ports/opt (3.2): [notify]: libxslt: CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 We need to check that the parent node is an element before dereferencing its namespace
commit 100aad8dbc167d0ff4321a35750f092efe9a15e5 Author: Danny Rawlins <monster.romster@gmail.com> Date: Tue Mar 8 19:26:49 2016 +1100 [notify]: libxslt: CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 We need to check that the parent node is an element before dereferencing its namespace diff --git a/libxslt/.md5sum b/libxslt/.md5sum index 12db275..16ce056 100644 --- a/libxslt/.md5sum +++ b/libxslt/.md5sum @@ -1 +1,2 @@ +b97b695cbe4171f8cb10df41f652aba5 CVE-2015-7995.patch 9667bf6f9310b957254fdcf6596600b7 libxslt-1.1.28.tar.gz diff --git a/libxslt/CVE-2015-7995.patch b/libxslt/CVE-2015-7995.patch new file mode 100644 index 0000000..fbcd7ea --- /dev/null +++ b/libxslt/CVE-2015-7995.patch @@ -0,0 +1,29 @@ +From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 29 Oct 2015 19:33:23 +0800 +Subject: Fix for type confusion in preprocessing attributes + +CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 +We need to check that the parent node is an element before dereferencing +its namespace +--- + libxslt/preproc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libxslt/preproc.c b/libxslt/preproc.c +index 0eb80a0..7f69325 100644 +--- a/libxslt/preproc.c ++++ b/libxslt/preproc.c +@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { + } else if (IS_XSLT_NAME(inst, "attribute")) { + xmlNodePtr parent = inst->parent; + +- if ((parent == NULL) || (parent->ns == NULL) || ++ if ((parent == NULL) || ++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || + ((parent->ns != inst->ns) && + (!xmlStrEqual(parent->ns->href, inst->ns->href))) || + (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { +-- +cgit v0.11.2 + diff --git a/libxslt/Pkgfile b/libxslt/Pkgfile index fca810a..6543779 100644 --- a/libxslt/Pkgfile +++ b/libxslt/Pkgfile @@ -6,12 +6,15 @@ name=libxslt version=1.1.28 -release=2 -source=(ftp://xmlsoft.org/libxml2/$name-$version.tar.gz) +release=3 +source=(ftp://xmlsoft.org/libxml2/$name-$version.tar.gz + CVE-2015-7995.patch) build() { cd $name-$version + patch -p1 -i $SRC/CVE-2015-7995.patch + ./configure \ --prefix=/usr \ --without-python \ @@ -21,11 +24,4 @@ build() { make DESTDIR=$PKG install rm -r $PKG/usr/share/doc - - # move manpages - if [ -e $PKG/usr/share/man/man4/libxslt.4 ]; then - (cd $PKG/usr/share/man - install -d man3 - mv man4/libxslt.4 man3/libxslt.3) - fi }
participants (1)
-
crux@crux.nu