Proposed patch https://bugzilla.gnome.org/show_bug.cgi?id=772726#c17
Change-Id: Ie28383835f8e01a2d51cac45f6b4aee44fc1c607
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1916
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: suezzelur <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,177 @@ |
0 |
+diff --git a/elfgcchack.h b/elfgcchack.h |
|
1 |
+index 8c52884..1b81dcd 100644 |
|
2 |
+--- a/elfgcchack.h |
|
3 |
+@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int |
|
4 |
+ #endif |
|
5 |
+ #endif |
|
6 |
+ |
|
7 |
++#ifdef bottom_xmlIO |
|
8 |
++#undef xmlNoXxeExternalEntityLoader |
|
9 |
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias"))); |
|
10 |
++#else |
|
11 |
++#ifndef xmlNoXxeExternalEntityLoader |
|
12 |
++extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden"))); |
|
13 |
++#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias |
|
14 |
++#endif |
|
15 |
++#endif |
|
16 |
++ |
|
17 |
+ #ifdef bottom_tree |
|
18 |
+ #undef xmlNodeAddContent |
|
19 |
+ extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); |
|
20 |
+diff --git a/include/libxml/parser.h b/include/libxml/parser.h |
|
21 |
+index 47fbec0..4cced91 100644 |
|
22 |
+--- a/include/libxml/parser.h |
|
23 |
+@@ -1111,7 +1111,8 @@ typedef enum { |
|
24 |
+ XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ |
|
25 |
+ XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ |
|
26 |
+ XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ |
|
27 |
+- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */ |
|
28 |
++ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ |
|
29 |
++ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity substitution */ |
|
30 |
+ } xmlParserOption; |
|
31 |
+ |
|
32 |
+ XMLPUBFUN void XMLCALL |
|
33 |
+diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h |
|
34 |
+index 3e41744..8d3fdef 100644 |
|
35 |
+--- a/include/libxml/xmlIO.h |
|
36 |
+@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL |
|
37 |
+ xmlParserCtxtPtr ctxt); |
|
38 |
+ |
|
39 |
+ /* |
|
40 |
++ * A predefined entity loader external entity expansion |
|
41 |
++ */ |
|
42 |
++XMLPUBFUN xmlParserInputPtr XMLCALL |
|
43 |
++ xmlNoXxeExternalEntityLoader (const char *URL, |
|
44 |
++ const char *ID, |
|
45 |
++ xmlParserCtxtPtr ctxt); |
|
46 |
++ |
|
47 |
++/* |
|
48 |
+ * xmlNormalizeWindowsPath is obsolete, don't use it. |
|
49 |
+ * Check xmlCanonicPath in uri.h for a better alternative. |
|
50 |
+ */ |
|
51 |
+diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h |
|
52 |
+index 037c16d..3036062 100644 |
|
53 |
+--- a/include/libxml/xmlerror.h |
|
54 |
+@@ -470,6 +470,7 @@ typedef enum { |
|
55 |
+ XML_IO_EADDRINUSE, /* 1554 */ |
|
56 |
+ XML_IO_EALREADY, /* 1555 */ |
|
57 |
+ XML_IO_EAFNOSUPPORT, /* 1556 */ |
|
58 |
++ XML_IO_ILLEGAL_XXE, /* 1557 */ |
|
59 |
+ XML_XINCLUDE_RECURSION=1600, |
|
60 |
+ XML_XINCLUDE_PARSE_VALUE, /* 1601 */ |
|
61 |
+ XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ |
|
62 |
+diff --git a/parser.c b/parser.c |
|
63 |
+index 53a6b7f..5220bd1 100644 |
|
64 |
+--- a/parser.c |
|
65 |
+@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi |
|
66 |
+ ctxt->options |= XML_PARSE_NONET; |
|
67 |
+ options -= XML_PARSE_NONET; |
|
68 |
+ } |
|
69 |
++ if (options & XML_PARSE_NOXXE) { |
|
70 |
++ ctxt->options |= XML_PARSE_NOXXE; |
|
71 |
++ options -= XML_PARSE_NOXXE; |
|
72 |
++ } |
|
73 |
+ if (options & XML_PARSE_COMPACT) { |
|
74 |
+ ctxt->options |= XML_PARSE_COMPACT; |
|
75 |
+ options -= XML_PARSE_COMPACT; |
|
76 |
+diff --git a/xmlIO.c b/xmlIO.c |
|
77 |
+index 300ee47..7d3d142 100644 |
|
78 |
+--- a/xmlIO.c |
|
79 |
+@@ -210,6 +210,7 @@ static const char *IOerr[] = { |
|
80 |
+ "adddress in use", /* EADDRINUSE */ |
|
81 |
+ "already in use", /* EALREADY */ |
|
82 |
+ "unknown address familly", /* EAFNOSUPPORT */ |
|
83 |
++ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */ |
|
84 |
+ }; |
|
85 |
+ |
|
86 |
+ #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) |
|
87 |
+@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID, |
|
88 |
+ xmlGenericError(xmlGenericErrorContext, |
|
89 |
+ "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); |
|
90 |
+ #endif |
|
91 |
+- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) { |
|
92 |
++ if (ctxt != NULL) { |
|
93 |
+ int options = ctxt->options; |
|
94 |
+ |
|
95 |
+- ctxt->options -= XML_PARSE_NONET; |
|
96 |
+- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
|
97 |
+- ctxt->options = options; |
|
98 |
+- return(ret); |
|
99 |
++ if (options & XML_PARSE_NOXXE) { |
