diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2017-09-10 09:26:16 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2017-09-10 12:24:53 +0300 |
| commit | 9526fbef4d8db67fe96f98d687b0370dd1e0c0b7 (patch) | |
| tree | f8df211a4306086793e36b876aa989fa606c5da7 | |
| parent | 0f763641b8387cfa17a85be7f5e6304e3e1872f4 (diff) | |
| download | guix-9526fbef4d8db67fe96f98d687b0370dd1e0c0b7.tar guix-9526fbef4d8db67fe96f98d687b0370dd1e0c0b7.tar.gz | |
gnu: libxslt: Update to 1.1.30.
* gnu/packages/xml.scm (libxslt): Update to 1.1.30.
[sources]: Remove one patch.
* gnu/packages/patches/libxslt-CVE-2016-47738.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/patches/libxslt-CVE-2016-4738.patch | 39 | ||||
| -rw-r--r-- | gnu/packages/xml.scm | 5 |
3 files changed, 2 insertions, 43 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 2376f972c6..34ceccb78e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -801,7 +801,6 @@ dist_patch_DATA = \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ - %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ %D%/packages/patches/libzip-CVE-2017-12858.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch deleted file mode 100644 index a7537c66ca..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-4738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738 -https://bugs.chromium.org/p/chromium/issues/detail?id=619006 - -Patch copied from upstream source repository: -https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 - -From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Fri, 10 Jun 2016 14:23:58 +0200 -Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion - -An empty decimal-separator could cause a heap overread. This can be -exploited to leak a couple of bytes after the buffer that holds the -pattern string. - -Found with afl-fuzz and ASan. ---- - libxslt/numbers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index d1549b4..e78c46b 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, - } - - /* We have finished the integer part, now work on fraction */ -- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { -+ if ( (*the_format != 0) && -+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { - format_info.add_decimal = TRUE; - the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ - } --- -2.10.2 - diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 994afbca1f..f1b515703b 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -168,15 +168,14 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.29") + (version "1.1.30") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 - "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + "1cxn21wi0wms3afhnlxwjm8iiykrk29bvckq6gc2d0yy2rhj6rds")) (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") |