SECURITY update to libxslt-1.1.35.

textproc/libxslt/Makefile

@@ -1,29 +1,30 @@
-# $OpenBSD: Makefile,v 1.95 2021/04/27 11:16:48 bluhm Exp $
+# $OpenBSD: Makefile,v 1.96 2022/02/17 13:43:35 ajacoutot Exp $
 
 COMMENT=		XSLT C Library for GNOME
 
-VERSION=		1.1.34
+VERSION=		1.1.35
 DISTNAME=		libxslt-${VERSION}
-REVISION=		1
+EXTRACT_SUFX=		.tar.xz
 
-SHARED_LIBS +=  xslt                 4.0      # 2.33
+SHARED_LIBS +=  xslt                 4.0      # 2.35
 SHARED_LIBS +=  exslt                9.8      # 8.20
 
 CATEGORIES=		textproc
 
 HOMEPAGE=		http://xmlsoft.org/XSLT/
 
-MASTER_SITES=		https://distfiles.sigtrap.nl/ \
-			ftp://xmlsoft.org/libxslt/
-
 # BSD-like
 PERMIT_PACKAGE=	Yes
 
 WANTLIB += c gcrypt gpg-error iconv intl lzma m pthread xml2 z
+
+MASTER_SITES=		https://download.gnome.org/sources/libxslt/${VERSION:R}/
+
 LIB_DEPENDS=		textproc/libxml \
 			security/libgcrypt
 
 USE_GMAKE=		Yes
+
 CONFIGURE_STYLE=	gnu
 CONFIGURE_ARGS+=	--with-libxml-include-prefix="${LOCALBASE}/include/libxml2" \
 			--with-html-subdir=libxslt/html \
@@ -31,6 +32,6 @@ CONFIGURE_ARGS+=	--with-libxml-include-prefix="${LOCALBASE}/include/libxml2" \
 CONFIGURE_ENV=		CPPFLAGS="-I${LOCALBASE}/include" \
 			XML_CONFIG="${LOCALBASE}/bin/xml2-config"
 
-DEBUG_PACKAGES =	${BUILD_PACKAGES}
+DEBUG_PACKAGES=		${BUILD_PACKAGES}
 
 .include <bsd.port.mk>

textproc/libxslt/distinfo

@@ -1,2 +1,2 @@
-SHA256 (libxslt-1.1.34.tar.gz) = mLG9RtZ5KSWtLf6ah0Uuoq3r9p3LmRn/1Vv5Jqf5P38=
-SIZE (libxslt-1.1.34.tar.gz) = 3552258
+SHA256 (libxslt-1.1.35.tar.xz) = gkfzPpqHLGrIWapFAYvExNALl+L+rJ7rwQyTzh803Xk=
+SIZE (libxslt-1.1.35.tar.xz) = 1827548

textproc/libxslt/patches/patch-tests_fuzz_fuzz_c

@@ -1,50 +0,0 @@
-$OpenBSD: patch-tests_fuzz_fuzz_c,v 1.1 2021/06/28 08:00:13 bluhm Exp $
-
-Test does not compile with libxml 2.9.12, cherry pick from upstream git.
-https://gitlab.gnome.org/GNOME/libxslt/-/commit/9ae2f94df1721e002941b40665efb762aefcea1a
-https://gitlab.gnome.org/GNOME/libxslt/-/commit/77c26bad0433541f486b1e7ced44ca9979376908
-
-Index: tests/fuzz/fuzz.c
---- tests/fuzz/fuzz.c.orig
-+++ tests/fuzz/fuzz.c
-@@ -168,8 +168,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char *
-     xpctxt = tctxt->xpathCtxt;
- 
-     /* Resource limits to avoid timeouts and call stack overflows */
--    xpctxt->maxParserDepth = 15;
--    xpctxt->maxDepth = 100;
-     xpctxt->opLimit = 500000;
- 
-     /* Test namespaces used in xpath.xml */
-@@ -300,13 +298,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char **
-     return 0;
- }
- 
--static void
--xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
--    ctxt->maxParserDepth = 15;
--    ctxt->maxDepth = 100;
--    ctxt->opLimit = 100000;
--}
--
- xmlChar *
- xsltFuzzXslt(const char *data, size_t size) {
-     xmlDocPtr xsltDoc;
-@@ -336,7 +327,7 @@ xsltFuzzXslt(const char *data, size_t size) {
-         xmlFreeDoc(xsltDoc);
-         return NULL;
-     }
--    xsltSetXPathResourceLimits(sheet->xpathCtxt);
-+    sheet->xpathCtxt->opLimit = 100000;
-     sheet->xpathCtxt->opCount = 0;
-     if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
-         xsltFreeStylesheet(sheet);
-@@ -348,7 +339,7 @@ xsltFuzzXslt(const char *data, size_t size) {
-     xsltSetCtxtSecurityPrefs(sec, ctxt);
-     ctxt->maxTemplateDepth = 100;
-     ctxt->opLimit = 20000;
--    xsltSetXPathResourceLimits(ctxt->xpathCtxt);
-+    ctxt->xpathCtxt->opLimit = 100000;
-     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
- 
-     result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);

