packages/libxslt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:885713d019ae8b749a379bcfb83e562714443408
Branches Tags
packages:main
...
compare: packages:01f7f8d7a3afed25ce210e47326f0b7e7b32be3d
Branches Tags
packages:main

10 Commits
885713d019 ... 01f7f8d7a3

Author SHA1 Message Date
openeuler-ci-bot
01f7f8d7a3
!60 [sync] PR-54: fix CVE-2024-55549 CVE-2025-24855 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2025-03-17 04:16:44 +00:00
Funda Wang
a1e69fb991 fix CVE-2024-55549 CVE-2025-24855 
(cherry picked from commit 6093938c6720527b82f538dbb61d21163a53f36f)
 2025-03-17 10:51:17 +08:00
openeuler-ci-bot
d711081deb
!49 Resolve file conflict issues 
From: @fly_fzc 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-10-17 08:23:41 +00:00
fly_fzc
54789c6550 Resolve file conflict issues 2024-10-17 10:02:37 +08:00
openeuler-ci-bot
db42532c15
!42 update version to 1.1.39 
From: @fly_fzc 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6
 2023-12-18 08:09:14 +00:00
fly_fzc
89b228dc7d update version to 1.1.39 2023-12-15 16:10:43 +08:00
openeuler-ci-bot
838b322c6f
!41 update version to 1.1.38 
From: @fly_fzc 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2023-07-13 02:12:58 +00:00
fly_fzc
a5eb9e8a50 update version to 1.1.38 2023-07-13 09:20:24 +08:00
openeuler-ci-bot
d44bc7317b
!38 【轻量级 PR】:更新yaml文件 
From: @licihua 
Reviewed-by: @overweight, @lvying6 
Signed-off-by: @overweight, @lvying6
 2023-01-04 02:43:29 +00:00
Monday
937e403384
更新yaml文件,原地址上游社区已经不再维护 
Signed-off-by: Monday <licihua@huawei.com>
 2022-11-16 03:30:47 +00:00
6 changed files with 208 additions and 9 deletions
Show Stats Expand all files Collapse all files

45
CVE-2024-55549.patch Normal file
View File

@ -0,0 +1,45 @@
From 46041b65f2fbddf5c284ee1a1332fa2c515c0515 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 5 Dec 2024 12:43:19 +0100
Subject: [PATCH] [CVE-2024-55549] Fix UAF related to excluded namespaces
Definitions of excluded namespaces could be deleted in
xsltParseTemplateContent. Store excluded namespace URIs in the
stylesheet's dictionary instead of referencing the namespace definition.
Thanks to Ivan Fratric for the report!
Fixes #127.
---
libxslt/xslt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 22fdb758..6532f976 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -147,10 +147,20 @@ xsltParseContentError(xsltStylesheetPtr style,
* in case of error
*/
static int
-exclPrefixPush(xsltStylesheetPtr style, xmlChar * value)
+exclPrefixPush(xsltStylesheetPtr style, xmlChar * orig)
{
+ xmlChar *value;
int i;
+ /*
+ * orig can come from a namespace definition on a node which
+ * could be deleted later, for example in xsltParseTemplateContent.
+ * Store the string in stylesheet's dict to avoid use after free.
+ */
+ value = (xmlChar *) xmlDictLookup(style->dict, orig, -1);
+ if (value == NULL)
+ return(-1);
+
/* do not push duplicates */
for (i = 0;i < style->exclPrefixNr;i++) {
if (xmlStrEqual(style->exclPrefixTab[i], value))
--
GitLab

