Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.8.git;a=commitdiff;h=6ef5f3207cd36ecfe39690e1ab75cdb6067476ba
commit 6ef5f3207cd36ecfe39690e1ab75cdb6067476ba Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Tue Aug 26 18:14:46 2008 +0200 libxslt-1.1.22-2kalgan2-i686 - added CVE-2008-2935.patch - closes #3285 diff --git a/source/lib/libxslt/CVE-2008-2935.patch b/source/lib/libxslt/CVE-2008-2935.patch new file mode 100644 index 0000000..c9ab232 --- /dev/null +++ b/source/lib/libxslt/CVE-2008-2935.patch @@ -0,0 +1,152 @@ +Index: libexslt/crypto.c +=================================================================== +--- libexslt/crypto.c (revision 1479) ++++ libexslt/crypto.c (working copy) +@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + int str_len = 0, bin_len = 0, hex_len = 0; + xmlChar *key = NULL, *str = NULL, *padkey = NULL; + xmlChar *bin = NULL, *hex = NULL; ++ xsltTransformContextPtr tctxt = NULL; + +- if ((nargs < 1) || (nargs > 3)) { ++ if (nargs != 2) { + xmlXPathSetArityError (ctxt); + return; + } ++ tctxt = xsltXPathGetTransformContext(ctxt); + + str = xmlXPathPopString (ctxt); + str_len = xmlUTF8Strlen (str); +@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + } + + key = xmlXPathPopString (ctxt); +- key_len = xmlUTF8Strlen (str); ++ key_len = xmlUTF8Strlen (key); + + if (key_len == 0) { + xmlXPathReturnEmptyString (ctxt); +@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + return; + } + +- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); ++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); ++ if (padkey == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } ++ memset(padkey, 0, RC4_KEY_LENGTH + 1); ++ + key_size = xmlUTF8Strsize (key, key_len); ++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + memcpy (padkey, key, key_size); +- memset (padkey + key_size, '\0', sizeof (padkey)); + + /* encrypt it */ + bin_len = str_len; + bin = xmlStrdup (str); + if (bin == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); ++ tctxt->state = XSLT_STATE_STOPPED; + xmlXPathReturnEmptyString (ctxt); + goto done; + } +@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP + hex_len = str_len * 2 + 1; + hex = xmlMallocAtomic (hex_len); + if (hex == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); ++ tctxt->state = XSLT_STATE_STOPPED; + xmlXPathReturnEmptyString (ctxt); + goto done; + } +@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + int str_len = 0, bin_len = 0, ret_len = 0; + xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin = + NULL, *ret = NULL; ++ xsltTransformContextPtr tctxt = NULL; + +- if ((nargs < 1) || (nargs > 3)) { ++ if (nargs != 2) { + xmlXPathSetArityError (ctxt); + return; + } ++ tctxt = xsltXPathGetTransformContext(ctxt); + + str = xmlXPathPopString (ctxt); + str_len = xmlUTF8Strlen (str); +@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + } + + key = xmlXPathPopString (ctxt); +- key_len = xmlUTF8Strlen (str); ++ key_len = xmlUTF8Strlen (key); + + if (key_len == 0) { + xmlXPathReturnEmptyString (ctxt); +@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP + return; + } + +- padkey = xmlMallocAtomic (RC4_KEY_LENGTH); ++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1); ++ if (padkey == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } ++ memset(padkey, 0, RC4_KEY_LENGTH + 1); + key_size = xmlUTF8Strsize (key, key_len); ++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + memcpy (padkey, key, key_size); +- memset (padkey + key_size, '\0', sizeof (padkey)); + + /* decode hex to binary */ + bin_len = str_len; + bin = xmlMallocAtomic (bin_len); ++ if (bin == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len); + + /* decrypt the binary blob */ + ret = xmlMallocAtomic (ret_len); ++ if (ret == NULL) { ++ xsltTransformError(tctxt, NULL, tctxt->inst, ++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n"); ++ tctxt->state = XSLT_STATE_STOPPED; ++ xmlXPathReturnEmptyString (ctxt); ++ goto done; ++ } + PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len); + + xmlXPathReturnString (ctxt, ret); + ++done: + if (key != NULL) + xmlFree (key); + if (str != NULL) diff --git a/source/lib/libxslt/FrugalBuild b/source/lib/libxslt/FrugalBuild index 8c0c485..3a772b3 100644 --- a/source/lib/libxslt/FrugalBuild +++ b/source/lib/libxslt/FrugalBuild @@ -4,7 +4,7 @@ pkgname=libxslt pkgver=1.1.22 -pkgrel=2kalgan1 +pkgrel=2kalgan2 pkgdesc="XML stylesheet transformation library" url="http://xmlsoft.org/XSLT/" groups=('lib') @@ -14,9 +14,10 @@ makedepends=('python') _F_gnome_devel=y Finclude gnome source=(http://ftp.gnome.org/pub/GNOME/sources/libxslt/1.1/$pkgname-$pkgver.tar.gz \ - CVE-2008-1767.patch) + CVE-2008-1767.patch CVE-2008-2935.patch) sha1sums=('55ce4dc659681d9a5ba2322c45cbdfe75b46639c' \ - '00d66805c4c221993f5cba8d2c83c386e314bf76') + '00d66805c4c221993f5cba8d2c83c386e314bf76' \ + '018183759b431aaabe094ecadbdb30df80613dd8') build() { unset MAKEFLAGS _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git