libxslt: add multiple security patches

Add security patches for CVE-2011-1202 and CVE-2011-3970.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>

1 files changed, 27 insertions, 0 deletions

diff --git a/package/libxslt/libxslt-1.1.26-pattern-out-of-bounds-read.patch b/package/libxslt/libxslt-1.1.26-pattern-out-of-bounds-read.patch
new file mode 100644
index 000000000..cd2e292f4
--- /dev/null
+++ b/package/libxslt/libxslt-1.1.26-pattern-out-of-bounds-read.patch
@@ -0,0 +1,27 @@
+From fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b Mon Sep 17 00:00:00 2001
+From: Abhishek Arya <inferno@chromium.org>
+Date: Sun, 22 Jan 2012 17:47:50 +0800
+Subject: [PATCH] Fix some case of pattern parsing errors
+
+We could accidentally hit an off by one string array access
+due to improper loop exit when parsing patterns
+---
+ libxslt/pattern.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libxslt/pattern.c b/libxslt/pattern.c
+index 6161376..1155b54 100644
+--- a/libxslt/pattern.c
++++ b/libxslt/pattern.c
+@@ -1867,6 +1867,8 @@ xsltCompilePatternInternal(const xmlChar *pattern, xmlDocPtr doc,
+ 		while ((pattern[end] != 0) && (pattern[end] != '"'))
+ 		    end++;
+ 	    }
++	    if (pattern[end] == 0)
++	        break;
+ 	    end++;
+ 	}
+ 	if (current == end) {
+-- 
+1.7.8.4
+