diff options
-rw-r--r-- | system/expat/APKBUILD | 10 | ||||
-rw-r--r-- | system/expat/CVE-2019-15903.patch | 181 |
2 files changed, 4 insertions, 187 deletions
diff --git a/system/expat/APKBUILD b/system/expat/APKBUILD index 4a6f547e3..cc412af83 100644 --- a/system/expat/APKBUILD +++ b/system/expat/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=expat -pkgver=2.2.7 -pkgrel=1 +pkgver=2.2.9 +pkgrel=0 pkgdesc="An XML Parser library written in C" url="https://libexpat.github.io/" arch="all" @@ -10,8 +10,7 @@ depends="" checkdepends="bash" makedepends="" subpackages="$pkgname-dev $pkgname-doc" -source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2 - CVE-2019-15903.patch" +source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2" # secfixes: # 2.2.1-r0: @@ -38,5 +37,4 @@ package() { make DESTDIR="$pkgdir/" install } -sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00 expat-2.2.7.tar.bz2 -02d1719307dffdab98e90f242a77aa61cab79ae63ea28d6fa1219b4191d7247e5c319d3adf9781c9086e392c05fd6b6558051b0792ade5cb6c64e7583c67a70d CVE-2019-15903.patch" +sha512sums="8ea4b89a171dfda8267c8b7a0295516d169bf7f46587ebe460fe0ae7a31478a119ae2a7eaa09b3ce46b107ec7cd2274ea66d91c08b8a4ad6b98ba984cdd4e15b expat-2.2.9.tar.bz2" diff --git a/system/expat/CVE-2019-15903.patch b/system/expat/CVE-2019-15903.patch deleted file mode 100644 index c81e72bbb..000000000 --- a/system/expat/CVE-2019-15903.patch +++ /dev/null @@ -1,181 +0,0 @@ -Grabbed from Debian since upstream patch does not apply to 2.2.7. - -https://sources.debian.org/patches/expat/2.2.7-2/CVE-2019-15903_Deny_internal_entities_closing_the_doctype.patch/ -https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 - -From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Wed, 28 Aug 2019 00:24:59 +0200 -Subject: [PATCH 1/3] xmlparse.c: Deny internal entities closing the doctype - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 0553e3df..c29a6449 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -405,7 +405,7 @@ initializeEncoding(XML_Parser parser); - static enum XML_Error - doProlog(XML_Parser parser, const ENCODING *enc, const char *s, - const char *end, int tok, const char *next, const char **nextPtr, -- XML_Bool haveMore); -+ XML_Bool haveMore, XML_Bool allowClosingDoctype); - static enum XML_Error - processInternalEntity(XML_Parser parser, ENTITY *entity, - XML_Bool betweenDecl); -@@ -4232,7 +4232,7 @@ externalParEntProcessor(XML_Parser parse - - parser->m_processor = prologProcessor; - return doProlog(parser, parser->m_encoding, s, end, tok, next, -- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - - static enum XML_Error PTRCALL -@@ -4282,7 +4282,7 @@ prologProcessor(XML_Parser parser, - const char *next = s; - int tok = XmlPrologTok(parser->m_encoding, s, end, &next); - return doProlog(parser, parser->m_encoding, s, end, tok, next, -- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - - static enum XML_Error -@@ -4293,7 +4293,8 @@ doProlog(XML_Parser parser, - int tok, - const char *next, - const char **nextPtr, -- XML_Bool haveMore) -+ XML_Bool haveMore, -+ XML_Bool allowClosingDoctype) - { - #ifdef XML_DTD - static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' }; -@@ -4472,6 +4473,11 @@ doProlog(XML_Parser parser, - } - break; - case XML_ROLE_DOCTYPE_CLOSE: -+ if (allowClosingDoctype != XML_TRUE) { -+ /* Must not close doctype from within expanded parameter entities */ -+ return XML_ERROR_INVALID_TOKEN; -+ } -+ - if (parser->m_doctypeName) { - parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName, - parser->m_doctypeSysid, parser->m_doctypePubid, 0); -@@ -5409,7 +5415,7 @@ processInternalEntity(XML_Parser