Attachment 208586 Details for Bug 241420 – CVE-2019-18197 patch

[patch] CVE-2019-18197 patch

libxslt.patch (text/plain), 2.79 KB, created by Nathan on 2019-10-24 20:37:58 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nathan

Created: 2019-10-24 20:37:58 UTC

Size: 2.79 KB

patch

obsolete

>From 2b75dd54058db070594a8cf847234a7f794eea2d Mon Sep 17 00:00:00 2001
>From: Nathan Owens <ndowens04@gmail.com>
>Date: Thu, 24 Oct 2019 15:35:53 +0000
>Subject: [PATCH] textproc/libxslt:
>
>* Include patch from #239131
>* Add patch from libxslt GIT page ; commit #22324737
>  - Fixes: CVE-2019-18197
>---
> textproc/libxslt/Makefile                     |  5 +-
> .../libxslt/files/patch-libxslt_transform.c   | 46 ++++++++++++-------
> 2 files changed, 32 insertions(+), 19 deletions(-)
>
>diff --git a/textproc/libxslt/Makefile b/textproc/libxslt/Makefile
>index 15bfb9e5338e..9548d994465f 100644
>--- a/textproc/libxslt/Makefile
>+++ b/textproc/libxslt/Makefile
>@@ -3,9 +3,10 @@
> 
> PORTNAME=	libxslt
> PORTVERSION=	1.1.33
>+PORTREVISION=	1
> CATEGORIES?=	textproc gnome
>-MASTER_SITES=	http://xmlsoft.org/sources/ \
>-		https://mirror.umd.edu/xbmc/build-deps/sources/
>+MASTER_SITES=	https://ftp.osuosl.org/pub/blfs/conglomeration/libxslt/ \
>+		   ftp://xmlsoft.org/libxslt/
> DIST_SUBDIR=	gnome2
> 
> MAINTAINER?=	gnome@FreeBSD.org
>diff --git a/textproc/libxslt/files/patch-libxslt_transform.c b/textproc/libxslt/files/patch-libxslt_transform.c
>index 744e8dd9b127..8d72dfffc46d 100644
>--- a/textproc/libxslt/files/patch-libxslt_transform.c
>+++ b/textproc/libxslt/files/patch-libxslt_transform.c
>@@ -1,18 +1,30 @@
>---- libxslt/transform.c.orig	2017-10-30 07:49:55 UTC
>+From ee31512213544a869418a06a819e9cb9a7346f65 Mon Sep 17 00:00:00 2001
>+From: Nick Wellnhofer <wellnhofer@aevum.de>
>+Date: Sat, 17 Aug 2019 16:51:53 +0200
>+Subject: [PATCH] Fix dangling pointer in xsltCopyText
>+
>+xsltCopyText didn't reset ctxt->lasttext in some cases which could
>+lead to various memory errors in relation with CDATA sections in input
>+documents.
>+
>+Found by OSS-Fuzz.
>+---
>+ libxslt/transform.c | 2 ++
>+ 1 file changed, 2 insertions(+)
>+
>+diff --git a/libxslt/transform.c b/libxslt/transform.c
>+index ed5afacb..477265c2 100644
>+--- libxslt/transform.c
> +++ libxslt/transform.c
>-@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNode
>-      */
>-     if (ctxt->sec != NULL) {
>- 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
>--	if (ret == 0) {
>--	    xsltTransformError(ctxt, NULL, inst,
>--		 "xsltDocumentElem: write rights for %s denied\n",
>--			     filename);
>-+	if (ret <= 0) {
>-+            if (ret == 0)
>-+                xsltTransformError(ctxt, NULL, inst,
>-+                     "xsltDocumentElem: write rights for %s denied\n",
>-+                                 filename);
>- 	    xmlFree(URL);
>- 	    xmlFree(filename);
>- 	    return;
>+@@ -1090,6 +1090,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
>+ 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
>+ 		return NULL;
>+ 	}
>++
>++	ctxt->lasttext = NULL;
>+     } else {
>+         /*
>+ 	 * normal processing. keep counters to extend the text node
>+-- 
>+2.23.0
>+
>-- 
>2.23.0
>

Flags:

ndowens04: maintainer-approval? (gnome)

Actions: View | Diff

Attachments on bug 241420: 208512 | 208515 | 208538 | 208586