diff options
Diffstat (limited to 'meta/recipes-support/libxslt')
5 files changed, 58 insertions, 284 deletions
diff --git a/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch b/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch deleted file mode 100644 index 89b647ddbf..0000000000 --- a/meta/recipes-support/libxslt/files/0001-Fix-security-framework-bypass.patch +++ /dev/null @@ -1,124 +0,0 @@ -From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sun, 24 Mar 2019 09:51:39 +0100 -Subject: Fix security framework bypass - -xsltCheckRead and xsltCheckWrite return -1 in case of error but callers -don't check for this condition and allow access. With a specially -crafted URL, xsltCheckRead could be tricked into returning an error -because of a supposedly invalid URL that would still be loaded -succesfully later on. - -Fixes #12. - -Thanks to Felix Wilhelm for the report. - -Signed-off-by: Adrian Bunk <bunk@stusta.de> -Upstream-Status: Backport -CVE: CVE-2019-11068 ---- - libxslt/documents.c | 18 ++++++++++-------- - libxslt/imports.c | 9 +++++---- - libxslt/transform.c | 9 +++++---- - libxslt/xslt.c | 9 +++++---- - 4 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/libxslt/documents.c b/libxslt/documents.c -index 3f3a7312..4aad11bb 100644 ---- a/libxslt/documents.c -+++ b/libxslt/documents.c -@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) { - int res; - - res = xsltCheckRead(ctxt->sec, ctxt, URI); -- if (res == 0) { -- xsltTransformError(ctxt, NULL, NULL, -- "xsltLoadDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(ctxt, NULL, NULL, -+ "xsltLoadDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) { - int res; - - res = xsltCheckRead(sec, NULL, URI); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltLoadStyleDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltLoadStyleDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -diff --git a/libxslt/imports.c b/libxslt/imports.c -index 874870cc..3783b247 100644 ---- a/libxslt/imports.c -+++ b/libxslt/imports.c -@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) { - int secres; - - secres = xsltCheckRead(sec, NULL, URI); -- if (secres == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsl:import: read rights for %s denied\n", -- URI); -+ if (secres <= 0) { -+ if (secres == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsl:import: read rights for %s denied\n", -+ URI); - goto error; - } - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 13793914..0636dbd0 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node, - */ - if (ctxt->sec != NULL) { - ret = xsltCheckWrite(ctxt->sec, ctxt, filename); -- if (ret == 0) { -- xsltTransformError(ctxt, NULL, inst, -- "xsltDocumentElem: write rights for %s denied\n", -- filename); -+ if (ret <= 0) { -+ if (ret == 0) -+ xsltTransformError(ctxt, NULL, inst, -+ "xsltDocumentElem: write rights for %s denied\n", -+ filename); - xmlFree(URL); - xmlFree(filename); - return; -diff --git a/libxslt/xslt.c b/libxslt/xslt.c -index 780a5ad7..a234eb79 100644 ---- a/libxslt/xslt.c -+++ b/libxslt/xslt.c -@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) { - int res; - - res = xsltCheckRead(sec, NULL, filename); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltParseStylesheetFile: read rights for %s denied\n", -- filename); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltParseStylesheetFile: read rights for %s denied\n", -+ filename); - return(NULL); - } - } --- -2.20.1 - diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch deleted file mode 100644 index ef3f2709f7..0000000000 --- a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sat, 27 Apr 2019 11:19:48 +0200 -Subject: [PATCH] Fix uninitialized read of xsl:number token - -Found by OSS-Fuzz. - -CVE: CVE-2019-13117 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - libxslt/numbers.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index 89e1f668..75c31eba 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, - tokens->tokens[tokens->nTokens].token = val - 1; - ix += len; - val = xmlStringCurrentChar(NULL, format+ix, &len); -- } -+ } else { -+ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; -+ tokens->tokens[tokens->nTokens].width = 1; -+ } - } else if ( (val == (xmlChar)'A') || - (val == (xmlChar)'a') || - (val == (xmlChar)'I') || --- -2.21.0 - diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/meta/recipes-support/libxslt/files/CVE-2019-13118.patch deleted file mode 100644 index 595e6c2f33..0000000000 --- a/meta/recipes-support/libxslt/files/CVE-2019-13118.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Mon, 3 Jun 2019 13:14:45 +0200 -Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars - -The character type in xsltFormatNumberConversion was too narrow and -an invalid character/length combination could be passed to -xsltNumberFormatDecimal, resulting in an uninitialized read. - -Found by OSS-Fuzz. - -CVE: CVE-2019-13118 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b] -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> - ---- - libxslt/numbers.c | 5 +++-- - tests/docs/bug-222.xml | 1 + - tests/general/bug-222.out | 2 ++ - tests/general/bug-222.xsl | 6 ++++++ - 4 files changed, 12 insertions(+), 2 deletions(-) - create mode 100644 tests/docs/bug-222.xml - create mode 100644 tests/general/bug-222.out - create mode 100644 tests/general/bug-222.xsl - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index f1ed8846..20b99d5a 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: - number = floor((scale * number + 0.5)) / scale; - if ((self->grouping != NULL) && - (self->grouping[0] != 0)) { -+ int gchar; - - len = xmlStrlen(self->grouping); -- pchar = xsltGetUTF8Char(self->grouping, &len); -+ gchar = xsltGetUTF8Char(self->grouping, &len); - xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], - format_info.integer_digits, - format_info.group, -- pchar, len); -+ gchar, len); - } else - xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], - format_info.integer_digits, -diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml -new file mode 100644 -index 00000000..69d62f2c ---- /dev/null -+++ b/tests/docs/bug-222.xml -@@ -0,0 +1 @@ -+<doc/> -diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out -new file mode 100644 -index 00000000..e3139698 ---- /dev/null -+++ b/tests/general/bug-222.out -@@ -0,0 +1,2 @@ -+<?xml version="1.0"?> -+1⠢0 -diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl -new file mode 100644 -index 00000000..e32dc473 ---- /dev/null -+++ b/tests/general/bug-222.xsl -@@ -0,0 +1,6 @@ -+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> -+ <xsl:decimal-format name="f" grouping-separator="⠢"/> -+ <xsl:template match="/"> -+ <xsl:value-of select="format-number(10,'#⠢0','f')"/> -+ </xsl:template> -+</xsl:stylesheet> --- -2.21.0 - diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb deleted file mode 100644 index 92d3099fd8..0000000000 --- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ /dev/null @@ -1,51 +0,0 @@ -SUMMARY = "GNOME XSLT library" -HOMEPAGE = "http://xmlsoft.org/XSLT/" -BUGTRACKER = "https://bugzilla.gnome.org/" - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458" - -SECTION = "libs" -DEPENDS = "libxml2" - -SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ - file://0001-Fix-security-framework-bypass.patch \ - file://CVE-2019-13117.patch \ - file://CVE-2019-13118.patch \ -" - -SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" -SRC_URI[sha256sum] = "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8" - -UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" - -S = "${WORKDIR}/libxslt-${PV}" - -BINCONFIG = "${bindir}/xslt-config" - -inherit autotools pkgconfig binconfig-disabled lib_package - -# We don't DEPEND on binutils for ansidecl.h so ensure we don't use the header -do_configure_prepend () { - sed -i -e 's/ansidecl.h//' ${S}/configure.ac - - # The timestamps in the 1.1.28 tarball are messed up causing this file to - # appear out of date. Touch it so that we don't try to regenerate it. - touch ${S}/doc/xsltproc.1 -} - -EXTRA_OECONF = "--without-python --without-debug --without-mem-debug --without-crypto --with-html-subdir=${BPN}" -# older versions of this recipe had ${PN}-utils -RPROVIDES_${PN}-bin += "${PN}-utils" -RCONFLICTS_${PN}-bin += "${PN}-utils" -RREPLACES_${PN}-bin += "${PN}-utils" - -# This is only needed until libxml can load the relocated catalog itself -do_install_append_class-native () { - create_wrapper ${D}/${bindir}/xsltproc XML_CATALOG_FILES=${sysconfdir}/xml/catalog -} - -FILES_${PN} += "${libdir}/libxslt-plugins" -FILES_${PN}-dev += "${libdir}/xsltConf.sh" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/libxslt/libxslt_1.1.39.bb b/meta/recipes-support/libxslt/libxslt_1.1.39.bb new file mode 100644 index 0000000000..2cc0c84bec --- /dev/null +++ b/meta/recipes-support/libxslt/libxslt_1.1.39.bb @@ -0,0 +1,58 @@ +SUMMARY = "GNOME XSLT library" +DESCRIPTION = "libxslt is the XSLT C parser and toolkit developed for the Gnome project. \ +XSLT itself is a an XML language to define transformation for XML. Libxslt is based on \ +libxml2 the XML C library developed for the GNOME project. It also implements most of \ +the EXSLT set of processor-portable extensions functions and some of Saxon's evaluate \ +and expressions extensions." +HOMEPAGE = "http://xmlsoft.org/XSLT/" +BUGTRACKER = "https://bugzilla.gnome.org/" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458" + +SECTION = "libs" +DEPENDS = "libxml2" + +SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz" + +SRC_URI[sha256sum] = "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0" + +UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" + +CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled." + +S = "${WORKDIR}/libxslt-${PV}" + +BINCONFIG = "${bindir}/xslt-config" + +inherit autotools pkgconfig binconfig-disabled lib_package multilib_header + +do_configure:prepend () { + # We don't DEPEND on binutils for ansidecl.h so ensure we don't use the header. + # This can be removed when upgrading to 1.1.34. + sed -i -e 's/ansidecl.h//' ${S}/configure.ac + + # The timestamps in the 1.1.28 tarball are messed up causing this file to + # appear out of date. Touch it so that we don't try to regenerate it. + touch ${S}/doc/xsltproc.1 +} + +EXTRA_OECONF = "--without-python --without-debug --without-mem-debug --without-crypto" +# older versions of this recipe had ${PN}-utils +RPROVIDES:${PN}-bin += "${PN}-utils" +RCONFLICTS:${PN}-bin += "${PN}-utils" +RREPLACES:${PN}-bin += "${PN}-utils" + +# This is only needed until libxml can load the relocated catalog itself +do_install:append:class-native () { + create_wrapper ${D}/${bindir}/xsltproc XML_CATALOG_FILES=${sysconfdir}/xml/catalog +} + +do_install:append () { + oe_multilib_header libxslt/xsltconfig.h +} + +FILES:${PN} += "${libdir}/libxslt-plugins" +FILES:${PN}-dev += "${libdir}/xsltConf.sh" + +BBCLASSEXTEND = "native nativesdk" |