You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by tr...@apache.org on 2019/10/08 22:52:29 UTC
[openoffice] branch AOO42X updated: Upgrade libxml2 to version
2.9.9 and libxslt to version 1.1.33.
This is an automated email from the ASF dual-hosted git repository.
truckman pushed a commit to branch AOO42X
in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/AOO42X by this push:
new 3f3f261 Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.
3f3f261 is described below
commit 3f3f2619b27c4ab4bf28f46a3a65229994d8de6b
Author: Don Lewis <dl...@debian.catspoiler.org>
AuthorDate: Tue Oct 8 16:00:27 2019 -0700
Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.
libxml2-nan-inf-fix.patch has been incorporated upstream.
Cherry-pick four upstream post 1.1.33 libxslt commits to address three
CVEs and one functionality regression. Without the latter fix, xsltproc
generates bad code for the writerfilter module causing a build failure.
---
main/external_deps.lst | 8 +-
main/libxml2/libxml2-configure.patch | 12 +--
main/libxml2/libxml2-nan-inf-fix.patch | 60 ------------
main/libxml2/makefile.mk | 8 +-
main/libxslt/libxslt-CVE-2019-11068.patch | 120 ++++++++++++++++++++++++
main/libxslt/libxslt-CVE-2019-13117.patch | 29 ++++++
main/libxslt/libxslt-CVE-2019-13118.patch | 71 ++++++++++++++
main/libxslt/libxslt-backup_Xpath_context.patch | 93 ++++++++++++++++++
main/libxslt/libxslt-configure.patch | 12 +--
main/libxslt/libxslt-win_manifest.patch | 6 +-
main/libxslt/libxsltversion.mk | 2 +-
main/libxslt/makefile.mk | 8 +-
12 files changed, 341 insertions(+), 88 deletions(-)
diff --git a/main/external_deps.lst b/main/external_deps.lst
index f8926aa..472fcad 100644
--- a/main/external_deps.lst
+++ b/main/external_deps.lst
@@ -169,14 +169,14 @@ if ( true )
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_LIBXML != YES)
- MD5 = b786e353e2aa1b872d70d5d1ca0c740d
- name = libxml2-2.9.8.tar.gz
+ MD5 = c04a5a0a042eaa157e8e8c9eabe76bd6
+ name = libxml2-2.9.9.tar.gz
URL1 = http://xmlsoft.org/sources/$(name)
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_LIBXSLT != YES)
- MD5 = 1fc72f98e98bf4443f1651165f3aa146
- name = libxslt-1.1.32.tar.gz
+ MD5 = b3bd254a03e46d58f8ad1e4559cd2c2f
+ name = libxslt-1.1.33.tar.gz
URL1 = http://xmlsoft.org/sources/$(name)
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
diff --git a/main/libxml2/libxml2-configure.patch b/main/libxml2/libxml2-configure.patch
index c074f0b..91c5845 100644
--- a/main/libxml2/libxml2-configure.patch
+++ b/main/libxml2/libxml2-configure.patch
@@ -1,6 +1,6 @@
-diff -ur misc/libxml2-2.9.8/include/libxml/xmlversion.h misc/build/libxml2-2.9.8/include/libxml/xmlversion.h
---- misc/libxml2-2.9.8/include/libxml/xmlversion.h 2018-03-05 07:54:29.000000000 -0800
-+++ misc/build/libxml2-2.9.8/include/libxml/xmlversion.h 2018-08-22 22:53:15.488158000 -0700
+diff -ur misc/libxml2-2.9.9/include/libxml/xmlversion.h misc/build/libxml2-2.9.9/include/libxml/xmlversion.h
+--- misc/libxml2-2.9.9/include/libxml/xmlversion.h 2018-03-05 07:54:29.000000000 -0800
++++ misc/build/libxml2-2.9.9/include/libxml/xmlversion.h 2018-08-22 22:53:15.488158000 -0700
@@ -273,7 +273,7 @@
*
* Whether iconv support is available
@@ -19,9 +19,9 @@ diff -ur misc/libxml2-2.9.8/include/libxml/xmlversion.h misc/build/libxml2-2.9.8
#define LIBXML_DEBUG_ENABLED
#endif
-diff -ur misc/libxml2-2.9.8/xml2-config.in misc/build/libxml2-2.9.8/xml2-config.in
---- misc/libxml2-2.9.8/xml2-config.in 2016-06-07 03:04:14.000000000 -0700
-+++ misc/build/libxml2-2.9.8/xml2-config.in 2018-08-22 22:53:15.489086000 -0700
+diff -ur misc/libxml2-2.9.9/xml2-config.in misc/build/libxml2-2.9.9/xml2-config.in
+--- misc/libxml2-2.9.9/xml2-config.in 2016-06-07 03:04:14.000000000 -0700
++++ misc/build/libxml2-2.9.9/xml2-config.in 2018-08-22 22:53:15.489086000 -0700
@@ -1,9 +1,14 @@
#! /bin/sh
diff --git a/main/libxml2/libxml2-nan-inf-fix.patch b/main/libxml2/libxml2-nan-inf-fix.patch
deleted file mode 100644
index b3037ed..0000000
--- a/main/libxml2/libxml2-nan-inf-fix.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 7abec671473b837f99181442d59edd0cc2ee01d1 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <we...@aevum.de>
-Date: Thu, 15 Mar 2018 19:33:52 +0100
-Subject: [PATCH] NaN and Inf fixes for pre-C99 compilers
-
-On some pre-C99 compilers, the NAN and INFINITY macros don't expand to
-constant expressions.
-
-Some MSVC versions complain about floating point division by zero in
-constants.
-
-Thanks to Fabrice Manfroi for the report.
----
- xpath.c | 19 ++++++++++---------
- 1 file changed, 10 insertions(+), 9 deletions(-)
-
-diff -ur misc/libxml2-2.9.8/xpath.c misc/build/libxml2-2.9.8/xpath.c
---- misc/libxml2-2.9.8/xpath.c 2017-12-02 00:58:10.000000000 -0800
-+++ misc/build/libxml2-2.9.8/xpath.c 2018-08-23 15:05:24.276900000 -0700
-@@ -477,27 +477,28 @@ int wrap_cmp( xmlNodePtr x, xmlNodePtr y );
- * *
- ************************************************************************/
-
--#ifndef NAN
--#define NAN (0.0 / 0.0)
-+#ifndef INFINITY
-+#define INFINITY (DBL_MAX * DBL_MAX)
- #endif
-
--#ifndef INFINITY
--#define INFINITY HUGE_VAL
-+#ifndef NAN
-+#define NAN (INFINITY / INFINITY)
- #endif
-
--double xmlXPathNAN = NAN;
--double xmlXPathPINF = INFINITY;
--double xmlXPathNINF = -INFINITY;
-+double xmlXPathNAN;
-+double xmlXPathPINF;
-+double xmlXPathNINF;
-
- /**
- * xmlXPathInit:
- *
- * Initialize the XPath environment
-- *
-- * Does nothing but must be kept as public function.
- */
- void
- xmlXPathInit(void) {
-+ xmlXPathNAN = NAN;
-+ xmlXPathPINF = INFINITY;
-+ xmlXPathNINF = -INFINITY;
- }
-
- /**
---
-2.18.0
-
diff --git a/main/libxml2/makefile.mk b/main/libxml2/makefile.mk
index e49747a..934ff33 100644
--- a/main/libxml2/makefile.mk
+++ b/main/libxml2/makefile.mk
@@ -38,20 +38,16 @@ all:
# --- Files --------------------------------------------------------
-LIBXML2VERSION=2.9.8
+LIBXML2VERSION=2.9.9
TARFILE_NAME=$(PRJNAME)-$(LIBXML2VERSION)
-TARFILE_MD5=b786e353e2aa1b872d70d5d1ca0c740d
+TARFILE_MD5=c04a5a0a042eaa157e8e8c9eabe76bd6
PATCH_FILES=libxml2-configure.patch
# libxml2-global-symbols: #i112480#: Solaris ld won't export non-listed symbols
# libxml2-global-symbols.patch
-.IF "$(OS)" == "WNT"
-PATCH_FILES+= libxml2-nan-inf-fix.patch
-.ENDIF
-
# This is only for UNX environment now
.IF "$(OS)"=="WNT"
diff --git a/main/libxslt/libxslt-CVE-2019-11068.patch b/main/libxslt/libxslt-CVE-2019-11068.patch
new file mode 100644
index 0000000..5651f03
--- /dev/null
+++ b/main/libxslt/libxslt-CVE-2019-11068.patch
@@ -0,0 +1,120 @@
+From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <we...@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: [PATCH] Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c | 9 +++++----
+ libxslt/transform.c | 9 +++++----
+ libxslt/xslt.c | 9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff misc/libxslt-1.1.33/libxslt/documents.c misc/build/libxslt-1.1.33/libxslt/documents.c
+index 3f3a7312..4aad11bb 100644
+--- misc/libxslt-1.1.33/libxslt/documents.c
++++ misc/build/libxslt-1.1.33/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(ctxt->sec, ctxt, URI);
+- if (res == 0) {
+- xsltTransformError(ctxt, NULL, NULL,
+- "xsltLoadDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(ctxt, NULL, NULL,
++ "xsltLoadDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, URI);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltLoadStyleDocument: read rights for %s denied\n",
+- URI);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltLoadStyleDocument: read rights for %s denied\n",
++ URI);
+ return(NULL);
+ }
+ }
+diff misc/libxslt-1.1.33/libxslt/imports.c misc/build/libxslt-1.1.33/libxslt/imports.c
+index 874870cc..3783b247 100644
+--- misc/libxslt-1.1.33/libxslt/imports.c
++++ misc/build/libxslt-1.1.33/libxslt/imports.c
+@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
+ int secres;
+
+ secres = xsltCheckRead(sec, NULL, URI);
+- if (secres == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsl:import: read rights for %s denied\n",
+- URI);
++ if (secres <= 0) {
++ if (secres == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsl:import: read rights for %s denied\n",
++ URI);
+ goto error;
+ }
+ }
+diff misc/libxslt-1.1.33/libxslt/transform.c misc/build/libxslt-1.1.33/libxslt/transform.c
+index 13793914..0636dbd0 100644
+--- misc/libxslt-1.1.33/libxslt/transform.c
++++ misc/build/libxslt-1.1.33/libxslt/transform.c
+@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
+ */
+ if (ctxt->sec != NULL) {
+ ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+- if (ret == 0) {
+- xsltTransformError(ctxt, NULL, inst,
+- "xsltDocumentElem: write rights for %s denied\n",
+- filename);
++ if (ret <= 0) {
++ if (ret == 0)
++ xsltTransformError(ctxt, NULL, inst,
++ "xsltDocumentElem: write rights for %s denied\n",
++ filename);
+ xmlFree(URL);
+ xmlFree(filename);
+ return;
+diff misc/libxslt-1.1.33/libxslt/xslt.c misc/build/libxslt-1.1.33/libxslt/xslt.c
+index 780a5ad7..a234eb79 100644
+--- misc/libxslt-1.1.33/libxslt/xslt.c
++++ misc/build/libxslt-1.1.33/libxslt/xslt.c
+@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
+ int res;
+
+ res = xsltCheckRead(sec, NULL, filename);
+- if (res == 0) {
+- xsltTransformError(NULL, NULL, NULL,
+- "xsltParseStylesheetFile: read rights for %s denied\n",
+- filename);
++ if (res <= 0) {
++ if (res == 0)
++ xsltTransformError(NULL, NULL, NULL,
++ "xsltParseStylesheetFile: read rights for %s denied\n",
++ filename);
+ return(NULL);
+ }
+ }
+--
+2.11.0
+
diff --git a/main/libxslt/libxslt-CVE-2019-13117.patch b/main/libxslt/libxslt-CVE-2019-13117.patch
new file mode 100644
index 0000000..6ee9bc8
--- /dev/null
+++ b/main/libxslt/libxslt-CVE-2019-13117.patch
@@ -0,0 +1,29 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <we...@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff misc/libxslt-1.1.33/libxslt/numbers.c misc/build/libxslt-1.1.33/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- misc/libxslt-1.1.33/libxslt/numbers.c
++++ misc/build/libxslt-1.1.33/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ tokens->tokens[tokens->nTokens].token = val - 1;
+ ix += len;
+ val = xmlStringCurrentChar(NULL, format+ix, &len);
+- }
++ } else {
++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++ tokens->tokens[tokens->nTokens].width = 1;
++ }
+ } else if ( (val == (xmlChar)'A') ||
+ (val == (xmlChar)'a') ||
+ (val == (xmlChar)'I') ||
+--
+2.11.0
+
diff --git a/main/libxslt/libxslt-CVE-2019-13118.patch b/main/libxslt/libxslt-CVE-2019-13118.patch
new file mode 100644
index 0000000..520306d
--- /dev/null
+++ b/main/libxslt/libxslt-CVE-2019-13118.patch
@@ -0,0 +1,71 @@
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <we...@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 +++--
+ tests/docs/bug-222.xml | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff misc/libxslt-1.1.33/libxslt/numbers.c misc/build/libxslt-1.1.33/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- misc/libxslt-1.1.33/libxslt/numbers.c
++++ misc/build/libxslt-1.1.33/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+ number = floor((scale * number + 0.5)) / scale;
+ if ((self->grouping != NULL) &&
+ (self->grouping[0] != 0)) {
++ int gchar;
+
+ len = xmlStrlen(self->grouping);
+- pchar = xsltGetUTF8Char(self->grouping, &len);
++ gchar = xsltGetUTF8Char(self->grouping, &len);
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+ format_info.group,
+- pchar, len);
++ gchar, len);
+ } else
+ xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ format_info.integer_digits,
+diff misc/libxslt-1.1.33/tests/docs/bug-222.xml misc/build/libxslt-1.1.33/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff misc/libxslt-1.1.33/tests/general/bug-222.out misc/build/libxslt-1.1.33/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff misc/libxslt-1.1.33/tests/general/bug-222.xsl misc/build/libxslt-1.1.33/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++ <xsl:decimal-format name="f" grouping-separator="⠢"/>
++ <xsl:template match="/">
++ <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++ </xsl:template>
++</xsl:stylesheet>
+--
+2.11.0
+
diff --git a/main/libxslt/libxslt-backup_Xpath_context.patch b/main/libxslt/libxslt-backup_Xpath_context.patch
new file mode 100644
index 0000000..30dd34e
--- /dev/null
+++ b/main/libxslt/libxslt-backup_Xpath_context.patch
@@ -0,0 +1,93 @@
+From 5b0965010abf274f7a3a1291d16dde34c167e8a7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <we...@aevum.de>
+Date: Wed, 12 Jun 2019 11:58:44 +0200
+Subject: [PATCH] Backup XPath context node in xsltInitCtxtKey
+
+Regression caused by commit 029d0e96.
+
+Closes #66.
