--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxslt/patches/CVE-2012-6139-1.patch	Mon Aug 26 13:00:27 2013 -0700
@@ -0,0 +1,65 @@
+From dc11b6b379a882418093ecc8adf11f6166682e8d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <[email protected]>
+Date: Sun, 21 Oct 2012 17:02:25 +0000
+Subject: Fix crash with empty xsl:key/@match attribute
+
+See https://bugzilla.gnome.org/show_bug.cgi?id=685328
+
+Also improve some xsl:key error messages.
+---
+diff --git a/libxslt/keys.c b/libxslt/keys.c
+index a995338..b8f1455 100644
+--- a/libxslt/keys.c
++++ b/libxslt/keys.c
+@@ -312,8 +312,8 @@ xsltAddKey(xsltStylesheetPtr style, const xmlChar *name,
+ 	        end = skipPredicate(match, end);
+ 		if (end <= 0) {
+ 		    xsltTransformError(NULL, style, inst,
+-		                       "key pattern is malformed: %s",
+-				       key->match);
++		        "xsl:key : 'match' pattern is malformed: %s",
++		        key->match);
+ 		    if (style != NULL) style->errors++;
+ 		    goto error;
+ 		}
+@@ -322,7 +322,7 @@ xsltAddKey(xsltStylesheetPtr style, const xmlChar *name,
+ 	}
+ 	if (current == end) {
+ 	    xsltTransformError(NULL, style, inst,
+-			       "key pattern is empty\n");
++			       "xsl:key : 'match' pattern is empty\n");
+ 	    if (style != NULL) style->errors++;
+ 	    goto error;
+ 	}
+@@ -345,6 +345,12 @@ xsltAddKey(xsltStylesheetPtr style, const xmlChar *name,
+ 	}
+ 	current = end;
+     }
++    if (pattern == NULL) {
++        xsltTransformError(NULL, style, inst,
++                           "xsl:key : 'match' pattern is empty\n");
++        if (style != NULL) style->errors++;
++        goto error;
++    }
+ #ifdef WITH_XSLT_DEBUG_KEYS
+     xsltGenericDebug(xsltGenericDebugContext,
+ 	"   resulting pattern %s\n", pattern);
+@@ -359,14 +365,14 @@ xsltAddKey(xsltStylesheetPtr style, cons
+     key->comp = xsltXPathCompile(style, pattern);
+     if (key->comp == NULL) {
+ 	xsltTransformError(NULL, style, inst,
+-		"xsl:key : XPath pattern compilation failed '%s'\n",
++		"xsl:key : 'match' pattern compilation failed '%s'\n",
+ 		         pattern);
+ 	if (style != NULL) style->errors++;
+     }
+     key->usecomp = xsltXPathCompile(style, use);
+     if (key->usecomp == NULL) {
+ 	xsltTransformError(NULL, style, inst,
+-		"xsl:key : XPath pattern compilation failed '%s'\n",
++		"xsl:key : 'use' expression compilation failed '%s'\n",
+ 		         use);
+ 	if (style != NULL) style->errors++;
+     }
+--
+cgit v0.9.2

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxslt/patches/CVE-2012-6139-2.patch	Mon Aug 26 13:00:27 2013 -0700
@@ -0,0 +1,32 @@
+From 6c99c519d97e5fcbec7a9537d190efb442e4e833 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <[email protected]>
+Date: Wed, 10 Oct 2012 10:09:36 +0000
+Subject: Crash when passing an uninitialized variable to document()
+
+https://bugzilla.gnome.org/show_bug.cgi?id=685330
+
+Missing check for NULL
+---
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index ed2c163..c754994 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -260,7 +260,7 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs)
+         obj = valuePop(ctxt);
+         ret = xmlXPathNewNodeSet(NULL);
+ 
+-        if (obj->nodesetval) {
++        if ((obj != NULL) && obj->nodesetval) {
+             for (i = 0; i < obj->nodesetval->nodeNr; i++) {
+                 valuePush(ctxt,
+                           xmlXPathNewNodeSet(obj->nodesetval->nodeTab[i]));
+@@ -280,7 +280,8 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs)
+             }
+         }
+ 
+-        xmlXPathFreeObject(obj);
++        if (obj != NULL)
++            xmlXPathFreeObject(obj);
+         if (obj2 != NULL)
+             xmlXPathFreeObject(obj2);
+         valuePush(ctxt, ret);