|
100 |
++ ctxt->options -= XML_PARSE_NOXXE; |
|
101 |
++ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt); |
|
102 |
++ ctxt->options = options; |
|
103 |
++ return(ret); |
|
104 |
++ } |
|
105 |
++ |
|
106 |
++ if (options & XML_PARSE_NONET) { |
|
107 |
++ ctxt->options -= XML_PARSE_NONET; |
|
108 |
++ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
|
109 |
++ ctxt->options = options; |
|
110 |
++ return(ret); |
|
111 |
++ } |
|
112 |
+ } |
|
113 |
+ #ifdef LIBXML_CATALOG_ENABLED |
|
114 |
+ resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
|
115 |
+@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
|
116 |
+ xmlParserInputPtr input = NULL; |
|
117 |
+ xmlChar *resource = NULL; |
|
118 |
+ |
|
119 |
++ if (ctxt == NULL) { |
|
120 |
++ return(NULL); |
|
121 |
++ } |
|
122 |
++ if (ctxt->input_id == 1) { |
|
123 |
++ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
|
124 |
++ } |
|
125 |
++ |
|
126 |
+ #ifdef LIBXML_CATALOG_ENABLED |
|
127 |
+ resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
|
128 |
+ #endif |
|
129 |
+@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
|
130 |
+ return(input); |
|
131 |
+ } |
|
132 |
+ |
|
133 |
++xmlParserInputPtr |
|
134 |
++xmlNoXxeExternalEntityLoader(const char *URL, const char *ID, |
|
135 |
++ xmlParserCtxtPtr ctxt) { |
|
136 |
++ if (ctxt == NULL) { |
|
137 |
++ return(NULL); |
|
138 |
++ } |
|
139 |
++ if (ctxt->input_id == 1) { |
|
140 |
++ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
|
141 |
++ } |
|
142 |
++ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL); |
|
143 |
++ return(NULL); |
|
144 |
++} |
|
145 |
++ |
|
146 |
+ #define bottom_xmlIO |
|
147 |
+ #include "elfgcchack.h" |
|
148 |
+diff --git a/xmllint.c b/xmllint.c |
|
149 |
+index 67f7adb..2252cc0 100644 |
|
150 |
+--- a/xmllint.c |
|
151 |
+@@ -3019,6 +3019,7 @@ static void usage(const char *name) { |
|
152 |
+ printf("\t--path 'paths': provide a set of paths for resources\n"); |
|
153 |
+ printf("\t--load-trace : print trace of all external entities loaded\n"); |
|
154 |
+ printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); |
|
155 |
++ printf("\t--noxxe : forbid any external entity substitution\n"); |
|
156 |
+ printf("\t--nocompact : do not generate compact text nodes\n"); |
|
157 |
+ printf("\t--htmlout : output results as HTML\n"); |
|
158 |
+ printf("\t--nowrap : do not put HTML doc wrapper\n"); |
|
159 |
+@@ -3461,6 +3462,10 @@ main(int argc, char **argv) { |
|
160 |
+ (!strcmp(argv[i], "--nonet"))) { |
|
161 |
+ options |= XML_PARSE_NONET; |
|
162 |
+ xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); |
|
163 |
++ } else if ((!strcmp(argv[i], "-noxxe")) || |
|
164 |
++ (!strcmp(argv[i], "--noxxe"))) { |
|
165 |
++ options |= XML_PARSE_NOXXE; |
|
166 |
++ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader); |
|
167 |
+ } else if ((!strcmp(argv[i], "-nocompact")) || |
|
168 |
+ (!strcmp(argv[i], "--nocompact"))) { |
|
169 |
+ options &= ~XML_PARSE_COMPACT; |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Libxml2 |
2 | 2 |
Name: libxml2 |
3 | 3 |
Version: 2.9.4 |
4 |
-Release: 4%{?dist} |
|
4 |
+Release: 5%{?dist} |
|
5 | 5 |
License: MIT |
6 | 6 |
URL: http://xmlsoft.org/ |
7 | 7 |
Group: System Environment/General Libraries |
... | ... |
@@ -10,6 +10,9 @@ Distribution: Photon |
10 | 10 |
Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz |
11 | 11 |
Patch0: libxml2-2.9.4-support-cve-2016-5131.patch |
12 | 12 |
Patch1: libxml2-2.9.4-cve-2016-5131.patch |
13 |
+# Proposed patch from https://bugzilla.gnome.org/show_bug.cgi?id=772726#c17 |
|
14 |
+# Fix for CVE-2016-9318 |
|
15 |
+Patch2: cve-2016-9318.patch |
|
13 | 16 |
%define sha1 libxml2=958ae70baf186263a4bd801a81dd5d682aedd1db |
14 | 17 |
Requires: python2 |
15 | 18 |
BuildRequires: python2-devel |
... | ... |
@@ -41,6 +44,7 @@ Static libraries and header files for the support library for libxml |
41 | 41 |
%setup -q |
42 | 42 |
%patch0 -p1 |
43 | 43 |
%patch1 -p1 |
44 |
+%patch2 -p1 |
|
44 | 45 |
sed \ |
45 | 46 |
-e /xmlInitializeCatalog/d \ |
46 | 47 |
-e 's/((ent->checked =.*&&/(((ent->checked == 0) ||\ |
... | ... |
@@ -91,6 +95,8 @@ rm -rf %{buildroot}/* |
91 | 91 |
|
92 | 92 |
|
93 | 93 |
%changelog |
94 |
+* Tue Jan 3 2017 Alexey Makhalov <amakhalov@vmware.com> 2.9.4-5 |
|
95 |
+- Fix for CVE-2016-9318 |
|
94 | 96 |
* Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 2.9.4-4 |
95 | 97 |
- Moved man3 to devel subpackage. |
96 | 98 |
* Thu Oct 20 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.9.4-3 |