diff --git a/Fix-double-free-with-stylesheets-containing-entity-n.patch b/Fix-double-free-with-stylesheets-containing-entity-n.patch new file mode 100644 index 0000000000000000000000000000000000000000..b432aa2c10ceff8ff2526d5e3f2c366fce16817d --- /dev/null +++ b/Fix-double-free-with-stylesheets-containing-entity-n.patch @@ -0,0 +1,36 @@ +From 3e8bbcdec8d2318ca8ab27a2a4a509a5d9bb2d51 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 2 Feb 2021 04:28:15 +0100 +Subject: [PATCH] Fix double-free with stylesheets containing entity nodes + +Fix broken logic to make sure that entity nodes are deleted from the +stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which +is included in XSLT_PARSE_OPTIONS, aren't affected. + +Found by OSS-Fuzz. +--- + libxslt/xslt.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/libxslt/xslt.c b/libxslt/xslt.c +index 7a1ce01..69116f2 100644 +--- a/libxslt/xslt.c ++++ b/libxslt/xslt.c +@@ -3656,12 +3656,8 @@ xsltPreprocessStylesheet(xsltStylesheetPtr style, xmlNodePtr cur) + (!xsltCheckExtURI(style, cur->ns->href))) { + goto skip_children; + } else if (cur->children != NULL) { +- if ((cur->children->type != XML_ENTITY_DECL) && +- (cur->children->type != XML_ENTITY_REF_NODE) && +- (cur->children->type != XML_ENTITY_NODE)) { +- cur = cur->children; +- continue; +- } ++ cur = cur->children; ++ continue; + } + + skip_children: +-- +1.8.3.1 + diff --git a/libxslt.spec b/libxslt.spec index da67f88c8efa12e71e658e335a805b49937ad974..33e2accd51ea4131b7dedb184f9f5b019ea68d0c 100644 --- a/libxslt.spec +++ b/libxslt.spec @@ -1,6 +1,6 @@ Name: libxslt Version: 1.1.34 -Release: 4 +Release: 5 Summary: XSLT Transformation Library License: MIT URL: http://xmlsoft.org/libxslt/ @@ -12,6 +12,7 @@ Patch2: Fix-clang-Wconditional-uninitialized-warning-in-libx.patch Patch3: Fix-clang-Wimplicit-int-conversion-warning.patch Patch4: Fix-implicit-int-conversion-warning-in-exslt-crypto..patch Patch5: Fix-quadratic-runtime-with-text-and-xsl-message.patch +Patch6: Fix-double-free-with-stylesheets-containing-entity-n.patch BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27 @@ -80,6 +81,9 @@ make check %exclude %{_docdir}/../licenses/Copyright %changelog +* Sat Oct 23 2021 panxiaohe - 1.1.34-5 +- Fix double-free with stylesheets containing entity nodes + * Thu Oct 29 2020 wangchen - 1.1.34-4 - remove python2 @@ -95,7 +99,7 @@ make check * Sat Jan 11 2020 zhangguangzhi - 1.1.32-7 - del patch to be consistent with open source -* Mon Dec 31 2019 openEuler Buildteam - 1.1.32-6 +* Tue Dec 31 2019 openEuler Buildteam - 1.1.32-6 - fix bug in community files * Sat Dec 21 2019 openEuler Buildteam - 1.1.32-5