download.lst | 4
external/libxslt/UnpackedTarball_libxslt.mk | 2
external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 | 120
----------
external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69 +++++
external/libxslt/libxslt-config.patch.1 | 18 -
external/libxslt/libxslt-internal-symbols.patch.1 | 8
6 files changed, 85 insertions(+), 136 deletions(-)
New commits:
commit e9ea24cc004a8b9a5856f2f268bd40433c504db1
Author: Michael Stahl <michael.st...@cib.de>
AuthorDate: Wed Nov 20 15:08:24 2019 +0100
Commit: Michael Stahl <michael.st...@cib.de>
CommitDate: Thu Nov 21 12:34:34 2019 +0100
libxslt: upgrade to release 1.1.34
Fixes CVE-2019-18197.
Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.
Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
diff --git a/download.lst b/download.lst
index df853ad67db0..589e100575a4 100644
--- a/download.lst
+++ b/download.lst
@@ -159,8 +159,8 @@ export XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz
export LIBXML_SHA256SUM :=
aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
export LIBXML_VERSION_MICRO := 10
export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
-export LIBXSLT_SHA256SUM :=
8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
-export LIBXSLT_VERSION_MICRO := 33
+export LIBXSLT_SHA256SUM :=
98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
+export LIBXSLT_VERSION_MICRO := 34
export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz
export LPSOLVE_SHA256SUM :=
171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695
export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz
diff --git a/external/libxslt/UnpackedTarball_libxslt.mk
b/external/libxslt/UnpackedTarball_libxslt.mk
index beb591b8b2a8..b035e99f0a79 100644
--- a/external/libxslt/UnpackedTarball_libxslt.mk
+++ b/external/libxslt/UnpackedTarball_libxslt.mk
@@ -19,7 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\
external/libxslt/libxslt-msvc.patch.2 \
external/libxslt/libxslt-1.1.26-memdump.patch \
external/libxslt/rpath.patch.0 \
- external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 \
+ external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
b/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
deleted file mode 100644
index 260f35d1a35e..000000000000
--- a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
+++ /dev/null
@@ -1,120 +0,0 @@
-From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnho...@aevum.de>
-Date: Sun, 24 Mar 2019 09:51:39 +0100
-Subject: [PATCH] Fix security framework bypass
-
-xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
-don't check for this condition and allow access. With a specially
-crafted URL, xsltCheckRead could be tricked into returning an error
-because of a supposedly invalid URL that would still be loaded
-succesfully later on.
-
-Fixes #12.
-
-Thanks to Felix Wilhelm for the report.
----
- libxslt/documents.c | 18 ++++++++++--------
- libxslt/imports.c | 9 +++++----
- libxslt/transform.c | 9 +++++----
- libxslt/xslt.c | 9 +++++----
- 4 files changed, 25 insertions(+), 20 deletions(-)
-
-diff --git a/libxslt/documents.c b/libxslt/documents.c
-index 3f3a7312..4aad11bb 100644
---- a/libxslt/documents.c
-+++ b/libxslt/documents.c
-@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const
xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(ctxt->sec, ctxt, URI);
-- if (res == 0) {
-- xsltTransformError(ctxt, NULL, NULL,
-- "xsltLoadDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(ctxt, NULL, NULL,
-+ "xsltLoadDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const
xmlChar *URI) {
- int res;
-
- res = xsltCheckRead(sec, NULL, URI);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltLoadStyleDocument: read rights for %s denied\n",
-- URI);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltLoadStyleDocument: read rights for %s denied\n",
-+ URI);
- return(NULL);
- }
- }
-diff --git a/libxslt/imports.c b/libxslt/imports.c
-index 874870cc..3783b247 100644
---- a/libxslt/imports.c
-+++ b/libxslt/imports.c
-@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style,
xmlNodePtr cur) {
- int secres;
-
- secres = xsltCheckRead(sec, NULL, URI);
-- if (secres == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsl:import: read rights for %s denied\n",
-- URI);
-+ if (secres <= 0) {
-+ if (secres == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsl:import: read rights for %s denied\n",
-+ URI);
- goto error;
- }
- }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 13793914..0636dbd0 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt,
xmlNodePtr node,
- */
- if (ctxt->sec != NULL) {
- ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
-- if (ret == 0) {
-- xsltTransformError(ctxt, NULL, inst,
-- "xsltDocumentElem: write rights for %s denied\n",
-- filename);
-+ if (ret <= 0) {
-+ if (ret == 0)
-+ xsltTransformError(ctxt, NULL, inst,
-+ "xsltDocumentElem: write rights for %s denied\n",
-+ filename);
- xmlFree(URL);
- xmlFree(filename);
- return;
-diff --git a/libxslt/xslt.c b/libxslt/xslt.c
-index 780a5ad7..a234eb79 100644
---- a/libxslt/xslt.c
-+++ b/libxslt/xslt.c
-@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
- int res;
-
- res = xsltCheckRead(sec, NULL, filename);
-- if (res == 0) {
-- xsltTransformError(NULL, NULL, NULL,
-- "xsltParseStylesheetFile: read rights for %s denied\n",
-- filename);
-+ if (res <= 0) {
-+ if (res == 0)
-+ xsltTransformError(NULL, NULL, NULL,
-+ "xsltParseStylesheetFile: read rights for %s denied\n",
-+ filename);
- return(NULL);
- }
- }
---
-2.18.1
-
diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
new file mode 100644
index 000000000000..f82c2e4f77ee
--- /dev/null
+++ b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
@@ -0,0 +1,69 @@
+From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001
+From: Chun-wei Fan <fanchun...@src.gnome.org>
+Date: Tue, 12 Nov 2019 17:37:05 +0800
+Subject: [PATCH] win32: Add configuration for profiler
+
+Without this the generated xsltconfig.h will not be complete as there
+will be a configuration variable that is left in the header, breaking
+builds.
