diff options
| author | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
|---|---|---|
| committer | James Meyer <james.meyer@operamail.com> | 2013-02-19 21:10:18 (GMT) |
| commit | 2648e999d277eac5c3d331a3609bcc73fafbea71 (patch) | |
| tree | 40951fb8e7fdbe28a0baa324ae615055203f1e2e /abs/core/libxslt | |
| parent | c759b5e0c4aa6fc37412b4dee2cf9ad993fd376d (diff) | |
| parent | 7e6f7ca174e1af67178dc5293a312a4a733eb095 (diff) | |
| download | linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.zip linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.gz linhes_pkgbuild-2648e999d277eac5c3d331a3609bcc73fafbea71.tar.bz2 | |
Merge branch 'testing'
# By James Meyer (1091) and others
# Via James Meyer (5) and others
* testing: (1148 commits)
LinHES-config: during install don't kill off lirc. This keeps the remote active all the way to the finish
Change version numbers to 8.0 to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web
LinHES-conifig: mv_install.py for the last partition don't go all the way to the end. Gotta leave room for gpt tables.
xf86-video-ati: xorg ati driver.
LinHES-config: timezip.py add syncing up of parental lvl passwords and starting level with MBE.
LinHES-system: correct the logic for breaking out of the wmctrl loop. As written it would break out of the inner loop..but not the 60 iteration loop.
e16_theme_settings: remove slide-in prop for new windows. For whatever reason this was preventing mplayer from being positioned correctly for appletrailers.
LinHES-config, mythinstall: change case of hd_pvr and serial to all lower refs #902
zilog-firmware: firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters but including the firmware just in case someone really wants to
linhes-udev-rules: added hdprv_lirc rule. All of these lirc rules are limited to exactly one device. If more then one device is present then only the last device in init will get the symlink
runit-scripts: fix logging for igdeamon, add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr
LinHES-system: add lh_system_restore and lh_system_backup. These scripts are called from the mythmenu. refs #900
iguanair: rebuild with python 2.7
LinHES-system: msg_daemon.py fix init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first.
linhes-udev-rules: add rules for mce,streamzap,serial lirc devices.
mythinstall: recompile for matching libs
mythtv: latest .25-fixes and change mythbackup/restore call lh_system_$op to replace mythbackup/mythrestore. mythbackup no longer works correctly with the new windowmanager
linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist
LinHES-config, supplimental-web: Fix proxy numbering for Ceton infiniTV
linhes-system: add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/
...
Diffstat (limited to 'abs/core/libxslt')
| -rw-r--r-- | abs/core/libxslt/CVE-2011-1202.patch | 56 | ||||
| -rw-r--r-- | abs/core/libxslt/PKGBUILD | 31 |
2 files changed, 77 insertions, 10 deletions
diff --git a/abs/core/libxslt/CVE-2011-1202.patch b/abs/core/libxslt/CVE-2011-1202.patch new file mode 100644 index 0000000..61ea213 --- /dev/null +++ b/abs/core/libxslt/CVE-2011-1202.patch @@ -0,0 +1,56 @@ +From ecb6bcb8d1b7e44842edde3929f412d46b40c89f Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Tue, 22 Feb 2011 02:14:23 +0000 +Subject: Fix generate-id() to not expose object addresses + +As pointed out by Chris Evans <scarybeasts@gmail.com> it's better +security wise to not expose object addresses directly, use a diff +w.r.t. the document root own address to avoid this +* libxslt/functions.c: fix IDs generation code +--- +diff --git a/libxslt/functions.c b/libxslt/functions.c +index 4720c7a..de962f4 100644 +--- a/libxslt/functions.c ++++ b/libxslt/functions.c +@@ -654,8 +654,9 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs) + void + xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ + xmlNodePtr cur = NULL; +- unsigned long val; +- xmlChar str[20]; ++ long val; ++ xmlChar str[30]; ++ xmlDocPtr doc; + + if (nargs == 0) { + cur = ctxt->context->node; +@@ -694,9 +695,24 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ + * Okay this is ugly but should work, use the NodePtr address + * to forge the ID + */ +- val = (unsigned long)((char *)cur - (char *)0); +- val /= sizeof(xmlNode); +- sprintf((char *)str, "id%ld", val); ++ if (cur->type != XML_NAMESPACE_DECL) ++ doc = cur->doc; ++ else { ++ xmlNsPtr ns = (xmlNsPtr) cur; ++ ++ if (ns->context != NULL) ++ doc = ns->context; ++ else ++ doc = ctxt->context->doc; ++ ++ } ++ ++ val = (long)((char *)cur - (char *)doc); ++ if (val >= 0) { ++ sprintf((char *)str, "idp%ld", val); ++ } else { ++ sprintf((char *)str, "idm%ld", -val); ++ } + valuePush(ctxt, xmlXPathNewString(str)); + } + +-- +cgit v0.9.0.2 diff --git a/abs/core/libxslt/PKGBUILD b/abs/core/libxslt/PKGBUILD index 33c4cdd..7cdc5e9 100644 --- a/abs/core/libxslt/PKGBUILD +++ b/abs/core/libxslt/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 87866 2010-08-18 15:17:10Z ibiru $ +# $Id: PKGBUILD 149384 2012-02-07 12:34:45Z jgc $ # Maintainer: Eric Belanger <eric@archlinux.org> # Contributor: John Proctor <jproctor@prium.net> @@ -9,23 +9,34 @@ pkgdesc="XML stylesheet transformation library" arch=('i686' 'x86_64') url="http://xmlsoft.org/XSLT/" license=('custom') -depends=('libxml2>=2.7.7' 'libgcrypt>=1.4.6') +depends=('libxml2' 'libgcrypt') makedepends=('python2') +checkdepends=('docbook-xml') options=('!libtool') -source=(ftp://xmlsoft.org/libxslt/${pkgname}-${pkgver}.tar.gz) -md5sums=('e61d0364a30146aaa3001296f853b2b9') +source=(ftp://xmlsoft.org/libxslt/${pkgname}-${pkgver}.tar.gz + CVE-2011-1202.patch) +md5sums=('e61d0364a30146aaa3001296f853b2b9' + 'ce9744943575efaa6b5501668899b753') build() { cd "${srcdir}/${pkgname}-${pkgver}" - ./configure --prefix=/usr --with-python=/usr/bin/python2.7 + patch -Np1 -i "${srcdir}/CVE-2011-1202.patch" + sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py + ./configure --prefix=/usr --with-python=/usr/bin/python2 make - make DESTDIR="${pkgdir}" install +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make check +} - for f in pyxsltproc.py extfunc.py exslt.py extelem.py basic.py; do - sed -e 's|#!/usr/bin/python|#!/usr/bin/python2|' \ - -i ${pkgdir}/usr/share/doc/libxslt-python-1.1.26/examples/${f} - done +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install install -d "${pkgdir}/usr/share/licenses/${pkgname}" install -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/" + + rm -f "${pkgdir}"/usr/lib/python*/site-packages/*.a } |