130
CVE-2025-24855.patch Normal file
View File

@ -0,0 +1,130 @@
From c7c7f1f78dd202a053996fcefe57eb994aec8ef2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 17 Dec 2024 15:56:21 +0100
Subject: [PATCH] [CVE-2025-24855] Fix use-after-free of XPath context node
There are several places where the XPath context node isn't restored
after modifying it, leading to use-after-free errors with nested XPath
evaluations and dynamically allocated context nodes.
Restore XPath context node in
- xsltNumberFormatGetValue
- xsltEvalXPathPredicate
- xsltEvalXPathStringNs
- xsltComputeSortResultInternal
In some places, the transformation context node was saved and restored
which shouldn't be necessary.
Thanks to Ivan Fratric for the report!
Fixes #128.
---
libxslt/numbers.c | 5 +++++
libxslt/templates.c | 9 ++++++---
libxslt/xsltutils.c | 4 ++--
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
index 0e1fa136..741124d1 100644
--- a/libxslt/numbers.c
+++ b/libxslt/numbers.c
@@ -733,9 +733,12 @@ xsltNumberFormatGetValue(xmlXPathContextPtr context,
int amount = 0;
xmlBufferPtr pattern;
xmlXPathObjectPtr obj;
+ xmlNodePtr oldNode;
pattern = xmlBufferCreate();
if (pattern != NULL) {
+ oldNode = context->node;
+
xmlBufferCCat(pattern, "number(");
xmlBufferCat(pattern, value);
xmlBufferCCat(pattern, ")");
@@ -748,6 +751,8 @@ xsltNumberFormatGetValue(xmlXPathContextPtr context,
xmlXPathFreeObject(obj);
}
xmlBufferFree(pattern);
+
+ context->node = oldNode;
}
return amount;
}
diff --git a/libxslt/templates.c b/libxslt/templates.c
index f08b9bda..1c8d96e2 100644
--- a/libxslt/templates.c
+++ b/libxslt/templates.c
@@ -61,6 +61,7 @@ xsltEvalXPathPredicate(xsltTransformContextPtr ctxt, xmlXPathCompExprPtr comp,
int oldNsNr;
xmlNsPtr *oldNamespaces;
xmlNodePtr oldInst;
+ xmlNodePtr oldNode;
int oldProximityPosition, oldContextSize;
if ((ctxt == NULL) || (ctxt->inst == NULL)) {
@@ -69,6 +70,7 @@ xsltEvalXPathPredicate(xsltTransformContextPtr ctxt, xmlXPathCompExprPtr comp,
return(0);
}
+ oldNode = ctxt->xpathCtxt->node;
oldContextSize = ctxt->xpathCtxt->contextSize;
oldProximityPosition = ctxt->xpathCtxt->proximityPosition;
oldNsNr = ctxt->xpathCtxt->nsNr;
@@ -96,8 +98,9 @@ xsltEvalXPathPredicate(xsltTransformContextPtr ctxt, xmlXPathCompExprPtr comp,
ctxt->state = XSLT_STATE_STOPPED;
ret = 0;
}
- ctxt->xpathCtxt->nsNr = oldNsNr;
+ ctxt->xpathCtxt->node = oldNode;
+ ctxt->xpathCtxt->nsNr = oldNsNr;
ctxt->xpathCtxt->namespaces = oldNamespaces;
ctxt->inst = oldInst;
ctxt->xpathCtxt->contextSize = oldContextSize;
@@ -137,7 +140,7 @@ xsltEvalXPathStringNs(xsltTransformContextPtr ctxt, xmlXPathCompExprPtr comp,
}
oldInst = ctxt->inst;
- oldNode = ctxt->node;
+ oldNode = ctxt->xpathCtxt->node;
oldPos = ctxt->xpathCtxt->proximityPosition;
oldSize = ctxt->xpathCtxt->contextSize;
oldNsNr = ctxt->xpathCtxt->nsNr;
@@ -167,7 +170,7 @@ xsltEvalXPathStringNs(xsltTransformContextPtr ctxt, xmlXPathCompExprPtr comp,
"xsltEvalXPathString: returns %s\n", ret));
#endif
ctxt->inst = oldInst;
- ctxt->node = oldNode;
+ ctxt->xpathCtxt->node = oldNode;
ctxt->xpathCtxt->contextSize = oldSize;
ctxt->xpathCtxt->proximityPosition = oldPos;
ctxt->xpathCtxt->nsNr = oldNsNr;
diff --git a/libxslt/xsltutils.c b/libxslt/xsltutils.c
index 0e9dc62f..a20da961 100644
--- a/libxslt/xsltutils.c
+++ b/libxslt/xsltutils.c
@@ -1065,8 +1065,8 @@ xsltComputeSortResultInternal(xsltTransformContextPtr ctxt, xmlNodePtr sort,
return(NULL);
}
- oldNode = ctxt->node;
oldInst = ctxt->inst;
+ oldNode = ctxt->xpathCtxt->node;
oldPos = ctxt->xpathCtxt->proximityPosition;
oldSize = ctxt->xpathCtxt->contextSize;
oldNsNr = ctxt->xpathCtxt->nsNr;
@@ -1137,8 +1137,8 @@ xsltComputeSortResultInternal(xsltTransformContextPtr ctxt, xmlNodePtr sort,
results[i] = NULL;
}
}
- ctxt->node = oldNode;
ctxt->inst = oldInst;
+ ctxt->xpathCtxt->node = oldNode;
ctxt->xpathCtxt->contextSize = oldSize;
ctxt->xpathCtxt->proximityPosition = oldPos;
ctxt->xpathCtxt->nsNr = oldNsNr;
--
GitLab

