[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: libxslt: Update to 1.1.30.
From: |
Efraim Flashner |
Subject: |
02/02: gnu: libxslt: Update to 1.1.30. |
Date: |
Sun, 10 Sep 2017 05:25:57 -0400 (EDT) |
efraim pushed a commit to branch core-updates
in repository guix.
commit 9526fbef4d8db67fe96f98d687b0370dd1e0c0b7
Author: Efraim Flashner <address@hidden>
Date: Sun Sep 10 09:26:16 2017 +0300
gnu: libxslt: Update to 1.1.30.
* gnu/packages/xml.scm (libxslt): Update to 1.1.30.
[sources]: Remove one patch.
* gnu/packages/patches/libxslt-CVE-2016-47738.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/patches/libxslt-CVE-2016-4738.patch | 39 ------------------------
gnu/packages/xml.scm | 5 ++-
3 files changed, 2 insertions(+), 43 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 2376f97..34ceccb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -801,7 +801,6 @@ dist_patch_DATA =
\
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
%D%/packages/patches/libxcb-python-3.5-compat.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
- %D%/packages/patches/libxslt-CVE-2016-4738.patch \
%D%/packages/patches/libxt-guix-search-paths.patch \
%D%/packages/patches/libzip-CVE-2017-12858.patch \
%D%/packages/patches/lierolibre-check-unaligned-access.patch \
diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch
b/gnu/packages/patches/libxslt-CVE-2016-4738.patch
deleted file mode 100644
index a7537c6..0000000
--- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-4738:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738
-https://bugs.chromium.org/p/chromium/issues/detail?id=619006
-
-Patch copied from upstream source repository:
-https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
-
-From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <address@hidden>
-Date: Fri, 10 Jun 2016 14:23:58 +0200
-Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
-
-An empty decimal-separator could cause a heap overread. This can be
-exploited to leak a couple of bytes after the buffer that holds the
-pattern string.
-
-Found with afl-fuzz and ASan.
----
- libxslt/numbers.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/numbers.c b/libxslt/numbers.c
-index d1549b4..e78c46b 100644
---- a/libxslt/numbers.c
-+++ b/libxslt/numbers.c
-@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
- }
-
- /* We have finished the integer part, now work on fraction */
-- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
-+ if ( (*the_format != 0) &&
-+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
- format_info.add_decimal = TRUE;
- the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
- }
---
-2.10.2
-
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 994afbc..f1b5157 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -168,15 +168,14 @@ project (but it is usable outside of the Gnome
platform).")
(define-public libxslt
(package
(name "libxslt")
- (version "1.1.29")
+ (version "1.1.30")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
- (patches (search-patches "libxslt-CVE-2016-4738.patch"))
(sha256
(base32
- "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
+ "1cxn21wi0wms3afhnlxwjm8iiykrk29bvckq6gc2d0yy2rhj6rds"))
(patches (search-patches "libxslt-generated-ids.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")