libxslt: update to 1.1.34

Fixes all known CVEs. Various Makefile cleanups for consistency between packages. Added PIC explicitly (was implicit). Removed two extra features. Removed autoreconf and added PKG_BUILD_PARALLEL for faster compilation. Roughly matched host configure args with target ones. Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years ago · b289809735
--- a/libs/libxslt/Makefile
+++ b/libs/libxslt/Makefile
@ -8,24 +8,22 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=libxslt
 PKG_VERSION:=1.1.33
 PKG_RELEASE:=4
 PKG_VERSION:=1.1.34
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
 	http://xmlsoft.org/sources/ \
 	ftp://fr.rpmfind.net/pub/libxml/
 PKG_HASH:=8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
 PKG_HASH:=98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
 PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:xmlsoft:libxslt
 PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 HOST_BUILD_DEPENDS:=libxml2/host
 include $(INCLUDE_DIR)/package.mk
@ -67,8 +65,7 @@ define Package/xsltproc/description
 XSLT XML transformation utility.
 endef
 CONFIGURE_ARGS+= \
 	--disable-silent-rules \
 CONFIGURE_ARGS += \
 	--enable-shared \
 	--enable-static \
 	--without-python \
@ -76,6 +73,18 @@ CONFIGURE_ARGS+= \
 	--without-debug \
 	--without-mem-debug \
 	--without-debugger \
 	--without-profiler \
 	--without-plugins
 HOST_CONFIGURE_ARGS += \
 	--with-libxml-prefix=$(STAGING_DIR_HOSTPKG) \
 	--without-python \
 	--without-crypto \
 	--without-debug \
 	--without-mem-debug \
 	--without-debugger \
 	--without-profiler \
 	--without-plugins
 define Build/InstallDev/Xslt
 	$(INSTALL_DIR) $(1)/usr/bin $(2)/bin $(1)/usr/include/libxslt \
@ -129,16 +138,6 @@ define Build/InstallDev
 	 $(if $(CONFIG_PACKAGE_libexslt),$(call Build/InstallDev/Exslt,$(1),$(2)))
 endef
 HOST_CONFIGURE_ARGS+= \
 	--disable-silent-rules \
 	--enable-static \
 	--with-libxml-prefix=$(STAGING_DIR_HOSTPKG) \
 	--without-python \
 	--without-crypto \
 	--without-debug \
 	--without-mem-debug \
 	--without-debugger
 define Package/libxslt/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) \
--- a/libs/libxslt/patches/100-fix-cve-2019-11068.patch
+++ b/libs/libxslt/patches/100-fix-cve-2019-11068.patch
@ -1,120 +0,0 @@
 From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Sun, 24 Mar 2019 09:51:39 +0100
 Subject: [PATCH] Fix security framework bypass
 xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
 don't check for this condition and allow access. With a specially
 crafted URL, xsltCheckRead could be tricked into returning an error
 because of a supposedly invalid URL that would still be loaded
 succesfully later on.
 Fixes #12.
 Thanks to Felix Wilhelm for the report.
 ---
 libxslt/documents.c | 18 ++++++++++--------
 libxslt/imports.c   |  9 +++++----
 libxslt/transform.c |  9 +++++----
 libxslt/xslt.c      |  9 +++++----
 4 files changed, 25 insertions(+), 20 deletions(-)
 diff --git a/libxslt/documents.c b/libxslt/documents.c
 index 3f3a7312..4aad11bb 100644
 --- a/libxslt/documents.c
 +++ b/libxslt/documents.c
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
 	int res;
 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
 -	if (res == 0) {
 -	    xsltTransformError(ctxt, NULL, NULL,
 -		 "xsltLoadDocument: read rights for %s denied\n",
 -			     URI);
 +	if (res <= 0) {
 +            if (res == 0)
 +                xsltTransformError(ctxt, NULL, NULL,
 +                     "xsltLoadDocument: read rights for %s denied\n",
 +                                 URI);
 	    return(NULL);
 	}
     }
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
 	int res;
 	res = xsltCheckRead(sec, NULL, URI);
 -	if (res == 0) {
 -	    xsltTransformError(NULL, NULL, NULL,
 -		 "xsltLoadStyleDocument: read rights for %s denied\n",
 -			     URI);
 +	if (res <= 0) {
 +            if (res == 0)
 +                xsltTransformError(NULL, NULL, NULL,
 +                     "xsltLoadStyleDocument: read rights for %s denied\n",
 +                                 URI);
 	    return(NULL);
 	}
     }
 diff --git a/libxslt/imports.c b/libxslt/imports.c
 index 874870cc..3783b247 100644
 --- a/libxslt/imports.c
 +++ b/libxslt/imports.c
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
 	int secres;
 	secres = xsltCheckRead(sec, NULL, URI);
 -	if (secres == 0) {
 -	    xsltTransformError(NULL, NULL, NULL,
 -		 "xsl:import: read rights for %s denied\n",
 -			     URI);
 +	if (secres <= 0) {
 +            if (secres == 0)
 +                xsltTransformError(NULL, NULL, NULL,
 +                     "xsl:import: read rights for %s denied\n",
 +                                 URI);