BIN
libxslt-1.1.37.tar.gz
View File

Binary file not shown.

BIN
libxslt-1.1.39.tar.xz Normal file
View File

Binary file not shown.

35
libxslt.spec
View File

@ -1,12 +1,14 @@
Name: libxslt Name: libxslt
Version: 1.1.37 Version: 1.1.39
Release: 1 Release: 3
Summary: XSLT Transformation Library Summary: XSLT Transformation Library
License: MIT License: MIT
URL: http://xmlsoft.org/libxslt/ URL: https://gitlab.gnome.org/GNOME/libxslt
Source0: https://github.com/GNOME/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://download.gnome.org/sources/%{name}/1.1/%{name}-%{version}.tar.xz
# PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/ # PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/
Patch0: CVE-2015-9019.patch Patch0: CVE-2015-9019.patch
Patch1: CVE-2024-55549.patch
Patch2: CVE-2025-24855.patch
BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
@ -67,7 +69,7 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc NEWS README FEATURES AUTHORS %doc NEWS README.md FEATURES AUTHORS
%license Copyright %license Copyright
%{_bindir}/xsltproc %{_bindir}/xsltproc
%{_libdir}/libxslt.so.* %{_libdir}/libxslt.so.*
@ -96,10 +98,31 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../
%files help %files help
%doc %{_docdir}/%{name} %doc %{_docdir}/%{name}
%doc %{_mandir}/man3/* %doc %{_mandir}/man3/*
%exclude %{_docdir}/%{name}/{NEWS,README,FEATURES,AUTHORS} %exclude %{_docdir}/%{name}/{NEWS,README.md,FEATURES,AUTHORS}
%exclude %{_docdir}/../licenses/libxslt/Copyright %exclude %{_docdir}/../licenses/libxslt/Copyright
%changelog %changelog
* Thu Mar 13 2025 Funda Wang <fundawang@yeah.net> - 1.1.39-3
- fix CVE-2024-55549 CVE-2025-24855
* Thu Oct 17 2024 fuanan <fuanan3@h-partners.com> - 1.1.39-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Resolve file conflict issues
* Fri Dec 15 2023 fuanan <fuanan3@h-partners.com> - 1.1.39-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update version to 1.1.39
* Thu Jul 13 2023 fuanan <fuanan3@h-partners.com> - 1.1.38-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update version to 1.1.38
* Sat Nov 05 2022 shixuantong <shixuantong1@huawei.com> - 1.1.37-1 * Sat Nov 05 2022 shixuantong <shixuantong1@huawei.com> - 1.1.37-1
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA

7
libxslt.yaml
View File

@ -1,4 +1,5 @@
version_control: github version_control: git
src_repo: GNOME/libxslt src_repo: https://gitlab.gnome.org/GNOME/libxslt
tag_prefix: ^v tag_prefix: ^v
seperator: . separator: .
git_url: https://gitlab.gnome.org/GNOME/libxslt