external_deps.lst | 4 - libxslt/libxslt-CVE-2015-7995.patch | 24 ---------- libxslt/libxslt-configure.patch | 74 +++++---------------------------- libxslt/libxslt-internal-symbols.patch | 18 ++++---- libxslt/libxslt-win_manifest.patch | 6 +- libxslt/libxsltversion.mk | 2 libxslt/makefile.mk | 5 -- 7 files changed, 30 insertions(+), 103 deletions(-)
New commits: commit 8bec619aefa8913e08f10878cd6ae98340e37e21 Author: Don Lewis <truck...@apache.org> Date: Fri Aug 12 22:37:50 2016 +0000 Upgrade bundled libxslt from version 1.1.28 to version 1.1.29 to fix: CVE-2016-1683 CVE-2016-1684 Whether any of these affect the OpenOffice usage of libxslt is not known. OpenOffice uses libxslt for help, document signing and encryption, and for RDF. libxslt-CVE-2015-7995.patch is no longer needed because this issue has been fixed upstream. Re-roll the other patches, some of which got simplified because of upstream fixes. diff --git a/external_deps.lst b/external_deps.lst index d81dec1..1123895 100644 --- a/external_deps.lst +++ b/external_deps.lst @@ -179,8 +179,8 @@ if (SYSTEM_LIBXML != YES) URL2 = $(OOO_EXTRAS)$(MD5)-$(name) if (SYSTEM_LIBXSLT != YES) - MD5 = 9667bf6f9310b957254fdcf6596600b7 - name = libxslt-1.1.28.tar.gz + MD5 = a129d3c44c022de3b9dcf6d6f288d72e + name = libxslt-1.1.29.tar.gz URL1 = http://xmlsoft.org/sources/$(name) URL2 = $(OOO_EXTRAS)$(MD5)-$(name) diff --git a/libxslt/libxslt-CVE-2015-7995.patch b/libxslt/libxslt-CVE-2015-7995.patch deleted file mode 100644 index 59a6fbf..0000000 --- a/libxslt/libxslt-CVE-2015-7995.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veill...@redhat.com> -Date: Thu, 29 Oct 2015 19:33:23 +0800 -Subject: Fix for type confusion in preprocessing attributes - -CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 -We need to check that the parent node is an element before dereferencing -its namespace ---- - libxslt/preproc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- misc/libxslt-1.1.28/libxslt/preproc.c 2012-09-11 22:59:42.000000000 -0700 -+++ misc/build/libxslt-1.1.28/libxslt/preproc.c 2016-03-26 11:04:43.636524000 -0700 -@@ -2245,7 +2245,8 @@ - } else if (IS_XSLT_NAME(inst, "attribute")) { - xmlNodePtr parent = inst->parent; - -- if ((parent == NULL) || (parent->ns == NULL) || -+ if ((parent == NULL) || -+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || - ((parent->ns != inst->ns) && - (!xmlStrEqual(parent->ns->href, inst->ns->href))) || - (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { diff --git a/libxslt/libxslt-configure.patch b/libxslt/libxslt-configure.patch index 4b82fa3..24567a6 100644 --- a/libxslt/libxslt-configure.patch +++ b/libxslt/libxslt-configure.patch @@ -1,36 +1,18 @@ -diff -ur misc/libxslt-1.1.28/ltmain.sh misc/build/libxslt-1.1.28/ltmain.sh ---- misc/libxslt-1.1.28/ltmain.sh 2012-11-20 23:21:48.000000000 -0800 -+++ misc/build/libxslt-1.1.28/ltmain.sh 2016-03-27 11:14:40.564087000 -0700 -@@ -7331,13 +7331,13 @@ - # - case $version_type in - # correct linux to gnu/linux during the next big refactor -- darwin|linux|osf|windows|none) -+ darwin|freebsd-elf|linux|osf|windows|none) - func_arith $number_major + $number_minor - current=$func_arith_result - age="$number_minor" - revision="$number_revision" - ;; -- freebsd-aout|freebsd-elf|qnx|sunos) -+ freebsd-aout|qnx|sunos) - current="$number_major" - revision="$number_minor" - age="0" -@@ -7414,8 +7414,8 @@ - ;; +diff -ur misc/libxslt-1.1.29/configure misc/build/libxslt-1.1.29/configure +--- misc/libxslt-1.1.29/configure 2016-05-23 18:49:13.000000000 -0700 ++++ misc/build/libxslt-1.1.29/configure 2016-08-11 11:06:10.448691000 -0700 +@@ -6691,7 +6691,7 @@ - freebsd-elf) -- major=".$current" -- versuffix=".$current" -+ major=.$(($current - $age)) -+ versuffix="$major.$age.$revision" - ;; + cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh +- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' ++ lt_cv_deplibs_check_method='file_magic ^x86 archive|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; - irix | nonstopux) -diff -ur misc/libxslt-1.1.28/xslt-config.in misc/build/libxslt-1.1.28/xslt-config.in ---- misc/libxslt-1.1.28/xslt-config.in 2012-09-04 07:26:23.000000000 -0700 -+++ misc/build/libxslt-1.1.28/xslt-config.in 2016-03-26 10:54:11.377552000 -0700 +diff -ur misc/libxslt-1.1.29/xslt-config.in misc/build/libxslt-1.1.29/xslt-config.in +--- misc/libxslt-1.1.29/xslt-config.in 2015-05-10 07:11:30.000000000 -0700 ++++ misc/build/libxslt-1.1.29/xslt-config.in 2016-08-11 11:06:10.442201000 -0700 @@ -1,10 +1,15 @@ #! /bin/sh @@ -61,33 +43,3 @@ diff -ur misc/libxslt-1.1.28/xslt-config.in misc/build/libxslt-1.1.28/xslt-confi if test "$includedir" != "/usr/include"; then the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`" else -diff -ur misc/libxslt-1.1.28/configure misc/build/libxslt-1.1.28/configure ---- misc/libxslt-1.1.28/configure 2012-11-20 23:11:21.000000000 -0800 -+++ misc/build/libxslt-1.1.28/configure 2016-03-27 12:43:44.464670000 -0700 -@@ -6462,7 +6462,7 @@ - - cygwin*) - # func_win32_libid is a shell function defined in ltmain.sh -- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' -+ lt_cv_deplibs_check_method='file_magic ^x86 archive|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - ;; - -@@ -6472,7 +6472,7 @@ - # unless we find 'file', for example because we are cross-compiling. - # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. - if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then -- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' -+ lt_cv_deplibs_check_method='file_magic ^x86 archive|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - else - # Keep this pattern in sync with the one in func_win32_libid. -@@ -11635,7 +11635,7 @@ - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) -- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' -+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' soname_spec='$libname$release$shared_ext$major' - need_version=no - need_lib_prefix=no - ;; diff --git a/libxslt/libxslt-internal-symbols.patch b/libxslt/libxslt-internal-symbols.patch index 813c34f..c504dca 100644 --- a/libxslt/libxslt-internal-symbols.patch +++ b/libxslt/libxslt-internal-symbols.patch @@ -1,5 +1,6 @@ ---- misc/libxslt-1.1.26/libxslt/libxslt.syms Thu Sep 24 16:28:46 2009 -+++ misc/build/libxslt-1.1.26/libxslt/libxslt.syms Thu Jul 8 12:22:14 2010 +diff -ur misc/libxslt-1.1.29/libxslt/libxslt.syms misc/build/libxslt-1.1.29/libxslt/libxslt.syms +--- misc/libxslt-1.1.29/libxslt/libxslt.syms 2016-05-23 18:57:36.000000000 -0700 ++++ misc/build/libxslt-1.1.29/libxslt/libxslt.syms 2016-08-11 12:05:20.834928000 -0700 @@ -107,7 +107,7 @@ xsltFreeCompMatchList; xsltFreeTemplateHashes; @@ -9,7 +10,7 @@ xsltTestCompMatchList; # preproc -@@ -406,7 +406,7 @@ +@@ -407,7 +407,7 @@ global: # xsltInternals @@ -18,7 +19,7 @@ xsltExtensionInstructionResultFinalize; xsltExtensionInstructionResultRegister; xsltInitCtxtKey; -@@ -415,24 +415,24 @@ +@@ -416,24 +416,24 @@ xsltInit; # xsltInternals @@ -44,17 +45,15 @@ +#XSLT_REFACTORED xsltStyleStylesheetLevelGetExtData; # xsltInternals -- xsltTransStorageAdd; -- xsltTransStorageRemove; -+#NOT_IMPLEMENTED xsltTransStorageAdd; -+#NOT_IMPLEMENTED xsltTransStorageRemove; + # xsltTransStorageAdd; removed in 1.1.28 + # xsltTransStorageRemove; removed in 1.1.28 xsltUninit; - xsltXSLTAttrMarker; # variable +#XSLT_REFACTORED xsltXSLTAttrMarker; # variable } LIBXML2_1.1.9; LIBXML2_1.1.20 { -@@ -475,5 +475,9 @@ +@@ -476,6 +476,10 @@ # transform xsltProcessOneNode; @@ -64,3 +63,4 @@ + *; } LIBXML2_1.1.25; + LIBXML2_1.1.27 { diff --git a/libxslt/libxslt-win_manifest.patch b/libxslt/libxslt-win_manifest.patch index 5df814c..be3f2d0 100644 --- a/libxslt/libxslt-win_manifest.patch +++ b/libxslt/libxslt-win_manifest.patch @@ -1,6 +1,6 @@ -diff -ur misc/libxslt-1.1.28/win32/configure.js misc/build/libxslt-1.1.28/win32/configure.js ---- misc/libxslt-1.1.28/win32/configure.js 2012-09-04 07:26:23.000000000 -0700 -+++ misc/build/libxslt-1.1.28/win32/configure.js 2016-03-26 12:15:07.661269000 -0700 +diff -ur misc/libxslt-1.1.29/win32/configure.js misc/build/libxslt-1.1.29/win32/configure.js +--- misc/libxslt-1.1.29/win32/configure.js 2012-09-04 07:26:23.000000000 -0700 ++++ misc/build/libxslt-1.1.29/win32/configure.js 2016-08-11 12:06:45.212750000 -0700 @@ -52,7 +52,7 @@ var dirSep = "\\"; var compiler = "msvc"; diff --git a/libxslt/libxsltversion.mk b/libxslt/libxsltversion.mk index 3feab6f..474f1a6 100644 --- a/libxslt/libxsltversion.mk +++ b/libxslt/libxsltversion.mk @@ -25,5 +25,5 @@ LIBXSLT_MAJOR=1 # minor LIBXSLT_MINOR=1 # micro -LIBXSLT_MICRO=28 +LIBXSLT_MICRO=29 diff --git a/libxslt/makefile.mk b/libxslt/makefile.mk index b0c21b6..4b06d2f 100644 --- a/libxslt/makefile.mk +++ b/libxslt/makefile.mk @@ -45,12 +45,11 @@ all: LIBXSLTVERSION=$(LIBXSLT_MAJOR).$(LIBXSLT_MINOR).$(LIBXSLT_MICRO) TARFILE_NAME=$(PRJNAME)-$(LIBXSLTVERSION) -TARFILE_MD5=9667bf6f9310b957254fdcf6596600b7 +TARFILE_MD5=a129d3c44c022de3b9dcf6d6f288d72e # libxslt-internal-symbols: #i112480#: Solaris ld requires symbols to be defined PATCH_FILES=libxslt-configure.patch \ - libxslt-win_manifest.patch \ - libxslt-CVE-2015-7995.patch + libxslt-win_manifest.patch _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits