From b5ba2e7ccfa0db83c44f92ceffe473a4206b6a4a Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Thu, 2 Jun 2016 07:30:36 +0000 Subject: main/libxml2: add missing patch files --- main/libxml2/APKBUILD | 2 +- main/libxml2/CVE-2015-8241.patch | 35 +++++++++++++++++++++++++++++++++++ main/libxml2/CVE-2015-8317-1.patch | 38 ++++++++++++++++++++++++++++++++++++++ main/libxml2/CVE-2015-8317-2.patch | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 main/libxml2/CVE-2015-8241.patch create mode 100644 main/libxml2/CVE-2015-8317-1.patch create mode 100644 main/libxml2/CVE-2015-8317-2.patch diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 28e63261f7..5ffcd2afbe 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter pkgname=libxml2 pkgver=2.9.1 -pkgrel=4 +pkgrel=5 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" diff --git a/main/libxml2/CVE-2015-8241.patch b/main/libxml2/CVE-2015-8241.patch new file mode 100644 index 0000000000..2108f569b3 --- /dev/null +++ b/main/libxml2/CVE-2015-8241.patch @@ -0,0 +1,35 @@ +From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001 +From: Hugh Davenport +Date: Tue, 3 Nov 2015 20:40:49 +0800 +Subject: Avoid extra processing of MarkupDecl when EOF + +For https://bugzilla.gnome.org/show_bug.cgi?id=756263 + +One place where ctxt->instate == XML_PARSER_EOF whic was set up +by entity detection issues doesn't get noticed, and even overrided +--- + parser.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/parser.c b/parser.c +index d67b300..134afe7 100644 +--- a/parser.c ++++ b/parser.c +@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) { + xmlParsePI(ctxt); + } + } ++ ++ /* ++ * detect requirement to exit there and act accordingly ++ * and avoid having instate overriden later on ++ */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ return; ++ + /* + * This is only for internal subset. On external entities, + * the replacement is done before parsing stage +-- +cgit v0.12 + diff --git a/main/libxml2/CVE-2015-8317-1.patch b/main/libxml2/CVE-2015-8317-1.patch new file mode 100644 index 0000000000..3075d527e9 --- /dev/null +++ b/main/libxml2/CVE-2015-8317-1.patch @@ -0,0 +1,38 @@ +From 9aa37588ee78a06ca1379a9d9356eab16686099c Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Mon, 29 Jun 2015 09:08:25 +0800 +Subject: Do not process encoding values if the declaration if broken + +For https://bugzilla.gnome.org/show_bug.cgi?id=751603 + +If the string is not properly terminated do not try to convert +to the given encoding. +--- + parser.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/parser.c b/parser.c +index fe603ac..a3a9568 100644 +--- a/parser.c ++++ b/parser.c +@@ -10404,6 +10404,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { + encoding = xmlParseEncName(ctxt); + if (RAW != '"') { + xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL); ++ xmlFree((xmlChar *) encoding); ++ return(NULL); + } else + NEXT; + } else if (RAW == '\''){ +@@ -10411,6 +10413,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { + encoding = xmlParseEncName(ctxt); + if (RAW != '\'') { + xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL); ++ xmlFree((xmlChar *) encoding); ++ return(NULL); + } else + NEXT; + } else { +-- +cgit v0.12 + diff --git a/main/libxml2/CVE-2015-8317-2.patch b/main/libxml2/CVE-2015-8317-2.patch new file mode 100644 index 0000000000..3f4241d542 --- /dev/null +++ b/main/libxml2/CVE-2015-8317-2.patch @@ -0,0 +1,35 @@ +From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Mon, 29 Jun 2015 16:10:26 +0800 +Subject: Fail parsing early on if encoding conversion failed + +For https://bugzilla.gnome.org/show_bug.cgi?id=751631 + +If we fail conversing the current input stream while +processing the encoding declaration of the XMLDecl +then it's safer to just abort there and not try to +report further errors. +--- + parser.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index a3a9568..0edd53b 100644 +--- a/parser.c ++++ b/parser.c +@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { + + handler = xmlFindCharEncodingHandler((const char *) encoding); + if (handler != NULL) { +- xmlSwitchToEncoding(ctxt, handler); ++ if (xmlSwitchToEncoding(ctxt, handler) < 0) { ++ /* failed to convert */ ++ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING; ++ return(NULL); ++ } + } else { + xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING, + "Unsupported encoding %s\n", encoding); +-- +cgit v0.12 + -- cgit v1.2.3