libxslt: add patches copied from Debian to fix CVEs

- there are multiple open CVEs, this adds patches for them - adds --disable-silent-rules for verbose build output Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2025-12-16 15:41:20 +00:00 · 2018-01-30 15:09:01 +01:00
parent 902542faa0
commit 2847e03934
18 changed files with 1007 additions and 2 deletions
--- a/libs/libxslt/patches/0018-Fix-buffer-overflow-in-exsltDateFormat.patch
+++ b/libs/libxslt/patches/0018-Fix-buffer-overflow-in-exsltDateFormat.patch
@@ -0,0 +1,33 @@
+From 5d0c6565bab5b9b7efceb33b626916d22b4101a7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 28 Apr 2016 17:34:27 +0200
+Subject: [PATCH] Fix buffer overflow in exsltDateFormat
+
+Long years can overflow a stack-based buffer on 64-bit platforms by
+up to four bytes.
+
+Thanks to Nicolas Gregoire for the report.
+
+Fixes bug #765380:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=765380
+---
+ libexslt/date.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libexslt/date.c b/libexslt/date.c
+index 272c61b..12c9919 100644
+--- a/libexslt/date.c
+++ b/libexslt/date.c
+@@ -1283,7 +1283,7 @@ exsltDateFormat (const exsltDateValPtr dt)
+     }
+ 
+     if (dt->type & XS_GYEAR) {
+-        xmlChar buf[20], *cur = buf;
+        xmlChar buf[100], *cur = buf;
+ 
+         FORMAT_GYEAR(dt->value.date.year, cur);
+         if (dt->type == XS_GYEARMONTH) {
+-- 
+2.8.1
+