import expat-2.2.5-4.el8
This commit is contained in:
parent
09b08c1529
commit
d87dab8e1d
15
SOURCES/expat-2.2.5-CVE-2018-20843.patch
Normal file
15
SOURCES/expat-2.2.5-CVE-2018-20843.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-20843
|
||||||
|
https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
|
||||||
|
|
||||||
|
--- libexpat-R_2_2_5/expat/lib/xmlparse.c.cve20843
|
||||||
|
+++ libexpat-R_2_2_5/expat/lib/xmlparse.c
|
||||||
|
@@ -6057,7 +6057,7 @@ setElementTypePrefix(XML_Parser parser,
|
||||||
|
else
|
||||||
|
poolDiscard(&dtd->pool);
|
||||||
|
elementType->prefix = prefix;
|
||||||
|
-
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 1;
|
171
SOURCES/expat-2.2.5-CVE-2019-15903.patch
Normal file
171
SOURCES/expat-2.2.5-CVE-2019-15903.patch
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1752592
|
||||||
|
|
||||||
|
https://github.com/libexpat/libexpat/commit/6da1f19625592bfb928253620cac568d9a9b9c65
|
||||||
|
|
||||||
|
--- libexpat-R_2_2_5/expat/lib/xmlparse.c.cve15903
|
||||||
|
+++ libexpat-R_2_2_5/expat/lib/xmlparse.c
|
||||||
|
@@ -411,7 +411,7 @@ initializeEncoding(XML_Parser parser);
|
||||||
|
static enum XML_Error
|
||||||
|
doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
|
||||||
|
const char *end, int tok, const char *next, const char **nextPtr,
|
||||||
|
- XML_Bool haveMore);
|
||||||
|
+ XML_Bool haveMore, XML_Bool allowClosingDoctype);
|
||||||
|
static enum XML_Error
|
||||||
|
processInternalEntity(XML_Parser parser, ENTITY *entity,
|
||||||
|
XML_Bool betweenDecl);
|
||||||
|
@@ -4218,7 +4218,7 @@ externalParEntProcessor(XML_Parser parse
|
||||||
|
|
||||||
|
parser->m_processor = prologProcessor;
|
||||||
|
return doProlog(parser, parser->m_encoding, s, end, tok, next,
|
||||||
|
- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
|
||||||
|
+ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
static enum XML_Error PTRCALL
|
||||||
|
@@ -4268,19 +4268,13 @@ prologProcessor(XML_Parser parser,
|
||||||
|
const char *next = s;
|
||||||
|
int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
|
||||||
|
return doProlog(parser, parser->m_encoding, s, end, tok, next,
|
||||||
|
- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
|
||||||
|
+ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
static enum XML_Error
|
||||||
|
-doProlog(XML_Parser parser,
|
||||||
|
- const ENCODING *enc,
|
||||||
|
- const char *s,
|
||||||
|
- const char *end,
|
||||||
|
- int tok,
|
||||||
|
- const char *next,
|
||||||
|
- const char **nextPtr,
|
||||||
|
- XML_Bool haveMore)
|
||||||
|
-{
|
||||||
|
+doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
|
||||||
|
+ int tok, const char *next, const char **nextPtr, XML_Bool haveMore,
|
||||||
|
+ XML_Bool allowClosingDoctype) {
|
||||||
|
#ifdef XML_DTD
|
||||||
|
static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
|
||||||
|
#endif /* XML_DTD */
|
||||||
|
@@ -4458,6 +4452,11 @@ doProlog(XML_Parser parser,
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case XML_ROLE_DOCTYPE_CLOSE:
|
||||||
|
+ if (allowClosingDoctype != XML_TRUE) {
|
||||||
|
+ /* Must not close doctype from within expanded parameter entities */
|
||||||
|
+ return XML_ERROR_INVALID_TOKEN;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (parser->m_doctypeName) {
