main/libxml2: backport security fixes

- CVE-2018-9251 - CVE-2018-14404 - CVE-2018-14567 fixes #9566
author: Natanael Copa <ncopa@alpinelinux.org> 2018-10-24 16:17:37 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2018-10-24 18:23:12 +0200
commit: 0434d7dc126aeb836678e3b545a2fe8748a4b269 (patch)
tree: b82447d308f9bae2c8ac52e0aecf0497ebe7ed0d /main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
parent: dbce9a65892e5676d1297de0dd56095eb38a5ae3 (diff)
download: aports-0434d7dc126aeb836678e3b545a2fe8748a4b269.tar.bz2
aports-0434d7dc126aeb836678e3b545a2fe8748a4b269.tar.xz
1 files changed, 50 insertions, 0 deletions
diff --git a/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch b/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
new file mode 100644
index 0000000000..46c0c0e808
--- /dev/null
+++ b/main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
@@ -0,0 +1,50 @@
+From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 30 Jul 2018 13:14:11 +0200
+Subject: [PATCH] Fix infinite loop in LZMA decompression
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the liblzma error code more thoroughly to avoid infinite loops.
+
+Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+This is CVE-2018-9251 and CVE-2018-14567.
+
+Thanks to Dongliang Mu and Simon Wörner for the reports.
+---
+ xzlib.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index a839169e..0ba88cfa 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
+                          "internal error: inflate stream corrupt");
+                 return -1;
+             }
++            /*
++             * FIXME: Remapping a couple of error codes and falling through
++             * to the LZMA error handling looks fragile.
++             */
+             if (ret == Z_MEM_ERROR)
+                 ret = LZMA_MEM_ERROR;
+             if (ret == Z_DATA_ERROR)
+@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_PROG_ERROR, "compression error");
+             return -1;
+         }
++        if ((state->how != GZIP) &&
++            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
++            xz_error(state, ret, "lzma error");
++            return -1;
++        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.18.1
+
author	Natanael Copa <ncopa@alpinelinux.org>	2018-10-24 16:17:37 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2018-10-24 18:23:12 +0200
commit	0434d7dc126aeb836678e3b545a2fe8748a4b269 (patch)
tree	b82447d308f9bae2c8ac52e0aecf0497ebe7ed0d /main/libxml2/CVE-2018-9251-CVE-2018-14567.patch
parent	dbce9a65892e5676d1297de0dd56095eb38a5ae3 (diff)
download	aports-0434d7dc126aeb836678e3b545a2fe8748a4b269.tar.bz2 aports-0434d7dc126aeb836678e3b545a2fe8748a4b269.tar.xz