opLimit = 100000; - sheet->xpathCtxt->opCount = 0; - if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) { - xsltFreeStylesheet(sheet); -@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) { - xsltSetCtxtSecurityPrefs(sec, ctxt); - ctxt->maxTemplateDepth = 100; - ctxt->opLimit = 20000; -- xsltSetXPathResourceLimits(ctxt->xpathCtxt); -+ ctxt->xpathCtxt->opLimit = 100000; - ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount; - - result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt); diff --git a/dev-libs/libxslt/libxslt-1.1.34-r2.ebuild b/dev-libs/libxslt/libxslt-1.1.34-r2.ebuild deleted file mode 100644 index 5239f0691623..000000000000 --- a/dev-libs/libxslt/libxslt-1.1.34-r2.ebuild +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/danielveillard.asc -inherit libtool multilib-minimal verify-sig - -# Note: Please bump this in sync with dev-libs/libxml2. -DESCRIPTION="XSLT libraries and tools" -HOMEPAGE="http://www.xmlsoft.org/ https://gitlab.gnome.org/GNOME/libxslt"; -SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"; -SRC_URI+=" verify-sig? ( ftp://xmlsoft.org/${PN}/${P}.tar.gz.asc )" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="crypt debug examples static-libs" - -BDEPEND=">=virtual/pkgconfig-1 - verify-sig? ( sec-keys/openpgp-keys-danielveillard )" -RDEPEND=" - >=dev-libs/libxml2-2.9.11:2[${MULTILIB_USEDEP}] - crypt? ( >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/xslt-config -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/libxslt/xsltconfig.h -) - -PATCHES=( - "${FILESDIR}"/${P}-libxml2-2.9.12.patch - "${FILESDIR}"/${P}-CVE-2021-30560.patch -) - -src_prepare() { - default - - DOCS=( AUTHORS ChangeLog FEATURES NEWS README TODO ) - - # Prefix always needs elibtoolize if not eautoreconf'd. - elibtoolize -} - -multilib_src_configure() { - # Python bindings were dropped as they were Python 2 only at the time - ECONF_SOURCE="${S}" econf \ - --with-html-dir="${EPREFIX}"/usr/share/doc/${PF} \ - --with-html-subdir=html \ - --without-python \ - $(use_with crypt crypto) \ - $(use_with debug) \ - $(use_with debug mem-debug) \ - $(use_enable static-libs static) \ - "$@" -} - -multilib_src_install() { - # "default" does not work here - docs are installed by multilib_src_install_all - emake DESTDIR="${D}" install -} - -multilib_src_install_all() { - einstalldocs - - find "${ED}" -type f -name "*.la" -delete || die -}