|
||||||
|
parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
|
||||||
|
parser->m_doctypeSysid, parser->m_doctypePubid, 0);
|
||||||
|
@@ -5395,7 +5394,7 @@ processInternalEntity(XML_Parser parser,
|
||||||
|
if (entity->is_param) {
|
||||||
|
int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
|
||||||
|
result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
|
||||||
|
- next, &next, XML_FALSE);
|
||||||
|
+ next, &next, XML_FALSE, XML_FALSE);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* XML_DTD */
|
||||||
|
@@ -5442,7 +5441,7 @@ internalEntityProcessor(XML_Parser parse
|
||||||
|
if (entity->is_param) {
|
||||||
|
int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
|
||||||
|
result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
|
||||||
|
- next, &next, XML_FALSE);
|
||||||
|
+ next, &next, XML_FALSE, XML_TRUE);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* XML_DTD */
|
||||||
|
@@ -5469,7 +5468,7 @@ internalEntityProcessor(XML_Parser parse
|
||||||
|
parser->m_processor = prologProcessor;
|
||||||
|
tok = XmlPrologTok(parser->m_encoding, s, end, &next);
|
||||||
|
return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
|
||||||
|
- (XML_Bool)!parser->m_parsingStatus.finalBuffer);
|
||||||
|
+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* XML_DTD */
|
||||||
|
--- libexpat-R_2_2_5/expat/tests/runtests.c.cve15903
|
||||||
|
+++ libexpat-R_2_2_5/expat/tests/runtests.c
|
||||||
|
@@ -7193,6 +7193,69 @@ overwrite_end_checker(void *userData, co
|
||||||
|
CharData_AppendXMLChars(storage, XCS("\n"), 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef XML_DTD
|
||||||
|
+START_TEST(test_misc_deny_internal_entity_closing_doctype_issue_317) {
|
||||||
|
+ const char *const inputOne = "<!DOCTYPE d [\n"
|
||||||
|
+ "<!ENTITY % e ']><d/>'>\n"
|
||||||
|
+ "\n"
|
||||||
|
+ "%e;";
|
||||||
|
+ const char *const inputTwo = "<!DOCTYPE d [\n"
|
||||||
|
+ "<!ENTITY % e1 ']><d/>'><!ENTITY % e2 '&e1;'>\n"
|
||||||
|
+ "\n"
|
||||||
|
+ "%e2;";
|
||||||
|
+ const char *const inputThree = "<!DOCTYPE d [\n"
|
||||||
|
+ "<!ENTITY % e ']><d'>\n"
|
||||||
|
+ "\n"
|
||||||
|
+ "%e;";
|
||||||
|
+ const char *const inputIssue317 = "<!DOCTYPE doc [\n"
|
||||||
|
+ "<!ENTITY % foo ']>\n"
|
||||||
|
+ "<doc>Hell<oc (#PCDATA)*>'>\n"
|
||||||
|
+ "%foo;\n"
|
||||||
|
+ "]>\n"
|
||||||
|
+ "<doc>Hello, world</dVc>";
|
||||||
|
+
|
||||||
|
+ const char *const inputs[] = {inputOne, inputTwo, inputThree, inputIssue317};
|
||||||
|
+ size_t inputIndex = 0;
|
||||||
|
+
|
||||||
|
+ for (; inputIndex < sizeof(inputs) / sizeof(inputs[0]); inputIndex++) {
|
||||||
|
+ XML_Parser parser;
|
||||||
|
+ enum XML_Status parseResult;
|
||||||
|
+ int setParamEntityResult;
|
||||||
|
+ XML_Size lineNumber;
|
||||||
|
+ XML_Size columnNumber;
|
||||||
|
+ const char *const input = inputs[inputIndex];
|
||||||
|
+
|
||||||
|
+ parser = XML_ParserCreate(NULL);
|
||||||
|
+ setParamEntityResult
|
||||||
|
+ = XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
|
||||||
|
+ if (setParamEntityResult != 1)
|
||||||
|
+ fail("Failed to set XML_PARAM_ENTITY_PARSING_ALWAYS.");
|
||||||
|
+
|
||||||
|
+ parseResult = XML_Parse(parser, input, (int)strlen(input), 0);
|
||||||
|
+ if (parseResult != XML_STATUS_ERROR) {
