libxslt 1.1.34 fixes a security vulnerability discovered by oss-fuzz.
The upstream changelog also indicates a few more security-relevant fixes:
@maintainer(s), please create an appropriate ebuild
"In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an
xsl:number instruction was too narrow and an invalid character/length
combination could be passed to xsltNumberFormatDecimal, leading to a read of
uninitialized stack data.
*** Bug 703274 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2020-06-27 08:34:22 +0000
Commit: Matt Turner <email@example.com>
CommitDate: 2020-07-29 20:55:19 +0000
dev-libs/libxslt: security bump to 1.1.34
Note that we need the new dev-libs/libxml-2.9.10:2 in order for tests to
Let's require it in general because upstream may have written their code
expecting other properties which didn't show up during testing.
Signed-off-by: Sam James <firstname.lastname@example.org>
Signed-off-by: Matt Turner <email@example.com>
dev-libs/libxslt/Manifest | 1 +
.../files/libxslt-1.1.34-simplify-python.patch | 239 +++++++++++++++++++++
dev-libs/libxslt/libxslt-1.1.34.ebuild | 125 +++++++++++
3 files changed, 365 insertions(+)
We'll give it a few days just in case.
I think we're good to go. I'll CC-ARCHES later today if no objections.
Oh, we need to do this in bug 710748 anyway because of the new tigher dependency on libxml2.