BMLFS/patches/libxslt-1.1.33-security_fix-1.patch

Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
Date:                    2019-07-05
Initial Package Version: 1.1.33
Upstream Status:         Applied
Origin:                  https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
Description:             Fixes CVE-2019-11068 in libxslt, a security framework
                         bypass.

diff -Naurp libxslt-1.1.33.orig/libxslt/documents.c libxslt-1.1.33/libxslt/documents.c
--- libxslt-1.1.33.orig/libxslt/documents.c	2015-05-10 09:11:29.000000000 -0500
+++ libxslt-1.1.33/libxslt/documents.c	2019-07-05 13:08:13.976670506 -0500
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr
 	int res;
 
 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
-	if (res == 0) {
-	    xsltTransformError(ctxt, NULL, NULL,
-		 "xsltLoadDocument: read rights for %s denied\n",
-			     URI);
+	if (res <= 0) {
+       if (res == 0)
+	      xsltTransformError(ctxt, NULL, NULL,
+		   "xsltLoadDocument: read rights for %s denied\n",
+			      URI);
 	    return(NULL);
 	}
     }
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr
 	int res;
 
 	res = xsltCheckRead(sec, NULL, URI);
-	if (res == 0) {
-	    xsltTransformError(NULL, NULL, NULL,
-		 "xsltLoadStyleDocument: read rights for %s denied\n",
-			     URI);
+	if (res <= 0) {
+       if (res == 0)
+	      xsltTransformError(NULL, NULL, NULL,
+		   "xsltLoadStyleDocument: read rights for %s denied\n",
+			      URI);
 	    return(NULL);
 	}
     }
diff -Naurp libxslt-1.1.33.orig/libxslt/imports.c libxslt-1.1.33/libxslt/imports.c
--- libxslt-1.1.33.orig/libxslt/imports.c	2017-12-02 02:58:51.000000000 -0600
+++ libxslt-1.1.33/libxslt/imports.c	2019-07-05 13:08:32.201199584 -0500
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheet
 	int secres;
 
 	secres = xsltCheckRead(sec, NULL, URI);
-	if (secres == 0) {
-	    xsltTransformError(NULL, NULL, NULL,
-		 "xsl:import: read rights for %s denied\n",
-			     URI);
+	if (secres <= 0) {
+       if (secres == 0)
+	      xsltTransformError(NULL, NULL, NULL,
+		   "xsl:import: read rights for %s denied\n",
+			      URI);
 	    goto error;
 	}
     }
diff -Naurp libxslt-1.1.33.orig/libxslt/transform.c libxslt-1.1.33/libxslt/transform.c
--- libxslt-1.1.33.orig/libxslt/transform.c	2018-11-22 11:59:38.000000000 -0600
+++ libxslt-1.1.33/libxslt/transform.c	2019-07-05 13:09:00.994036330 -0500
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr
      */
     if (ctxt->sec != NULL) {
 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
-	if (ret == 0) {
-	    xsltTransformError(ctxt, NULL, inst,
-		 "xsltDocumentElem: write rights for %s denied\n",
-			     filename);
+	if (ret <= 0) {
+       if (ret == 0)
+	      xsltTransformError(ctxt, NULL, inst,
+		   "xsltDocumentElem: write rights for %s denied\n",
+			      filename);
 	    xmlFree(URL);
 	    xmlFree(filename);
 	    return;
diff -Naurp libxslt-1.1.33.orig/libxslt/xslt.c libxslt-1.1.33/libxslt/xslt.c
--- libxslt-1.1.33.orig/libxslt/xslt.c	2017-12-02 02:58:51.000000000 -0600
+++ libxslt-1.1.33/libxslt/xslt.c	2019-07-05 13:09:25.675754418 -0500
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* f
 	int res;
 
 	res = xsltCheckRead(sec, NULL, filename);
-	if (res == 0) {
-	    xsltTransformError(NULL, NULL, NULL,
-		 "xsltParseStylesheetFile: read rights for %s denied\n",
-			     filename);
+	if (res <= 0) {
+       if (res == 0)
+	      xsltTransformError(NULL, NULL, NULL,
+		   "xsltParseStylesheetFile: read rights for %s denied\n",
+			      filename);
 	    return(NULL);
 	}
     }