+
+This will allow one to enable or disable profiler support in Windows
+builds, and the default is to enable this.
+---
+ win32/configure.js | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/win32/configure.js b/win32/configure.js
+index 56694cce..12c99f30 100644
+--- a/win32/configure.js
++++ b/win32/configure.js
+@@ -47,6 +47,7 @@ var withIconv = true;
+ var withZlib = false;
+ var withCrypto = true;
+ var withModules = false;
++var withProfiler = true;
+ /* Win32 build options. */
+ var dirSep = "\\";
+ var compiler = "msvc";
+@@ -106,6 +107,7 @@ function usage()
+ txt += " zlib: Use zlib library (" + (withZlib? "yes" : "no") +
")\n";
+ txt += " crypto: Enable Crypto support (" + (withCrypto? "yes" :
"no") + ")\n";
+ txt += " modules: Enable Module support (" + (withModules? "yes" :
"no") + ")\n";
++ txt += " profiler: Enable Profiler support (" + (withProfiler? "yes"
: "no") + ")\n";
+ txt += "\nWin32 build options, default value given in parentheses:\n\n";
+ txt += " compiler: Compiler to be used [msvc|mingw] (" + compiler +
")\n";
+ txt += " cruntime: C-runtime compiler option (only msvc) (" +
cruntime + ")\n";
+@@ -192,6 +194,7 @@ function discoverVersion()
+ vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0"));
+ vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0"));
+ vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0"));
++ vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0"));
+ vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
+ vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
+ vf.WriteLine("PREFIX=" + buildPrefix);
+@@ -240,6 +243,8 @@ function configureXslt()
+ of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/,
withDebugger? "1" : "0"));
+ } else if (s.search(/\@WITH_MODULES\@/) != -1) {
+ of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules?
"1" : "0"));
++ } else if (s.search(/\@WITH_PROFILER\@/) != -1) {
++ of.WriteLine(s.replace(/\@WITH_PROFILER\@/,
withProfiler? "1" : "0"));
+ } else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) {
+
of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL"));
+ } else
+@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error ==
0); i++) {
+ withCrypto = strToBool(arg.substring(opt.length + 1,
arg.length));
+ else if (opt == "modules")
+ withModules = strToBool(arg.substring(opt.length + 1,
arg.length));
++ else if (opt == "profiler")
++ withProfiler = strToBool(arg.substring(opt.length + 1,
arg.length));
+ else if (opt == "compiler")
+ compiler = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "cruntime")
+@@ -477,6 +484,7 @@ txtOut += " Use iconv: " + boolToStr(withIconv) +
"\n";
+ txtOut += " With zlib: " + boolToStr(withZlib) + "\n";
+ txtOut += " Crypto: " + boolToStr(withCrypto) + "\n";
+ txtOut += " Modules: " + boolToStr(withModules) + "\n";
++txtOut += " Profiler: " + boolToStr(withProfiler) + "\n";
+ txtOut += "\n";
+ txtOut += "Win32 build configuration\n";
+ txtOut += "-------------------------\n";
diff --git a/external/libxslt/libxslt-config.patch.1
b/external/libxslt/libxslt-config.patch.1
index 5f9d107bd1e7..e4ce5d9e27cf 100644
--- a/external/libxslt/libxslt-config.patch.1
+++ b/external/libxslt/libxslt-config.patch.1
@@ -23,13 +23,13 @@ Hack the xslt-config to return paths into WORKDIR.
usage()
{
-@@ -89,7 +95,8 @@
- shift
- done
+@@ -92,7 +98,8 @@
+ libs="@XSLT_LIBDIR@ $libs"
+ fi
--the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+#the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+the_libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
- if test "$includedir" != "/usr/include"; then
- the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`"
- else
+- libs="$libs @EXTRA_LIBS@"
++ #libs="$libs @EXTRA_LIBS@"
++ libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
+ ;;
+
+ *)
diff --git a/external/libxslt/libxslt-internal-symbols.patch.1
b/external/libxslt/libxslt-internal-symbols.patch.1
index 7b13e1007c00..84a15154d729 100644
--- a/external/libxslt/libxslt-internal-symbols.patch.1
+++ b/external/libxslt/libxslt-internal-symbols.patch.1
@@ -1,13 +1,13 @@
--- xslt/libxslt/libxslt.syms.orig 2017-09-05 16:25:50.504966267 +0200
+++ xslt/libxslt/libxslt.syms 2017-09-05 16:41:00.256895709 +0200
@@ -497,5 +497,10 @@
- # xsltInternals
- xsltFlagRVTs;
- xsltDecimalFormatGetByQName;
+
+ # pattern
+ xsltCompMatchClearCache;
+
+# Solaris ld needs explicit auto-reduction (or, alternatively, "-B local")
+ local:
+ *;
+
- } LIBXML2_1.1.27;
+ } LIBXML2_1.1.30;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