+---
+ libxslt/keys.c | 3 +++
+ tests/docs/bug-221.xml | 9 +++++++++
+ tests/general/bug-221.out | 2 ++
+ tests/general/bug-221.xsl | 15 +++++++++++++++
+ 4 files changed, 29 insertions(+)
+ create mode 100644 tests/docs/bug-221.xml
+ create mode 100644 tests/general/bug-221.out
+ create mode 100644 tests/general/bug-221.xsl
+
+diff misc/libxslt-1.1.33/libxslt/keys.c misc/build/libxslt-1.1.33/libxslt/keys.c
+index 2881056e..a1f150aa 100644
+--- misc/libxslt-1.1.33/libxslt/keys.c
++++ misc/build/libxslt-1.1.33/libxslt/keys.c
+@@ -629,6 +629,7 @@ xsltInitCtxtKey(xsltTransformContextPtr ctxt, xsltDocumentPtr idoc,
+ xmlNodePtr oldContextNode;
+ xsltDocumentPtr oldDocInfo;
+ int oldXPPos, oldXPSize;
++ xmlNodePtr oldXPNode;
+ xmlDocPtr oldXPDoc;
+ int oldXPNsNr;
+ xmlNsPtr *oldXPNamespaces;
+@@ -667,6 +668,7 @@ fprintf(stderr, "xsltInitCtxtKey %s : %d\n", keyDef->name, ctxt->keyInitLevel);
+ oldDocInfo = ctxt->document;
+ oldContextNode = ctxt->node;
+
++ oldXPNode = xpctxt->node;
+ oldXPDoc = xpctxt->doc;
+ oldXPPos = xpctxt->proximityPosition;
+ oldXPSize = xpctxt->contextSize;
+@@ -865,6 +867,7 @@ error:
+ /*
+ * Restore context state.
+ */
++ xpctxt->node = oldXPNode;
+ xpctxt->doc = oldXPDoc;
+ xpctxt->nsNr = oldXPNsNr;
+ xpctxt->namespaces = oldXPNamespaces;
+diff misc/libxslt-1.1.33/tests/docs/bug-221.xml misc/build/libxslt-1.1.33/tests/docs/bug-221.xml
+new file mode 100644
+index 00000000..d9d4bacf
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/docs/bug-221.xml
+@@ -0,0 +1,9 @@
++<model>
++ <resource>
++ <action name="one"/>
++ </resource>
++ <resource>
++ <action name="one"/>
++ <action name="two"/>
++ </resource>
++</model>
+diff misc/libxslt-1.1.33/tests/general/bug-221.out misc/build/libxslt-1.1.33/tests/general/bug-221.out
+new file mode 100644
+index 00000000..96c105e2
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/general/bug-221.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++<r>one</r><r>two</r>
+diff misc/libxslt-1.1.33/tests/general/bug-221.xsl misc/build/libxslt-1.1.33/tests/general/bug-221.xsl
+new file mode 100644
+index 00000000..9b4af652
+--- /dev/null
++++ misc/build/libxslt-1.1.33/tests/general/bug-221.xsl
+@@ -0,0 +1,15 @@
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
++
++<xsl:key name="actions" match="/model/resource/action" use="@name"/>
++
++<xsl:template match="action">
++ <xsl:if test="generate-id(key('actions', @name)[1]) = generate-id(.)">
++ <r><xsl:value-of select="@name"/></r>
++ </xsl:if>
++</xsl:template>
++
++<xsl:template match="/">
++ <xsl:apply-templates select="model/resource/action"/>
++</xsl:template>
++
++</xsl:stylesheet>
+--
+2.11.0
+
diff --git a/main/libxslt/libxslt-configure.patch b/main/libxslt/libxslt-configure.patch
index 1b76418..d25312c 100644
--- a/main/libxslt/libxslt-configure.patch
+++ b/main/libxslt/libxslt-configure.patch
@@ -1,6 +1,6 @@
