FreeBSD Bugzilla – Attachment 208586 Details for
Bug 241420
textproc/libxslt: Fix CVE-2019-18197
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2019-18197 patch
libxslt.patch (text/plain), 2.79 KB, created by
Nathan
on 2019-10-24 20:37:58 UTC
(
hide
)
Description:
CVE-2019-18197 patch
Filename:
MIME Type:
Creator:
Nathan
Created:
2019-10-24 20:37:58 UTC
Size:
2.79 KB
patch
obsolete
>From 2b75dd54058db070594a8cf847234a7f794eea2d Mon Sep 17 00:00:00 2001 >From: Nathan Owens <ndowens04@gmail.com> >Date: Thu, 24 Oct 2019 15:35:53 +0000 >Subject: [PATCH] textproc/libxslt: > >* Include patch from #239131 >* Add patch from libxslt GIT page ; commit #22324737 > - Fixes: CVE-2019-18197 >--- > textproc/libxslt/Makefile | 5 +- > .../libxslt/files/patch-libxslt_transform.c | 46 ++++++++++++------- > 2 files changed, 32 insertions(+), 19 deletions(-) > >diff --git a/textproc/libxslt/Makefile b/textproc/libxslt/Makefile >index 15bfb9e5338e..9548d994465f 100644 >--- a/textproc/libxslt/Makefile >+++ b/textproc/libxslt/Makefile >@@ -3,9 +3,10 @@ > > PORTNAME= libxslt > PORTVERSION= 1.1.33 >+PORTREVISION= 1 > CATEGORIES?= textproc gnome >-MASTER_SITES= http://xmlsoft.org/sources/ \ >- https://mirror.umd.edu/xbmc/build-deps/sources/ >+MASTER_SITES= https://ftp.osuosl.org/pub/blfs/conglomeration/libxslt/ \ >+ ftp://xmlsoft.org/libxslt/ > DIST_SUBDIR= gnome2 > > MAINTAINER?= gnome@FreeBSD.org >diff --git a/textproc/libxslt/files/patch-libxslt_transform.c b/textproc/libxslt/files/patch-libxslt_transform.c >index 744e8dd9b127..8d72dfffc46d 100644 >--- a/textproc/libxslt/files/patch-libxslt_transform.c >+++ b/textproc/libxslt/files/patch-libxslt_transform.c >@@ -1,18 +1,30 @@ >---- libxslt/transform.c.orig 2017-10-30 07:49:55 UTC >+From ee31512213544a869418a06a819e9cb9a7346f65 Mon Sep 17 00:00:00 2001 >+From: Nick Wellnhofer <wellnhofer@aevum.de> >+Date: Sat, 17 Aug 2019 16:51:53 +0200 >+Subject: [PATCH] Fix dangling pointer in xsltCopyText >+ >+xsltCopyText didn't reset ctxt->lasttext in some cases which could >+lead to various memory errors in relation with CDATA sections in input >+documents. >+ >+Found by OSS-Fuzz. >+--- >+ libxslt/transform.c | 2 ++ >+ 1 file changed, 2 insertions(+) >+ >+diff --git a/libxslt/transform.c b/libxslt/transform.c >+index ed5afacb..477265c2 100644 >+--- libxslt/transform.c > +++ libxslt/transform.c >-@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNode >- */ >- if (ctxt->sec != NULL) { >- ret = xsltCheckWrite(ctxt->sec, ctxt, filename); >-- if (ret == 0) { >-- xsltTransformError(ctxt, NULL, inst, >-- "xsltDocumentElem: write rights for %s denied\n", >-- filename); >-+ if (ret <= 0) { >-+ if (ret == 0) >-+ xsltTransformError(ctxt, NULL, inst, >-+ "xsltDocumentElem: write rights for %s denied\n", >-+ filename); >- xmlFree(URL); >- xmlFree(filename); >- return; >+@@ -1090,6 +1090,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, >+ if ((copy->content = xmlStrdup(cur->content)) == NULL) >+ return NULL; >+ } >++ >++ ctxt->lasttext = NULL; >+ } else { >+ /* >+ * normal processing. keep counters to extend the text node >+-- >+2.23.0 >+ >-- >2.23.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
ndowens04
:
maintainer-approval?
(
gnome
)
Actions:
View
|
Diff
Attachments on
bug 241420
:
208512
|
208515
|
208538
| 208586