cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

libxslt: revision bump to address open CVEs

Browse Source 
- Add patches copied from Debian to address open CVEs
- Update mail address of maintainer
- Fix a typo
- Add --disable-silent-rules for verbose build output

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit is contained in:
Sebastian Kemper
2018-01-30 15:28:33 +01:00
parent f84cc525d6
commit 7d2337a17f
18 changed files with 1009 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libs/libxslt/patches/0014-Handle-negative-xsl-number-values.patch
+51
View File
@@ -0,0 +1,51 @@
From 69ec3da1b653024aca6515ddd4adc91919dd188e Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 10 Apr 2016 12:51:57 +0200
Subject: [PATCH] Handle negative xsl:number values
According to XSLT 2.0, negative values are a non-recoverable dynamic error.
Print an error message and treat negative values as zero.
Fixes an OOB array access in xsltNumberFormatAlpha.
---
libxslt/numbers.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index eb087bc..a3cabcf 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -246,7 +246,7 @@ xsltNumberFormatAlpha(xmlBufferPtr buffer,
number--;
*(--pointer) = alpha_list[((int)fmod(number, alpha_size))];
number /= alpha_size;
- if (fabs(number) < 1.0)
+ if (number < 1.0)
break; /* for */
}
xmlBufferCCat(buffer, pointer);
@@ -442,6 +442,21 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
number = numbers[(numbers_max - 1) - i];
/* Round to nearest like XSLT 2.0 */
number = floor(number + 0.5);
+ /*
+ * XSLT 1.0 isn't clear on how to handle negative numbers, but XSLT
+ * 2.0 says:
+ *
+ * It is a non-recoverable dynamic error if any undiscarded item
+ * in the atomized sequence supplied as the value of the value
+ * attribute of xsl:number cannot be converted to an integer, or
+ * if the resulting integer is less than 0 (zero).
+ */
+ if (number < 0.0) {
+ xsltTransformError(NULL, NULL, NULL,
+ "xsl-number : negative value\n");
+ /* Recover by treating negative values as zero. */
+ number = 0.0;
+ }
if (i < tokens->nTokens) {
/*
* The "n"th format token will be used to format the "n"th
--
2.8.1