[arch-commits] Commit in libxslt/trunk (CVE-2011-1202.patch PKGBUILD)
Jan de Groot
jgc at archlinux.org
Thu Jun 4 08:16:54 UTC 2015
Date: Thursday, June 4, 2015 @ 10:16:53
Author: jgc
Revision: 240325
Delete old patch
Modified:
libxslt/trunk/PKGBUILD
Deleted:
libxslt/trunk/CVE-2011-1202.patch
---------------------+
CVE-2011-1202.patch | 56 --------------------------------------------------
PKGBUILD | 2 -
2 files changed, 1 insertion(+), 57 deletions(-)
Deleted: CVE-2011-1202.patch
===================================================================
--- CVE-2011-1202.patch 2015-06-04 07:25:34 UTC (rev 240324)
+++ CVE-2011-1202.patch 2015-06-04 08:16:53 UTC (rev 240325)
@@ -1,56 +0,0 @@
-From ecb6bcb8d1b7e44842edde3929f412d46b40c89f Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Tue, 22 Feb 2011 02:14:23 +0000
-Subject: Fix generate-id() to not expose object addresses
-
-As pointed out by Chris Evans <scarybeasts at gmail.com> it's better
-security wise to not expose object addresses directly, use a diff
-w.r.t. the document root own address to avoid this
-* libxslt/functions.c: fix IDs generation code
----
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index 4720c7a..de962f4 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -654,8 +654,9 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
- void
- xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
- xmlNodePtr cur = NULL;
-- unsigned long val;
-- xmlChar str[20];
-+ long val;
-+ xmlChar str[30];
-+ xmlDocPtr doc;
-
- if (nargs == 0) {
- cur = ctxt->context->node;
-@@ -694,9 +695,24 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
- * Okay this is ugly but should work, use the NodePtr address
- * to forge the ID
- */
-- val = (unsigned long)((char *)cur - (char *)0);
-- val /= sizeof(xmlNode);
-- sprintf((char *)str, "id%ld", val);
-+ if (cur->type != XML_NAMESPACE_DECL)
-+ doc = cur->doc;
-+ else {
-+ xmlNsPtr ns = (xmlNsPtr) cur;
-+
-+ if (ns->context != NULL)
-+ doc = ns->context;
-+ else
-+ doc = ctxt->context->doc;
-+
-+ }
-+
-+ val = (long)((char *)cur - (char *)doc);
-+ if (val >= 0) {
-+ sprintf((char *)str, "idp%ld", val);
-+ } else {
-+ sprintf((char *)str, "idm%ld", -val);
-+ }
- valuePush(ctxt, xmlXPathNewString(str));
- }
-
---
-cgit v0.9.0.2
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-06-04 07:25:34 UTC (rev 240324)
+++ PKGBUILD 2015-06-04 08:16:53 UTC (rev 240325)
@@ -12,7 +12,7 @@
depends=('libxml2' 'libgcrypt')
makedepends=('python2')
checkdepends=('docbook-xml')
-source=(ftp://xmlsoft.org/libxslt/${pkgname}-${pkgver}.tar.gz)
+source=(http://xmlsoft.org/libxslt/${pkgname}-${pkgver}.tar.gz)
md5sums=('9667bf6f9310b957254fdcf6596600b7')
build() {
More information about the arch-commits
mailing list