 	    goto error;
 	}
     }
 diff --git a/libxslt/transform.c b/libxslt/transform.c
 index 13793914..0636dbd0 100644
 --- a/libxslt/transform.c
 +++ b/libxslt/transform.c
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
      */
     if (ctxt->sec != NULL) {
 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
 -	if (ret == 0) {
 -	    xsltTransformError(ctxt, NULL, inst,
 -		 "xsltDocumentElem: write rights for %s denied\n",
 -			     filename);
 +	if (ret <= 0) {
 +            if (ret == 0)
 +                xsltTransformError(ctxt, NULL, inst,
 +                     "xsltDocumentElem: write rights for %s denied\n",
 +                                 filename);
 	    xmlFree(URL);
 	    xmlFree(filename);
 	    return;
 diff --git a/libxslt/xslt.c b/libxslt/xslt.c
 index 780a5ad7..a234eb79 100644
 --- a/libxslt/xslt.c
 +++ b/libxslt/xslt.c
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
 	int res;
 	res = xsltCheckRead(sec, NULL, filename);
 -	if (res == 0) {
 -	    xsltTransformError(NULL, NULL, NULL,
 -		 "xsltParseStylesheetFile: read rights for %s denied\n",
 -			     filename);
 +	if (res <= 0) {
 +            if (res == 0)
 +                xsltTransformError(NULL, NULL, NULL,
 +                     "xsltParseStylesheetFile: read rights for %s denied\n",
 +                                 filename);
 	    return(NULL);
 	}
     }
 -- 
 2.18.1
--- a/libs/libxslt/patches/101-fix-cve-2019-13117.patch
+++ b/libs/libxslt/patches/101-fix-cve-2019-13117.patch
@ -1,29 +0,0 @@
 From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Sat, 27 Apr 2019 11:19:48 +0200
 Subject: [PATCH] Fix uninitialized read of xsl:number token
 Found by OSS-Fuzz.
 ---
 libxslt/numbers.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/libxslt/numbers.c b/libxslt/numbers.c
 index 89e1f668..75c31eba 100644
 --- a/libxslt/numbers.c
 +++ b/libxslt/numbers.c
@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
 		tokens->tokens[tokens->nTokens].token = val - 1;
 		ix += len;
 		val = xmlStringCurrentChar(NULL, format+ix, &len);
 -	    }
 +	    } else {
 +                tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
 +                tokens->tokens[tokens->nTokens].width = 1;
 +            }
 	} else if ( (val == (xmlChar)'A') ||
 		    (val == (xmlChar)'a') ||
 		    (val == (xmlChar)'I') ||
 -- 
 2.21.0
--- a/libs/libxslt/patches/102-fix-cve-2019-13118.patch
+++ b/libs/libxslt/patches/102-fix-cve-2019-13118.patch
@ -1,71 +0,0 @@
 From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Mon, 3 Jun 2019 13:14:45 +0200
 Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
 The character type in xsltFormatNumberConversion was too narrow and
 an invalid character/length combination could be passed to
 xsltNumberFormatDecimal, resulting in an uninitialized read.
 Found by OSS-Fuzz.
 ---
 libxslt/numbers.c         | 5 +++--
 tests/docs/bug-222.xml    | 1 +
 tests/general/bug-222.out | 2 ++
 tests/general/bug-222.xsl | 6 ++++++
 4 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 tests/docs/bug-222.xml
 create mode 100644 tests/general/bug-222.out
 create mode 100644 tests/general/bug-222.xsl
 diff --git a/libxslt/numbers.c b/libxslt/numbers.c
 index f1ed8846..20b99d5a 100644
 --- a/libxslt/numbers.c
 +++ b/libxslt/numbers.c
@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
     number = floor((scale * number + 0.5)) / scale;
     if ((self->grouping != NULL) &&
         (self->grouping[0] != 0)) {
 +        int gchar;
 	len = xmlStrlen(self->grouping);
 -	pchar = xsltGetUTF8Char(self->grouping, &len);
 +	gchar = xsltGetUTF8Char(self->grouping, &len);
 	xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
 				format_info.integer_digits,
 				format_info.group,
 -				pchar, len);
 +				gchar, len);
     } else
 	xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
 				format_info.integer_digits,
 diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
 new file mode 100644
 index 00000000..69d62f2c
 --- /dev/null
 +++ b/tests/docs/bug-222.xml
@@ -0,0 +1 @@
 +<doc/>
 diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
 new file mode 100644
 index 00000000..e3139698
 --- /dev/null
 +++ b/tests/general/bug-222.out
@@ -0,0 +1,2 @@
 +<?xml version="1.0"?>
 +1⠢0
 diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
 new file mode 100644
 index 00000000..e32dc473
 --- /dev/null
 +++ b/tests/general/bug-222.xsl
@@ -0,0 +1,6 @@
 +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
 +  <xsl:decimal-format name="f" grouping-separator="⠢"/>
 +  <xsl:template match="/">
 +    <xsl:value-of select="format-number(10,'#⠢0','f')"/>
 +  </xsl:template>
 +</xsl:stylesheet>
 -- 
 2.21.0