From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 3/3] gnu: libxslt: Update to 1.1.29. Date: Tue, 7 Jun 2016 20:54:08 -0400 Message-ID: References: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37295) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bARlO-0007Lp-UF for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bARlI-0004oi-EG for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:30 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:43763) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bARlH-0004kM-7L for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:24 -0400 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 48996F29FA for ; Tue, 7 Jun 2016 20:54:12 -0400 (EDT) In-Reply-To: In-Reply-To: References: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/patches/libxslt-CVE-2015-7995.patch, gnu/packages/patches/libxslt-remove-date-timestamps.patch: Delete files. * gnu/packages/xml.scm: Update to 1.1.29. [source]: Remove patches. --- gnu/packages/patches/libxslt-CVE-2015-7995.patch | 29 ---------- .../patches/libxslt-remove-date-timestamps.patch | 66 ---------------------- gnu/packages/xml.scm | 8 +-- 3 files changed, 3 insertions(+), 100 deletions(-) delete mode 100644 gnu/packages/patches/libxslt-CVE-2015-7995.patch delete mode 100644 gnu/packages/patches/libxslt-remove-date-timestamps.patch diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch deleted file mode 100644 index f291d5b..0000000 --- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Thu, 29 Oct 2015 19:33:23 +0800 -Subject: [PATCH] Fix for type confusion in preprocessing attributes - -CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 -We need to check that the parent node is an element before dereferencing -its namespace ---- - libxslt/preproc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/preproc.c b/libxslt/preproc.c -index 0eb80a0..7f69325 100644 ---- a/libxslt/preproc.c -+++ b/libxslt/preproc.c -@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { - } else if (IS_XSLT_NAME(inst, "attribute")) { - xmlNodePtr parent = inst->parent; - -- if ((parent == NULL) || (parent->ns == NULL) || -+ if ((parent == NULL) || -+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || - ((parent->ns != inst->ns) && - (!xmlStrEqual(parent->ns->href, inst->ns->href))) || - (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { --- -2.6.3 - diff --git a/gnu/packages/patches/libxslt-remove-date-timestamps.patch b/gnu/packages/patches/libxslt-remove-date-timestamps.patch deleted file mode 100644 index 51470d0..0000000 --- a/gnu/packages/patches/libxslt-remove-date-timestamps.patch +++ /dev/null @@ -1,66 +0,0 @@ -Use deterministic SOURCE_DATE_EPOCH for embedded timestamps in generated documentation. - -Written by Eduard Sanou. - -https://bugzilla.gnome.org/show_bug.cgi?id=758148 - ---- libxslt-1.1.28.orig/libexslt/date.c -+++ libxslt-1.1.28/libexslt/date.c -@@ -46,6 +46,7 @@ - #include "exslt.h" - - #include -+#include - - #ifdef HAVE_MATH_H - #include -@@ -747,21 +748,46 @@ static exsltDateValPtr - exsltDateCurrent (void) - { - struct tm localTm, gmTm; -+ struct tm *tb = NULL; - time_t secs; - int local_s, gm_s; - exsltDateValPtr ret; -+ char *source_date_epoch; - - ret = exsltDateCreateDate(XS_DATETIME); - if (ret == NULL) - return NULL; - -- /* get current time */ - secs = time(NULL); -+ /* -+ * Allow the date and time to be set externally by an exported -+ * environment variable to enable reproducible builds. -+ */ -+ source_date_epoch = getenv("SOURCE_DATE_EPOCH"); -+ if (source_date_epoch) { -+ errno = 0; -+ secs = (time_t) strtol (source_date_epoch, NULL, 10); -+ if (errno == 0) { -+ tb = gmtime(&secs); -+ if (tb == NULL) { -+ /* SOURCE_DATE_EPOCH is not a valid date */ -+ return NULL; -+ } else { -+ localTm = *tb; -+ } -+ } else { -+ /* SOURCE_DATE_EPOCH is not a valid number */ -+ return NULL; -+ } -+ } else { -+ /* get current time */ - #if HAVE_LOCALTIME_R -- localtime_r(&secs, &localTm); -+ localtime_r(&secs, &localTm); - #else -- localTm = *localtime(&secs); -+ localTm = *localtime(&secs); - #endif -+ } -+ - - /* get real year, not years since 1900 */ - ret->value.date.year = localTm.tm_year + 1900; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 9400930..a486d19 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -127,17 +127,15 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.28") + (version "1.1.29") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) (sha256 (base32 - "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz")) - (patches (search-patches "libxslt-generated-ids.patch" - "libxslt-remove-date-timestamps.patch" - "libxslt-CVE-2015-7995.patch")))) + "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") (synopsis "C library for applying XSLT stylesheets to XML documents") -- 2.8.3