From a2e601eb1db7a32b0a38fbdc4f82f099d30b9432 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 11 Apr 2013 11:28:00 +0000
Subject: [PATCH] main/libxslt: security upgrade to 1.1.28 (CVE-2012-6139)
fixes #1759
---
main/libxslt/APKBUILD | 9 +-
...Default-namespace-not-correctly-used.patch | 132 ------------------
2 files changed, 4 insertions(+), 137 deletions(-)
delete mode 100644 main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
index 6c359b992e28..52f5fa43464d 100644
--- a/main/libxslt/APKBUILD
+++ b/main/libxslt/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libxslt
-pkgver=1.1.27
-pkgrel=1
+pkgver=1.1.28
+pkgrel=0
pkgdesc="XML stylesheet transformation library"
url="http://xmlsoft.org/XSLT/"
arch="all"
@@ -9,7 +9,7 @@ license="custom"
depends=
makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python-dev"
subpackages="$pkgname-dev $pkgname-doc py-$pkgname:py"
-patches="libxslt-Fix-regression-Default-namespace-not-correctly-used.patch"
+patches=
source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz
$patches"
@@ -39,5 +39,4 @@ py() {
install -d "$subpkgdir"/usr/lib
mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
}
-md5sums="4d01ff464b9ea7236925a1adf147c7f8 libxslt-1.1.27.tar.gz
-4009f95496a7e97dd4269e7e43544e9c libxslt-Fix-regression-Default-namespace-not-correctly-used.patch"
+md5sums="9667bf6f9310b957254fdcf6596600b7 libxslt-1.1.28.tar.gz"
diff --git a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch b/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
deleted file mode 100644
index b1d6e44aeacb..000000000000
--- a/main/libxslt/libxslt-Fix-regression-Default-namespace-not-correctly-used.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 70213d9c9a86adac841247b249dc188ba2aab3db Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 28 Sep 2012 21:04:39 +0200
-Subject: [PATCH] Fix regression: Default namespace not correctly used
-To: libvir-list@redhat.com
-
-https://bugzilla.gnome.org/show_bug.cgi?id=684564
-
-Signed-off-by: Daniel Veillard <veillard@redhat.com>
----
- libxslt/transform.c | 14 ++++++++------
- tests/docs/Makefile.am | 1 +
- tests/docs/bug-179.xml | 1 +
- tests/general/Makefile.am | 1 +
- tests/general/bug-179.out | 9 +++++++++
- tests/general/bug-179.xsl | 24 ++++++++++++++++++++++++
- 6 files changed, 44 insertions(+), 6 deletions(-)
- create mode 100644 tests/docs/bug-179.xml
- create mode 100644 tests/general/bug-179.out
- create mode 100644 tests/general/bug-179.xsl
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index de2ef3c..35701de 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -4075,7 +4075,7 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
- } else if (xmlStrEqual(prefix, BAD_CAST "xml")) {
- prefix = NULL;
- }
-- } else if (prefix != NULL) {
-+ } else {
- xmlNsPtr ns;
- /*
- * SPEC XSLT 1.0:
-@@ -4090,11 +4090,13 @@ xsltElement(xsltTransformContextPtr ctxt, xmlNodePtr node,
- * TODO: Check this in the compilation layer in case it's a
- * static value.
- */
-- xsltTransformError(ctxt, NULL, inst,
-- "xsl:element: The QName '%s:%s' has no "
-- "namespace binding in scope in the stylesheet; "
-- "this is an error, since the namespace was not "
-- "specified by the instruction itself.\n", prefix, name);
-+ if (prefix != NULL) {
-+ xsltTransformError(ctxt, NULL, inst,
-+ "xsl:element: The QName '%s:%s' has no "
-+ "namespace binding in scope in the stylesheet; "
-+ "this is an error, since the namespace was not "
-+ "specified by the instruction itself.\n", prefix, name);
-+ }
- } else
- nsName = ns->href;
- }
-diff --git a/tests/docs/Makefile.am b/tests/docs/Makefile.am
-index 9e2204f..12a97a8 100644
---- a/tests/docs/Makefile.am
-+++ b/tests/docs/Makefile.am
-@@ -168,6 +168,7 @@ EXTRA_DIST = \
- bug-167.xml \
- bug-168.xml \
- bug-169.xml \
-+ bug-179.xml \
- character.xml \
- array.xml \
- items.xml
-diff --git a/tests/docs/bug-179.xml b/tests/docs/bug-179.xml
-new file mode 100644
-index 0000000..69d62f2
---- /dev/null
-+++ b/tests/docs/bug-179.xml
-@@ -0,0 +1 @@
-+<doc/>
-diff --git a/tests/general/Makefile.am b/tests/general/Makefile.am
-index 24d0d43..fd1e695 100644
---- a/tests/general/Makefile.am
-+++ b/tests/general/Makefile.am
-@@ -186,6 +186,7 @@ EXTRA_DIST = \
- bug-176.out bug-176.xsl \
- bug-177.out bug-177.xsl \
- bug-178.out bug-178.xsl \
-+ bug-179.out bug-179.xsl \
- character.out character.xsl \
- character2.out character2.xsl \
- itemschoose.out itemschoose.xsl \
-diff --git a/tests/general/bug-179.out b/tests/general/bug-179.out
-new file mode 100644
-index 0000000..0a7e67d
---- /dev/null
-+++ b/tests/general/bug-179.out
-@@ -0,0 +1,9 @@
-+<?xml version="1.0"?>
-+<root xmlns="my::namespace">
-+ <foo>...</foo>
-+ <bar>...</bar>
-+ <foobar>...</foobar>
-+ <baz>...</baz>
-+ <doc>...</doc>
-+ <baz>...</baz>
-+</root>
-diff --git a/tests/general/bug-179.xsl b/tests/general/bug-179.xsl
-new file mode 100644
-index 0000000..5847e9a
---- /dev/null
-+++ b/tests/general/bug-179.xsl
-@@ -0,0 +1,24 @@
-+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-+ xmlns="my::namespace">
-+
-+<xsl:variable name="var">baz</xsl:variable>
-+
-+<xsl:output indent="yes"/>
-+
-+<xsl:template match="/">
-+ <root> <!-- This is in the correct namespace "my::namespace" -->
-+ <foo>...</foo> <!-- OK. -->
-+ <xsl:element name="bar">...</xsl:element> <!-- Still okay. -->
-+
-+ <!-- Wrong! These are without namespace. -->
-+ <xsl:element name="{concat('foo', 'bar')}">...</xsl:element>
-+ <xsl:element name="{$var}">...</xsl:element>
-+ <xsl:element name="{local-name(*)}">...</xsl:element>
-+
-+ <!-- Explicitly setting the namespace fixes this. -->
-+ <xsl:element name="{$var}" namespace="my::namespace">...</xsl:element>
-+ </root>
-+</xsl:template>
-+
-+</xsl:stylesheet>
-+
---
-1.7.11.4
-
--
GitLab