external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1
| 29 ++++++++++
external/libxslt/UnpackedTarball_xslt.mk
| 1
shell/CppunitTest_shell_zip.mk
| 12 ++--
3 files changed, 36 insertions(+), 6 deletions(-)
New commits:
commit 45d1abeff9d4041b3e174f0eddd10bfd6ab8a360
Author: Michael Stahl <mst...@redhat.com>
Date: Fri Nov 20 13:53:43 2015 +0100
libxslt: add patch for CVE-2015-7995
Change-Id: I733cd21f6d8c7ea1e01f594d1483ad9c2043c188
diff --git
a/external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1
b/external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1
new file mode 100644
index 0000000..4f87e79
--- /dev/null
+++
b/external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1
@@ -0,0 +1,29 @@
+From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veill...@redhat.com>
+Date: Thu, 29 Oct 2015 19:33:23 +0800
+Subject: [PATCH] Fix for type confusion in preprocessing attributes
+
+CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
+We need to check that the parent node is an element before dereferencing
+its namespace
+---
+ libxslt/preproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/preproc.c b/libxslt/preproc.c
+index 0eb80a0..7f69325 100644
+--- a/libxslt/preproc.c
++++ b/libxslt/preproc.c
+@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr
inst) {
+ } else if (IS_XSLT_NAME(inst, "attribute")) {
+ xmlNodePtr parent = inst->parent;
+
+- if ((parent == NULL) || (parent->ns == NULL) ||
++ if ((parent == NULL) ||
++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
+ ((parent->ns != inst->ns) &&
+ (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
+ (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
+--
+2.4.3
+
diff --git a/external/libxslt/UnpackedTarball_xslt.mk
b/external/libxslt/UnpackedTarball_xslt.mk
index 5c44e0e..c354465 100644
--- a/external/libxslt/UnpackedTarball_xslt.mk
+++ b/external/libxslt/UnpackedTarball_xslt.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xslt,\
external/libxslt/libxslt-config-guess.patch.0 \
external/libxslt/rpath.patch.0 \
external/libxslt/libxslt-vc15.patch \
+
external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1
\
))
# vim: set noet sw=4 ts=4:
commit e5c55a6f99052d71505ca97d7a1ef3822960cbba
Author: Michael Stahl <mst...@redhat.com>
Date: Fri Nov 20 10:59:34 2015 +0100
shell: rename CppunitTest to the same name as the makefile
Change-Id: I3d1ef0573a460a3101cb8c9afd30162397d8012c
diff --git a/shell/CppunitTest_shell_zip.mk b/shell/CppunitTest_shell_zip.mk
index 63d0bc9..bbf22a6 100644
--- a/shell/CppunitTest_shell_zip.mk
+++ b/shell/CppunitTest_shell_zip.mk
@@ -7,31 +7,31 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
-$(eval $(call gb_CppunitTest_CppunitTest,zip))
+$(eval $(call gb_CppunitTest_CppunitTest,shell_zip))
-$(eval $(call gb_CppunitTest_add_exception_objects,zip, \
+$(eval $(call gb_CppunitTest_add_exception_objects,shell_zip, \
shell/qa/zip/testzipimpl \
shell/qa/zip/ziptest \
))
-$(eval $(call gb_CppunitTest_set_include,zip,\
+$(eval $(call gb_CppunitTest_set_include,shell_zip,\
-I$(SRCDIR)/shell/inc \
$$(INCLUDE) \
))
-$(eval $(call gb_CppunitTest_use_externals,zip,\
+$(eval $(call gb_CppunitTest_use_externals,shell_zip,\
expat \
zlib \
))
-$(eval $(call gb_CppunitTest_use_system_win32_libs,zip, \
+$(eval $(call gb_CppunitTest_use_system_win32_libs,shell_zip, \
ole32 \
kernel32 \
msvcprt \
))
-$(eval $(call gb_CppunitTest_use_static_libraries,zip,\
+$(eval $(call gb_CppunitTest_use_static_libraries,shell_zip,\
shell_xmlparser \
shlxthandler_common \
))
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
