Fix heap address leak (CVE-2011-1202).

(Portage version: 2.1.9.42/cvs/Linux x86_64)

3 files changed, 181 insertions, 1 deletions

diff --git a/dev-libs/libxslt/ChangeLog b/dev-libs/libxslt/ChangeLog
index 0221f8e52e9c..14a1ba44fa69 100644
--- a/dev-libs/libxslt/ChangeLog
+++ b/dev-libs/libxslt/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-libs/libxslt
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.207 2011/02/26 17:31:21 arfrever Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/ChangeLog,v 1.208 2011/03/12 20:59:17 pacho Exp $
+
+*libxslt-1.1.26-r1 (12 Mar 2011)
+
+  12 Mar 2011; Pacho Ramos <pacho@gentoo.org> +libxslt-1.1.26-r1.ebuild,
+  +files/libxslt-1.1.26-id-generation.patch:
+  Fix heap address leak (CVE-2011-1202).
 
   26 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
   libxslt-1.1.26.ebuild, +files/libxslt-1.1.26-disable_static_modules.patch:
diff --git a/dev-libs/libxslt/files/libxslt-1.1.26-id-generation.patch b/dev-libs/libxslt/files/libxslt-1.1.26-id-generation.patch
new file mode 100644
index 000000000000..f8f4c2a95500
--- /dev/null
+++ b/dev-libs/libxslt/files/libxslt-1.1.26-id-generation.patch
@@ -0,0 +1,56 @@
+From ecb6bcb8d1b7e44842edde3929f412d46b40c89f Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 22 Feb 2011 02:14:23 +0000
+Subject: Fix generate-id() to not expose object addresses
+
+As pointed out by Chris Evans <scarybeasts@gmail.com> it's better
+security wise to not expose object addresses directly, use a diff
+w.r.t. the document root own address to avoid this
+* libxslt/functions.c: fix IDs generation code
+---
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 4720c7a..de962f4 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -654,8 +654,9 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
+ void
+ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
+     xmlNodePtr cur = NULL;
+-    unsigned long val;
+-    xmlChar str[20];
++    long val;
++    xmlChar str[30];
++    xmlDocPtr doc;
+ 
+     if (nargs == 0) {
+ 	cur = ctxt->context->node;
+@@ -694,9 +695,24 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
+      * Okay this is ugly but should work, use the NodePtr address
+      * to forge the ID
+      */
+-    val = (unsigned long)((char *)cur - (char *)0);
+-    val /= sizeof(xmlNode);
+-    sprintf((char *)str, "id%ld", val);
++    if (cur->type != XML_NAMESPACE_DECL)
++        doc = cur->doc;
++    else {
++        xmlNsPtr ns = (xmlNsPtr) cur;
++
++        if (ns->context != NULL)
++            doc = ns->context;
++        else
++            doc = ctxt->context->doc;
++
++    }
++
++    val = (long)((char *)cur - (char *)doc);
++    if (val >= 0) {
++      sprintf((char *)str, "idp%ld", val);
++    } else {
++      sprintf((char *)str, "idm%ld", -val);
++    }
+     valuePush(ctxt, xmlXPathNewString(str));
+ }
+ 
+--
+cgit v0.8.3.4
diff --git a/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild b/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild
new file mode 100644
index 000000000000..de3f7683fdc0
--- /dev/null
+++ b/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxslt/libxslt-1.1.26-r1.ebuild,v 1.1 2011/03/12 20:59:17 pacho Exp $
+
+EAPI="3"
+PYTHON_DEPEND="python? 2"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="3.* *-jython"
+
+inherit autotools eutils python toolchain-funcs
+
+DESCRIPTION="XSLT libraries and tools"
+HOMEPAGE="http://www.xmlsoft.org/"
+SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="crypt debug python"
+
+DEPEND=">=dev-libs/libxml2-2.6.27:2
+	crypt?  ( >=dev-libs/libgcrypt-1.1.42 )"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	if use python; then
+		python_pkg_setup
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/libxslt.m4-${P}.patch \
+		"${FILESDIR}"/${PN}-1.1.23-parallel-install.patch \
+		"${FILESDIR}"/${P}-undefined.patch \
+		"${FILESDIR}"/${P}-disable_static_modules.patch
+
+	# Python bindings are built/tested/installed manually.
+	sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed"
+
+	# Fix generate-id() to not expose object addresses, bug #358615
+	epatch "${FILESDIR}/${P}-id-generation.patch"
+
+	eautoreconf
+	epunt_cxx
+}
+
+src_configure() {
+	# libgcrypt is missing pkg-config file, so fixing cross-compile
+	# here. see bug 267503.
+	if tc-is-cross-compiler; then
+		export LIBGCRYPT_CONFIG="${SYSROOT}/usr/bin/libgcrypt-config"
+	fi
+
+	econf \
+		--disable-dependency-tracking \
+		--with-html-dir=/usr/share/doc/${PF} \
+		--with-html-subdir=html \
+		$(use_with crypt crypto) \
+		$(use_with python) \
+		$(use_with debug) \
+		$(use_with debug mem-debug)
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		python_copy_sources python
+		building() {
+			emake PYTHON_INCLUDES="$(python_get_includedir)" \
+				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
+				PYTHON_VERSION="$(python_get_version)"
+		}
+		python_execute_function -s --source-dir python building
+	fi
+}
+
+src_test() {
+	default
+
+	if use python; then
+		testing() {
+			emake test
+		}
+		python_execute_function -s --source-dir python testing
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+
+	if use python; then
+		installation() {
+			emake DESTDIR="${D}" \
+				PYTHON_SITE_PACKAGES="$(python_get_sitedir)" \
+				install
+		}
+		python_execute_function -s --source-dir python installation
+
+		python_clean_installation_image
+	fi
+
+	mv -vf "${ED}"/usr/share/doc/${PN}-python-${PV} \
+		"${ED}"/usr/share/doc/${PF}/python
+	dodoc AUTHORS ChangeLog FEATURES NEWS README TODO || die
+}
+
+pkg_postinst() {
+	if use python; then
+		python_mod_optimize libxslt.py
+	fi
+}
+
+pkg_postrm() {
+	if use python; then
+		python_mod_cleanup libxslt.py
+	fi
+}