godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-06 18:09:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2019.02.x
buildroot/package/libxslt/libxslt.mk
Fabrice Fontaine 6a57eeda66 package/libxslt: security bump to version 1.1.34 
Fixes the following security issues:

- CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain
  format strings could lead to a uninitialized read in
  xsltNumberFormatInsertNumbers.  This could allow an attacker to discern
  whether a byte on the stack contains the characters A, a, I, i, or 0, or
  any other character.

- CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping
  characters of an xsl:number instruction was too narrow and an invalid
  character/length combination could be passed to xsltNumberFormatDecimal,
  leading to a read of uninitialized stack data.

- CVE-2019-18197: In xsltCopyText in transform.c in libxslt 1.1.33, a
  pointer variable isn't reset under certain circumstances.  If the relevant
  memory area happened to be freed and reused in a certain way, a bounds
  check could fail and memory outside a buffer could be written to, or
  uninitialized data could be disclosed.

Remove patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: mention security impact]
(cherry picked from commit 5645107c39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-04 11:47:00 +01:00

35 lines
992 B
Makefile
Raw Permalink Blame History

################################################################################
#
# libxslt
#
################################################################################
LIBXSLT_VERSION = 1.1.34
LIBXSLT_SITE = http://xmlsoft.org/sources
LIBXSLT_INSTALL_STAGING = YES
LIBXSLT_LICENSE = MIT
LIBXSLT_LICENSE_FILES = COPYING
LIBXSLT_CONF_OPTS = \
--with-gnu-ld \
--without-debug \
--without-python \
--with-libxml-prefix=$(STAGING_DIR)/usr
LIBXSLT_CONFIG_SCRIPTS = xslt-config
LIBXSLT_DEPENDENCIES = host-pkgconf libxml2
# If we have enabled libgcrypt then use it, else disable crypto support.
ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
LIBXSLT_DEPENDENCIES += libgcrypt
LIBXSLT_CONF_ENV += LIBGCRYPT_CONFIG=$(STAGING_DIR)/usr/bin/libgcrypt-config
else
LIBXSLT_CONF_OPTS += --without-crypto
endif
HOST_LIBXSLT_CONF_OPTS = --without-debug --without-python --without-crypto
HOST_LIBXSLT_DEPENDENCIES = host-pkgconf host-libxml2
$(eval $(autotools-package))
$(eval $(host-autotools-package))
Reference in New Issue View Git Blame Copy Permalink