Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.8.git;a=commitdiff;h=6ef5f3207cd36ecfe39690e1ab75cdb6067476ba
commit 6ef5f3207cd36ecfe39690e1ab75cdb6067476ba
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Tue Aug 26 18:14:46 2008 +0200
libxslt-1.1.22-2kalgan2-i686
- added CVE-2008-2935.patch
- closes #3285
diff --git a/source/lib/libxslt/CVE-2008-2935.patch
b/source/lib/libxslt/CVE-2008-2935.patch
new file mode 100644
index 0000000..c9ab232
--- /dev/null
+++ b/source/lib/libxslt/CVE-2008-2935.patch
@@ -0,0 +1,152 @@
+Index: libexslt/crypto.c
+===================================================================
+--- libexslt/crypto.c (revision 1479)
++++ libexslt/crypto.c (working copy)
+@@ -595,11 +595,13 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ int str_len = 0, bin_len = 0, hex_len = 0;
+ xmlChar *key = NULL, *str = NULL, *padkey = NULL;
+ xmlChar *bin = NULL, *hex = NULL;
++ xsltTransformContextPtr tctxt = NULL;
+
+- if ((nargs < 1) || (nargs > 3)) {
++ if (nargs != 2) {
+ xmlXPathSetArityError (ctxt);
+ return;
+ }
++ tctxt = xsltXPathGetTransformContext(ctxt);
+
+ str = xmlXPathPopString (ctxt);
+ str_len = xmlUTF8Strlen (str);
+@@ -611,7 +613,7 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ }
+
+ key = xmlXPathPopString (ctxt);
+- key_len = xmlUTF8Strlen (str);
++ key_len = xmlUTF8Strlen (key);
+
+ if (key_len == 0) {
+ xmlXPathReturnEmptyString (ctxt);
+@@ -620,15 +622,33 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ return;
+ }
+
+- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++ if (padkey == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
++ memset(padkey, 0, RC4_KEY_LENGTH + 1);
++
+ key_size = xmlUTF8Strsize (key, key_len);
++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ memcpy (padkey, key, key_size);
+- memset (padkey + key_size, '\0', sizeof (padkey));
+
+ /* encrypt it */
+ bin_len = str_len;
+ bin = xmlStrdup (str);
+ if (bin == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+@@ -638,6 +658,9 @@ exsltCryptoRc4EncryptFunction (xmlXPathP
+ hex_len = str_len * 2 + 1;
+ hex = xmlMallocAtomic (hex_len);
+ if (hex == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++ tctxt->state = XSLT_STATE_STOPPED;
+ xmlXPathReturnEmptyString (ctxt);
+ goto done;
+ }
+@@ -670,11 +693,13 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ int str_len = 0, bin_len = 0, ret_len = 0;
+ xmlChar *key = NULL, *str = NULL, *padkey = NULL, *bin =
+ NULL, *ret = NULL;
++ xsltTransformContextPtr tctxt = NULL;
+
+- if ((nargs < 1) || (nargs > 3)) {
++ if (nargs != 2) {
+ xmlXPathSetArityError (ctxt);
+ return;
+ }
++ tctxt = xsltXPathGetTransformContext(ctxt);
+
+ str = xmlXPathPopString (ctxt);
+ str_len = xmlUTF8Strlen (str);
+@@ -686,7 +711,7 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ }
+
+ key = xmlXPathPopString (ctxt);
+- key_len = xmlUTF8Strlen (str);
++ key_len = xmlUTF8Strlen (key);
+
+ if (key_len == 0) {
+ xmlXPathReturnEmptyString (ctxt);
+@@ -695,22 +720,51 @@ exsltCryptoRc4DecryptFunction (xmlXPathP
+ return;
+ }
+
+- padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
++ padkey = xmlMallocAtomic (RC4_KEY_LENGTH + 1);
++ if (padkey == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate padkey\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
++ memset(padkey, 0, RC4_KEY_LENGTH + 1);
+ key_size = xmlUTF8Strsize (key, key_len);
++ if ((key_size > RC4_KEY_LENGTH) || (key_size < 0)) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: key size too long or key broken\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ memcpy (padkey, key, key_size);
+- memset (padkey + key_size, '\0', sizeof (padkey));
+
+ /* decode hex to binary */
+ bin_len = str_len;
+ bin = xmlMallocAtomic (bin_len);
++ if (bin == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate string\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ ret_len = exsltCryptoHex2Bin (str, str_len, bin, bin_len);
+
+ /* decrypt the binary blob */
+ ret = xmlMallocAtomic (ret_len);
++ if (ret == NULL) {
++ xsltTransformError(tctxt, NULL, tctxt->inst,
++ "exsltCryptoRc4EncryptFunction: Failed to allocate result\n");
++ tctxt->state = XSLT_STATE_STOPPED;
++ xmlXPathReturnEmptyString (ctxt);
++ goto done;
++ }
+ PLATFORM_RC4_DECRYPT (ctxt, padkey, bin, ret_len, ret, ret_len);
+
+ xmlXPathReturnString (ctxt, ret);
+
++done:
+ if (key != NULL)
+ xmlFree (key);
+ if (str != NULL)
diff --git a/source/lib/libxslt/FrugalBuild b/source/lib/libxslt/FrugalBuild
index 8c0c485..3a772b3 100644
--- a/source/lib/libxslt/FrugalBuild
+++ b/source/lib/libxslt/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=libxslt
pkgver=1.1.22
-pkgrel=2kalgan1
+pkgrel=2kalgan2
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/";
groups=('lib')
@@ -14,9 +14,10 @@ makedepends=('python')
_F_gnome_devel=y
Finclude gnome
source=(http://ftp.gnome.org/pub/GNOME/sources/libxslt/1.1/$pkgname-$pkgver.tar.gz
\
- CVE-2008-1767.patch)
+ CVE-2008-1767.patch CVE-2008-2935.patch)
sha1sums=('55ce4dc659681d9a5ba2322c45cbdfe75b46639c' \
- '00d66805c4c221993f5cba8d2c83c386e314bf76')
+ '00d66805c4c221993f5cba8d2c83c386e314bf76' \
+ '018183759b431aaabe094ecadbdb30df80613dd8')
build() {
unset MAKEFLAGS
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git