textproc/libxslt/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.29 2021/04/27 11:16:48 bluhm Exp $
+@comment $OpenBSD: PLIST,v 1.30 2022/02/17 13:43:35 ajacoutot Exp $
 @pkgpath textproc/libxslt,-main
 bin/xslt-config
 @bin bin/xsltproc
@@ -28,6 +28,9 @@ include/libxslt/xsltconfig.h
 include/libxslt/xsltexports.h
 include/libxslt/xsltlocale.h
 include/libxslt/xsltutils.h
+lib/cmake/libxslt/
+lib/cmake/libxslt/FindGcrypt.cmake
+lib/cmake/libxslt/libxslt-config.cmake
 @static-lib lib/libexslt.a
 lib/libexslt.la
 @lib lib/libexslt.so.${LIBexslt_VERSION}
@@ -137,3 +140,43 @@ share/doc/libxslt/html/tutorial2/libxslt_pipes.xml
 share/doc/libxslt/html/xslt.html
 share/doc/libxslt/html/xsltproc.html
 share/doc/libxslt/html/xsltproc2.html
+share/gtk-doc/html/libexslt/
+share/gtk-doc/html/libexslt/general.html
+share/gtk-doc/html/libexslt/home.png
+share/gtk-doc/html/libexslt/index.html
+share/gtk-doc/html/libexslt/left.png
+share/gtk-doc/html/libexslt/libexslt-exslt.html
+share/gtk-doc/html/libexslt/libexslt-exsltexports.html
+share/gtk-doc/html/libexslt/libexslt.devhelp2
+share/gtk-doc/html/libexslt/right.png
+share/gtk-doc/html/libexslt/style.css
+share/gtk-doc/html/libexslt/up.png
+share/gtk-doc/html/libxslt/
+share/gtk-doc/html/libxslt/general.html
+share/gtk-doc/html/libxslt/home.png
+share/gtk-doc/html/libxslt/index.html
+share/gtk-doc/html/libxslt/left.png
+share/gtk-doc/html/libxslt/libxslt-attributes.html
+share/gtk-doc/html/libxslt/libxslt-documents.html
+share/gtk-doc/html/libxslt/libxslt-extensions.html
+share/gtk-doc/html/libxslt/libxslt-extra.html
+share/gtk-doc/html/libxslt/libxslt-functions.html
+share/gtk-doc/html/libxslt/libxslt-imports.html
+share/gtk-doc/html/libxslt/libxslt-keys.html
+share/gtk-doc/html/libxslt/libxslt-namespaces.html
+share/gtk-doc/html/libxslt/libxslt-numbersInternals.html
+share/gtk-doc/html/libxslt/libxslt-pattern.html
+share/gtk-doc/html/libxslt/libxslt-preproc.html
+share/gtk-doc/html/libxslt/libxslt-security.html
+share/gtk-doc/html/libxslt/libxslt-templates.html
+share/gtk-doc/html/libxslt/libxslt-transform.html
+share/gtk-doc/html/libxslt/libxslt-variables.html
+share/gtk-doc/html/libxslt/libxslt-xslt.html
+share/gtk-doc/html/libxslt/libxslt-xsltInternals.html
+share/gtk-doc/html/libxslt/libxslt-xsltexports.html
+share/gtk-doc/html/libxslt/libxslt-xsltlocale.html
+share/gtk-doc/html/libxslt/libxslt-xsltutils.html
+share/gtk-doc/html/libxslt/libxslt.devhelp2
+share/gtk-doc/html/libxslt/right.png
+share/gtk-doc/html/libxslt/style.css
+share/gtk-doc/html/libxslt/up.png