|
||||||
|
+ parseResult = XML_Parse(parser, "", 0, 1);
|
||||||
|
+ if (parseResult != XML_STATUS_ERROR) {
|
||||||
|
+ fail("Parsing was expected to fail but succeeded.");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_TOKEN)
|
||||||
|
+ fail("Error code does not match XML_ERROR_INVALID_TOKEN");
|
||||||
|
+
|
||||||
|
+ lineNumber = XML_GetCurrentLineNumber(parser);
|
||||||
|
+ if (lineNumber != 4)
|
||||||
|
+ fail("XML_GetCurrentLineNumber does not work as expected.");
|
||||||
|
+
|
||||||
|
+ columnNumber = XML_GetCurrentColumnNumber(parser);
|
||||||
|
+ if (columnNumber != 0)
|
||||||
|
+ fail("XML_GetCurrentColumnNumber does not work as expected.");
|
||||||
|
+
|
||||||
|
+ XML_ParserFree(parser);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+END_TEST
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
run_ns_tagname_overwrite_test(const char *text, const XML_Char *result)
|
||||||
|
{
|
||||||
|
@@ -12210,6 +12273,10 @@ make_suite(void)
|
||||||
|
tcase_add_test(tc_misc, test_misc_features);
|
||||||
|
tcase_add_test(tc_misc, test_misc_attribute_leak);
|
||||||
|
tcase_add_test(tc_misc, test_misc_utf16le);
|
||||||
|
+#ifdef XML_DTD
|
||||||
|
+ tcase_add_test(tc_misc,
|
||||||
|
+ test_misc_deny_internal_entity_closing_doctype_issue_317);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
suite_add_tcase(s, tc_alloc);
|
||||||
|
tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);
|
@ -3,12 +3,14 @@
|
|||||||
Summary: An XML parser library
|
Summary: An XML parser library
|
||||||
Name: expat
|
Name: expat
|
||||||
Version: %(echo %{unversion} | sed 's/_/./g')
|
Version: %(echo %{unversion} | sed 's/_/./g')
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
Source: https://github.com/libexpat/libexpat/archive/R_%{unversion}.tar.gz#/expat-%{version}.tar.gz
|
||||||
URL: https://libexpat.github.io/
|
URL: https://libexpat.github.io/
|
||||||
License: MIT
|
License: MIT
|
||||||
BuildRequires: autoconf, libtool, xmlto, gcc-c++
|
BuildRequires: autoconf, libtool, xmlto, gcc-c++
|
||||||
Patch0: expat-2.2.5-doc2man.patch
|
Patch0: expat-2.2.5-doc2man.patch
|
||||||
|
Patch1: expat-2.2.5-CVE-2018-20843.patch
|
||||||
|
Patch2: expat-2.2.5-CVE-2019-15903.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This is expat, the C library for parsing XML, written by James Clark. Expat
|
This is expat, the C library for parsing XML, written by James Clark. Expat
|
||||||
@ -37,6 +39,9 @@ Install it if you need to link statically with expat.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n libexpat-R_%{unversion}/expat
|
%setup -q -n libexpat-R_%{unversion}/expat
|
||||||
%patch0 -p2 -b .doc2man
|
%patch0 -p2 -b .doc2man
|
||||||
|
%patch1 -p2 -b .cve20843
|
||||||
|
%patch2 -p2 -b .cve15903
|
||||||
|
|
||||||
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
|
sed -i 's/install-data-hook/do-nothing-please/' lib/Makefile.am
|
||||||
./buildconf.sh
|
./buildconf.sh
|
||||||
|
|
||||||
@ -74,6 +79,9 @@ make check
|
|||||||
%{_libdir}/lib*.a
|
%{_libdir}/lib*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 24 2020 Joe Orton <jorton@redhat.com> - 2.2.5-4
|
||||||
|
- add security fixes for CVE-2018-20843, CVE-2019-15903
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user