-diff -ur misc/libxslt-1.1.32/configure misc/build/libxslt-1.1.32/configure
---- misc/libxslt-1.1.32/configure 2017-11-02 13:34:22.000000000 -0700
-+++ misc/build/libxslt-1.1.32/configure 2018-08-22 23:00:50.689433000 -0700
+diff -ur misc/libxslt-1.1.33/configure misc/build/libxslt-1.1.33/configure
+--- misc/libxslt-1.1.33/configure 2017-11-02 13:34:22.000000000 -0700
++++ misc/build/libxslt-1.1.33/configure 2018-08-22 23:00:50.689433000 -0700
@@ -6698,7 +6698,7 @@
cygwin*)
@@ -10,9 +10,9 @@ diff -ur misc/libxslt-1.1.32/configure misc/build/libxslt-1.1.32/configure
lt_cv_file_magic_cmd='func_win32_libid'
;;
-diff -ur misc/libxslt-1.1.32/xslt-config.in misc/build/libxslt-1.1.32/xslt-config.in
---- misc/libxslt-1.1.32/xslt-config.in 2015-05-10 07:11:30.000000000 -0700
-+++ misc/build/libxslt-1.1.32/xslt-config.in 2018-08-22 23:00:50.689988000 -0700
+diff -ur misc/libxslt-1.1.33/xslt-config.in misc/build/libxslt-1.1.33/xslt-config.in
+--- misc/libxslt-1.1.33/xslt-config.in 2015-05-10 07:11:30.000000000 -0700
++++ misc/build/libxslt-1.1.33/xslt-config.in 2018-08-22 23:00:50.689988000 -0700
@@ -1,10 +1,15 @@
#! /bin/sh
diff --git a/main/libxslt/libxslt-win_manifest.patch b/main/libxslt/libxslt-win_manifest.patch
index 8380353..6b52c83 100644
--- a/main/libxslt/libxslt-win_manifest.patch
+++ b/main/libxslt/libxslt-win_manifest.patch
@@ -1,6 +1,6 @@
-diff -ur misc/libxslt-1.1.32/win32/configure.js misc/build/libxslt-1.1.32/win32/configure.js
---- misc/libxslt-1.1.32/win32/configure.js 2017-10-26 00:55:47.000000000 -0700
-+++ misc/build/libxslt-1.1.32/win32/configure.js 2018-08-22 23:07:38.152976000 -0700
+diff -ur misc/libxslt-1.1.33/win32/configure.js misc/build/libxslt-1.1.33/win32/configure.js
+--- misc/libxslt-1.1.32/win33/configure.js 2017-10-26 00:55:47.000000000 -0700
++++ misc/build/libxslt-1.1.33/win32/configure.js 2018-08-22 23:07:38.152976000 -0700
@@ -51,7 +51,7 @@
var dirSep = "\\";
var compiler = "msvc";
diff --git a/main/libxslt/libxsltversion.mk b/main/libxslt/libxsltversion.mk
index b896b8f..1661477 100644
--- a/main/libxslt/libxsltversion.mk
+++ b/main/libxslt/libxsltversion.mk
@@ -25,5 +25,5 @@ LIBXSLT_MAJOR=1
# minor
LIBXSLT_MINOR=1
# micro
-LIBXSLT_MICRO=32
+LIBXSLT_MICRO=33
diff --git a/main/libxslt/makefile.mk b/main/libxslt/makefile.mk
index 40133db..674c448 100644
--- a/main/libxslt/makefile.mk
+++ b/main/libxslt/makefile.mk
@@ -45,11 +45,15 @@ all:
LIBXSLTVERSION=$(LIBXSLT_MAJOR).$(LIBXSLT_MINOR).$(LIBXSLT_MICRO)
TARFILE_NAME=$(PRJNAME)-$(LIBXSLTVERSION)
-TARFILE_MD5=1fc72f98e98bf4443f1651165f3aa146
+TARFILE_MD5=b3bd254a03e46d58f8ad1e4559cd2c2f
# libxslt-internal-symbols: #i112480#: Solaris ld requires symbols to be defined
PATCH_FILES=libxslt-configure.patch \
- libxslt-win_manifest.patch
+ libxslt-win_manifest.patch \
+ libxslt-backup_Xpath_context.patch \
+ libxslt-CVE-2019-11068.patch \
+ libxslt-CVE-2019-13117.patch \
+ libxslt-CVE-2019-13118.patch