From 3a9b6bde335fcb15c57f13604e2ccaabb09d910e Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Wed, 20 Nov 2019 15:08:24 +0100 Subject: libxslt: upgrade to release 1.1.34 Fixes CVE-2019-18197. Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1. Reviewed-on: https://gerrit.libreoffice.org/83312 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1) Reviewed-on: https://gerrit.libreoffice.org/83377 (cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473) Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9 Reviewed-on: https://gerrit.libreoffice.org/83527 Reviewed-by: Michael Stahl Tested-by: Michael Stahl --- download.lst | 4 +- external/libxslt/UnpackedTarball_xslt.mk | 2 +- ...03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 | 120 --------------------- ...2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 | 69 ++++++++++++ external/libxslt/libxslt-config.patch.1 | 18 ++-- external/libxslt/libxslt-internal-symbols.patch.1 | 8 +- 6 files changed, 85 insertions(+), 136 deletions(-) delete mode 100644 external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 create mode 100644 external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 diff --git a/download.lst b/download.lst index 82dbc3521fcf..012084f7c06b 100644 --- a/download.lst +++ b/download.lst @@ -97,8 +97,8 @@ export LIBXMLSEC_TARBALL := ce12af00283eb90d9281956524250d6e-xmlsec1-1.2.20.tar. export LIBXML_MD5SUM := 10942a1dc23137a8aa07f0639cbfece5 export LIBXML_VERSION_MICRO := 10 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz -export LIBXSLT_MD5SUM := b3bd254a03e46d58f8ad1e4559cd2c2f -export LIBXSLT_VERSION_MICRO := 33 +export LIBXSLT_MD5SUM := db8765c8d076f1b6caafd9f2542a304a +export LIBXSLT_VERSION_MICRO := 34 export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz export MARIADB_TARBALL := a233181e03d3c307668b4c722d881661-mariadb_client-2.0.0-src.tar.gz diff --git a/external/libxslt/UnpackedTarball_xslt.mk b/external/libxslt/UnpackedTarball_xslt.mk index ce16715d7817..3ba4f0d130a0 100644 --- a/external/libxslt/UnpackedTarball_xslt.mk +++ b/external/libxslt/UnpackedTarball_xslt.mk @@ -17,7 +17,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xslt,\ external/libxslt/libxslt-msvc.patch.2 \ external/libxslt/libxslt-1.1.26-memdump.patch \ external/libxslt/rpath.patch.0 \ - external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 \ + external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 b/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 deleted file mode 100644 index 260f35d1a35e..000000000000 --- a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 +++ /dev/null @@ -1,120 +0,0 @@ -From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sun, 24 Mar 2019 09:51:39 +0100 -Subject: [PATCH] Fix security framework bypass - -xsltCheckRead and xsltCheckWrite return -1 in case of error but callers -don't check for this condition and allow access. With a specially -crafted URL, xsltCheckRead could be tricked into returning an error -because of a supposedly invalid URL that would still be loaded -succesfully later on. - -Fixes #12. - -Thanks to Felix Wilhelm for the report. ---- - libxslt/documents.c | 18 ++++++++++-------- - libxslt/imports.c | 9 +++++---- - libxslt/transform.c | 9 +++++---- - libxslt/xslt.c | 9 +++++---- - 4 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/libxslt/documents.c b/libxslt/documents.c -index 3f3a7312..4aad11bb 100644 ---- a/libxslt/documents.c -+++ b/libxslt/documents.c -@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) { - int res; - - res = xsltCheckRead(ctxt->sec, ctxt, URI); -- if (res == 0) { -- xsltTransformError(ctxt, NULL, NULL, -- "xsltLoadDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(ctxt, NULL, NULL, -+ "xsltLoadDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) { - int res; - - res = xsltCheckRead(sec, NULL, URI); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltLoadStyleDocument: read rights for %s denied\n", -- URI); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltLoadStyleDocument: read rights for %s denied\n", -+ URI); - return(NULL); - } - } -diff --git a/libxslt/imports.c b/libxslt/imports.c -index 874870cc..3783b247 100644 ---- a/libxslt/imports.c -+++ b/libxslt/imports.c -@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) { - int secres; - - secres = xsltCheckRead(sec, NULL, URI); -- if (secres == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsl:import: read rights for %s denied\n", -- URI); -+ if (secres <= 0) { -+ if (secres == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsl:import: read rights for %s denied\n", -+ URI); - goto error; - } - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 13793914..0636dbd0 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node, - */ - if (ctxt->sec != NULL) { - ret = xsltCheckWrite(ctxt->sec, ctxt, filename); -- if (ret == 0) { -- xsltTransformError(ctxt, NULL, inst, -- "xsltDocumentElem: write rights for %s denied\n", -- filename); -+ if (ret <= 0) { -+ if (ret == 0) -+ xsltTransformError(ctxt, NULL, inst, -+ "xsltDocumentElem: write rights for %s denied\n", -+ filename); - xmlFree(URL); - xmlFree(filename); - return; -diff --git a/libxslt/xslt.c b/libxslt/xslt.c -index 780a5ad7..a234eb79 100644 ---- a/libxslt/xslt.c -+++ b/libxslt/xslt.c -@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) { - int res; - - res = xsltCheckRead(sec, NULL, filename); -- if (res == 0) { -- xsltTransformError(NULL, NULL, NULL, -- "xsltParseStylesheetFile: read rights for %s denied\n", -- filename); -+ if (res <= 0) { -+ if (res == 0) -+ xsltTransformError(NULL, NULL, NULL, -+ "xsltParseStylesheetFile: read rights for %s denied\n", -+ filename); - return(NULL); - } - } --- -2.18.1 - diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 new file mode 100644 index 000000000000..f82c2e4f77ee --- /dev/null +++ b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 @@ -0,0 +1,69 @@ +From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001 +From: Chun-wei Fan +Date: Tue, 12 Nov 2019 17:37:05 +0800 +Subject: [PATCH] win32: Add configuration for profiler + +Without this the generated xsltconfig.h will not be complete as there +will be a configuration variable that is left in the header, breaking +builds. + +This will allow one to enable or disable profiler support in Windows +builds, and the default is to enable this. +--- + win32/configure.js | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/win32/configure.js b/win32/configure.js +index 56694cce..12c99f30 100644 +--- a/win32/configure.js ++++ b/win32/configure.js +@@ -47,6 +47,7 @@ var withIconv = true; + var withZlib = false; + var withCrypto = true; + var withModules = false; ++var withProfiler = true; + /* Win32 build options. */ + var dirSep = "\\"; + var compiler = "msvc"; +@@ -106,6 +107,7 @@ function usage() + txt += " zlib: Use zlib library (" + (withZlib? "yes" : "no") + ")\n"; + txt += " crypto: Enable Crypto support (" + (withCrypto? "yes" : "no") + ")\n"; + txt += " modules: Enable Module support (" + (withModules? "yes" : "no") + ")\n"; ++ txt += " profiler: Enable Profiler support (" + (withProfiler? "yes" : "no") + ")\n"; + txt += "\nWin32 build options, default value given in parentheses:\n\n"; + txt += " compiler: Compiler to be used [msvc|mingw] (" + compiler + ")\n"; + txt += " cruntime: C-runtime compiler option (only msvc) (" + cruntime + ")\n"; +@@ -192,6 +194,7 @@ function discoverVersion() + vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0")); + vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0")); + vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0")); ++ vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0")); + vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0")); + vf.WriteLine("STATIC=" + (buildStatic? "1" : "0")); + vf.WriteLine("PREFIX=" + buildPrefix); +@@ -240,6 +243,8 @@ function configureXslt() + of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/, withDebugger? "1" : "0")); + } else if (s.search(/\@WITH_MODULES\@/) != -1) { + of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules? "1" : "0")); ++ } else if (s.search(/\@WITH_PROFILER\@/) != -1) { ++ of.WriteLine(s.replace(/\@WITH_PROFILER\@/, withProfiler? "1" : "0")); + } else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) { + of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL")); + } else +@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) { + withCrypto = strToBool(arg.substring(opt.length + 1, arg.length)); + else if (opt == "modules") + withModules = strToBool(arg.substring(opt.length + 1, arg.length)); ++ else if (opt == "profiler") ++ withProfiler = strToBool(arg.substring(opt.length + 1, arg.length)); + else if (opt == "compiler") + compiler = arg.substring(opt.length + 1, arg.length); + else if (opt == "cruntime") +@@ -477,6 +484,7 @@ txtOut += " Use iconv: " + boolToStr(withIconv) + "\n"; + txtOut += " With zlib: " + boolToStr(withZlib) + "\n"; + txtOut += " Crypto: " + boolToStr(withCrypto) + "\n"; + txtOut += " Modules: " + boolToStr(withModules) + "\n"; ++txtOut += " Profiler: " + boolToStr(withProfiler) + "\n"; + txtOut += "\n"; + txtOut += "Win32 build configuration\n"; + txtOut += "-------------------------\n"; diff --git a/external/libxslt/libxslt-config.patch.1 b/external/libxslt/libxslt-config.patch.1 index dc33871398cc..6360d8cce512 100644 --- a/external/libxslt/libxslt-config.patch.1 +++ b/external/libxslt/libxslt-config.patch.1 @@ -23,13 +23,13 @@ Hack the xslt-config to return paths into WORKDIR. usage() { -@@ -89,7 +95,8 @@ - shift - done +@@ -92,7 +98,8 @@ + libs="@XSLT_LIBDIR@ $libs" + fi --the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@" -+#the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@" -+the_libs="-L${libdir} -lxslt -lm" - if test "$includedir" != "/usr/include"; then - the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`" - else +- libs="$libs @EXTRA_LIBS@" ++ #libs="$libs @EXTRA_LIBS@" ++ libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm" + ;; + + *) diff --git a/external/libxslt/libxslt-internal-symbols.patch.1 b/external/libxslt/libxslt-internal-symbols.patch.1 index 7b13e1007c00..84a15154d729 100644 --- a/external/libxslt/libxslt-internal-symbols.patch.1 +++ b/external/libxslt/libxslt-internal-symbols.patch.1 @@ -1,13 +1,13 @@ --- xslt/libxslt/libxslt.syms.orig 2017-09-05 16:25:50.504966267 +0200 +++ xslt/libxslt/libxslt.syms 2017-09-05 16:41:00.256895709 +0200 @@ -497,5 +497,10 @@ - # xsltInternals - xsltFlagRVTs; - xsltDecimalFormatGetByQName; + + # pattern + xsltCompMatchClearCache; + +# Solaris ld needs explicit auto-reduction (or, alternatively, "-B local") + local: + *; + - } LIBXML2_1.1.27; + } LIBXML2_1.1.30; -- cgit