aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/patches/libxslt-CVE-2015-7995.patch29
-rw-r--r--gnu/packages/patches/libxslt-remove-date-timestamps.patch66
-rw-r--r--gnu/packages/xml.scm8
3 files changed, 3 insertions, 100 deletions
diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
deleted file mode 100644
index f291d5b387..0000000000
--- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 29 Oct 2015 19:33:23 +0800
-Subject: [PATCH] Fix for type confusion in preprocessing attributes
-
-CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
-We need to check that the parent node is an element before dereferencing
-its namespace
----
- libxslt/preproc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/preproc.c b/libxslt/preproc.c
-index 0eb80a0..7f69325 100644
---- a/libxslt/preproc.c
-+++ b/libxslt/preproc.c
-@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
- } else if (IS_XSLT_NAME(inst, "attribute")) {
- xmlNodePtr parent = inst->parent;
-
-- if ((parent == NULL) || (parent->ns == NULL) ||
-+ if ((parent == NULL) ||
-+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
- ((parent->ns != inst->ns) &&
- (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
- (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
---
-2.6.3
-
diff --git a/gnu/packages/patches/libxslt-remove-date-timestamps.patch b/gnu/packages/patches/libxslt-remove-date-timestamps.patch
deleted file mode 100644
index 51470d0847..0000000000
--- a/gnu/packages/patches/libxslt-remove-date-timestamps.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Use deterministic SOURCE_DATE_EPOCH for embedded timestamps in generated documentation.
-
-Written by Eduard Sanou.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=758148
-
---- libxslt-1.1.28.orig/libexslt/date.c
-+++ libxslt-1.1.28/libexslt/date.c
-@@ -46,6 +46,7 @@
- #include "exslt.h"
-
- #include <string.h>
-+#include <errno.h>
-
- #ifdef HAVE_MATH_H
- #include <math.h>
-@@ -747,21 +748,46 @@ static exsltDateValPtr
- exsltDateCurrent (void)
- {
- struct tm localTm, gmTm;
-+ struct tm *tb = NULL;
- time_t secs;
- int local_s, gm_s;
- exsltDateValPtr ret;
-+ char *source_date_epoch;
-
- ret = exsltDateCreateDate(XS_DATETIME);
- if (ret == NULL)
- return NULL;
-
-- /* get current time */
- secs = time(NULL);
-+ /*
-+ * Allow the date and time to be set externally by an exported
-+ * environment variable to enable reproducible builds.
-+ */
-+ source_date_epoch = getenv("SOURCE_DATE_EPOCH");
-+ if (source_date_epoch) {
-+ errno = 0;
-+ secs = (time_t) strtol (source_date_epoch, NULL, 10);
-+ if (errno == 0) {
-+ tb = gmtime(&secs);
-+ if (tb == NULL) {
-+ /* SOURCE_DATE_EPOCH is not a valid date */
-+ return NULL;
-+ } else {
-+ localTm = *tb;
-+ }
-+ } else {
-+ /* SOURCE_DATE_EPOCH is not a valid number */
-+ return NULL;
-+ }
-+ } else {
-+ /* get current time */
- #if HAVE_LOCALTIME_R
-- localtime_r(&secs, &localTm);
-+ localtime_r(&secs, &localTm);
- #else
-- localTm = *localtime(&secs);
-+ localTm = *localtime(&secs);
- #endif
-+ }
-+
-
- /* get real year, not years since 1900 */
- ret->value.date.year = localTm.tm_year + 1900;
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e0d795b62f..e2d031dbd3 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -130,17 +130,15 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
- (version "1.1.28")
+ (version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
- "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
- (patches (search-patches "libxslt-generated-ids.patch"
- "libxslt-remove-date-timestamps.patch"
- "libxslt-CVE-2015-7995.patch"))))
+ "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
+ (patches (search-patches "libxslt-generated-ids.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")
(synopsis "C library for applying XSLT stylesheets to XML documents")