parser, - if (entity->is_param) { - int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); - result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, -- next, &next, XML_FALSE); -+ next, &next, XML_FALSE, XML_FALSE); - } - else - #endif /* XML_DTD */ -@@ -5456,7 +5462,7 @@ internalEntityProcessor(XML_Parser parse - if (entity->is_param) { - int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); - result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, -- next, &next, XML_FALSE); -+ next, &next, XML_FALSE, XML_TRUE); - } - else - #endif /* XML_DTD */ -@@ -5483,7 +5489,7 @@ internalEntityProcessor(XML_Parser parse - parser->m_processor = prologProcessor; - tok = XmlPrologTok(parser->m_encoding, s, end, &next); - return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, -- (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - else - #endif /* XML_DTD */ - -From 438493691f1b8620a71d5aee658fe160103ff863 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Wed, 28 Aug 2019 15:14:19 +0200 -Subject: [PATCH 3/3] tests: Cover denying internal entities closing the - doctype - -diff --git a/tests/runtests.c b/tests/runtests.c -index b0d1b0af..e102a55e 100644 ---- a/tests/runtests.c -+++ b/tests/runtests.c -@@ -8151,6 +8151,68 @@ START_TEST(test_misc_utf16le) - } - END_TEST - -+#ifdef XML_DTD -+START_TEST(test_misc_deny_internal_entity_closing_doctype_issue_317) { -+ const char *const inputOne = "<!DOCTYPE d [\n" -+ "<!ENTITY % e ']><d/>'>\n" -+ "\n" -+ "%e;"; -+ const char *const inputTwo = "<!DOCTYPE d [\n" -+ "<!ENTITY % e1 ']><d/>'><!ENTITY % e2 '&e1;'>\n" -+ "\n" -+ "%e2;"; -+ const char *const inputThree = "<!DOCTYPE d [\n" -+ "<!ENTITY % e ']><d'>\n" -+ "\n" -+ "%e;"; -+ const char *const inputIssue317 = "<!DOCTYPE doc [\n" -+ "<!ENTITY % foo ']>\n" -+ "<doc>Hell<oc (#PCDATA)*>'>\n" -+ "%foo;\n" -+ "]>\n" -+ "<doc>Hello, world</dVc>"; -+ -+ const char *const inputs[] = {inputOne, inputTwo, inputThree, inputIssue317}; -+ size_t inputIndex = 0; -+ -+ for (; inputIndex < sizeof(inputs) / sizeof(inputs[0]); inputIndex++) { -+ XML_Parser parser; -+ enum XML_Status parseResult; -+ int setParamEntityResult; -+ XML_Size lineNumber; -+ XML_Size columnNumber; -+ const char *const input = inputs[inputIndex]; -+ -+ parser = XML_ParserCreate(NULL); -+ setParamEntityResult -+ = XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS); -+ if (setParamEntityResult != 1) -+ fail("Failed to set XML_PARAM_ENTITY_PARSING_ALWAYS."); -+ -+ parseResult = XML_Parse(parser, input, (int)strlen(input), 0); -+ if (parseResult != XML_STATUS_ERROR) { -+ parseResult = XML_Parse(parser, "", 0, 1); -+ if (parseResult != XML_STATUS_ERROR) { -+ fail("Parsing was expected to fail but succeeded."); -+ } -+ } -+ -+ if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_TOKEN) -+ fail("Error code does not match XML_ERROR_INVALID_TOKEN"); -+ -+ lineNumber = XML_GetCurrentLineNumber(parser); -+ if (lineNumber != 4) -+ fail("XML_GetCurrentLineNumber does not work as expected."); -+ -+ columnNumber = XML_GetCurrentColumnNumber(parser); -+ if (columnNumber != 0) -+ fail("XML_GetCurrentColumnNumber does not work as expected."); -+ -+ XML_ParserFree(parser); -+ } -+} -+END_TEST -+#endif - - static void - alloc_setup(void) -@@ -12251,6 +12313,10 @@ make_suite(void) - tcase_add_test(tc_misc, test_misc_features); - tcase_add_test(tc_misc, test_misc_attribute_leak); - tcase_add_test(tc_misc, test_misc_utf16le); -+#ifdef XML_DTD -+ tcase_add_test(tc_misc, -+ test_misc_deny_internal_entity_closing_doctype_issue_317); -+#endif - - suite_add_tcase(s, tc_alloc); - tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown); |