libxslt: fix build breakage after libxml2 CVE fix updates

libxml2 was updated in OpenWrt Git tree with commit dec59db8fb1f
("libxml2: update to 2.13.6"), which fixed several CVEs.

Unfortunately this version bump included removal of some features, which
leads to build issues of libxslt:

  libxslt-1.1.37/xsltproc/xsltproc.c:733:39: error: assignment of read-only variable 'xmlParserMaxDepth'
   733 |                     xmlParserMaxDepth = value;

So lets fix it by backporting an upstream "fix", which removes that
deprecated functionality.

Fixes: dec59db8fb1f ("libxml2: update to 2.13.6")
References: https://github.com/openwrt/openwrt/pull/18280
Signed-off-by: Petr Štetiar <[email protected]>

diff --git a/libs/libxslt/Makefile b/libs/libxslt/Makefile
index 1edc610b954c3230812c2acb599e368c6c4531f9..13eb523f2071cd6cce0ee2d8d02483f4dde23c54 100644 (file)
--- a/libs/libxslt/Makefile
+++ b/libs/libxslt/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libxslt
 PKG_VERSION:=1.1.37
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNOME/libxslt/$(basename $(PKG_VERSION))

diff --git a/libs/libxslt/patches/0001-xsltproc-remove-maxparserdepth-option.patch b/libs/libxslt/patches/0001-xsltproc-remove-maxparserdepth-option.patch
new file mode 100644 (file)
index 0000000..b811b02
--- /dev/null
+++ b/libs/libxslt/patches/0001-xsltproc-remove-maxparserdepth-option.patch
@@ -0,0 +1,56 @@
+From 75967fc0121eca03c8a85db5f4df17390a08eabf Mon Sep 17 00:00:00 2001
+From: Mike Dalessio <[email protected]>
+Date: Wed, 3 Jan 2024 09:57:24 -0500
+Subject: [PATCH] xsltproc: remove maxparserdepth option
+
+libxml2 commit a2cc7f5f removed the ability to dynamically set the max
+parser depth.
+
+Upstream-Status: Backport [v1.1.40]
+Signed-off-by: Petr Štetiar <[email protected]> [backport]
+---
+ xsltproc/xsltproc.c | 19 -------------------
+ 1 file changed, 19 deletions(-)
+
+--- a/xsltproc/xsltproc.c
++++ b/xsltproc/xsltproc.c
+@@ -474,7 +474,6 @@ static void usage(const char *name) {
+     printf("\t--noout: do not dump the result\n");
+     printf("\t--maxdepth val : increase the maximum depth (default %d)\n", xsltMaxDepth);
+     printf("\t--maxvars val : increase the maximum variables (default %d)\n", xsltMaxVars);
+-    printf("\t--maxparserdepth val : increase the maximum parser depth\n");
+     printf("\t--huge: relax any hardcoded limit from the parser\n");
+     printf("\t             fixes \"parser error : internal error: Huge input lookup\"\n");
+     printf("\t--seed-rand val : initialize pseudo random number generator with specific seed\n");
+@@ -718,20 +717,6 @@ main(int argc, char **argv)
+                 if (value > 0)
+                     xsltMaxVars = value;
+             }
+-        } else if ((!strcmp(argv[i], "-maxparserdepth")) ||
+-                   (!strcmp(argv[i], "--maxparserdepth"))) {
+-            int value;
+-
+-            i++;
+-            if (i == argc) {
+-                fprintf(stderr, "XML maxparserdepth value not specified!\n");
+-                return (2);
+-            }
+-
+-            if (sscanf(argv[i], "%d", &value) == 1) {
+-                if (value > 0)
+-                    xmlParserMaxDepth = value;
+-            }
+         } else if ((!strcmp(argv[i], "-huge")) ||
+                    (!strcmp(argv[i], "--huge"))) {
+             options |= XML_PARSE_HUGE;
+@@ -780,10 +765,6 @@ main(int argc, char **argv)
+             (!strcmp(argv[i], "--maxvars"))) {
+             i++;
+             continue;
+-        } else if ((!strcmp(argv[i], "-maxparserdepth")) ||
+-            (!strcmp(argv[i], "--maxparserdepth"))) {
+-            i++;
+-            continue;
+         } else if ((!strcmp(argv[i], "-seed-rand")) ||
+             (!strcmp(argv[i], "--seed-rand"))) {
+             i++;