packages/expat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 2.2.9

Browse Source
This commit is contained in:
yixiangzhike 2020-08-03 20:21:57 +08:00
parent 3e60d2989a
commit 0f3fd65aa5
7 changed files with 114 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2018-20843.patch
View File

@ -1,24 +0,0 @@
From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 12 Jun 2019 15:42:22 +0200
Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
(#186)
---
expat/lib/xmlparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index c4f3ffc..f4506b0 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -6080,7 +6080,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
else
poolDiscard(&dtd->pool);
elementType->prefix = prefix;
-
+ break;
}
}
return 1;

112
CVE-2019-15903.patch
View File

@ -1,112 +0,0 @@
From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 28 Aug 2019 00:24:59 +0200
Subject: [PATCH 189/286] xmlparse.c: Deny internal entities closing the
doctype
---
expat/lib/xmlparse.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index f4506b0..3df4347 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -412,9 +412,10 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity,
static enum XML_Error
initializeEncoding(XML_Parser parser);
static enum XML_Error
-doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
- const char *end, int tok, const char *next, const char **nextPtr,
- XML_Bool haveMore);
+doProlog(XML_Parser parser, const ENCODING *enc,
+ const char *s, const char *end, int tok,
+ const char *next, const char **nextPtr,
+ XML_Bool haveMore, XML_Bool allowClosingDoctype);
static enum XML_Error
processInternalEntity(XML_Parser parser, ENTITY *entity,
XML_Bool betweenDecl);
@@ -4240,8 +4241,8 @@ externalParEntProcessor(XML_Parser parser,
}
parser->m_processor = prologProcessor;
- return doProlog(parser, parser->m_encoding, s, end, tok, next,
- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
+ return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
}
static enum XML_Error PTRCALL
@@ -4290,20 +4291,14 @@ prologProcessor(XML_Parser parser,
{
const char *next = s;
int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
- return doProlog(parser, parser->m_encoding, s, end, tok, next,
- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
+ return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
}
static enum XML_Error
-doProlog(XML_Parser parser,
- const ENCODING *enc,
- const char *s,
- const char *end,
- int tok,
- const char *next,
- const char **nextPtr,
- XML_Bool haveMore)
-{
+doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ int tok, const char *next, const char **nextPtr, XML_Bool haveMore,
+ XML_Bool allowClosingDoctype) {
#ifdef XML_DTD
static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
#endif /* XML_DTD */
@@ -4481,6 +4476,11 @@ doProlog(XML_Parser parser,
}
break;
case XML_ROLE_DOCTYPE_CLOSE:
+ if (allowClosingDoctype != XML_TRUE) {
+ /* Must not close doctype from within expanded parameter entities */
+ return XML_ERROR_INVALID_TOKEN;
+ }
+
if (parser->m_doctypeName) {
parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
parser->m_doctypeSysid, parser->m_doctypePubid, 0);
@@ -5417,8 +5417,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
#ifdef XML_DTD
if (entity->is_param) {
int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
- result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
- next, &next, XML_FALSE);
+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+ tok, next, &next, XML_FALSE, XML_FALSE);
}
else
#endif /* XML_DTD */
@@ -5464,8 +5464,8 @@ internalEntityProcessor(XML_Parser parser,
#ifdef XML_DTD
if (entity->is_param) {
int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
- result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
- next, &next, XML_FALSE);
+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
+ tok, next, &next, XML_FALSE, XML_TRUE);
}
else
#endif /* XML_DTD */
@@ -5492,7 +5492,7 @@ internalEntityProcessor(XML_Parser parser,
parser->m_processor = prologProcessor;
tok = XmlPrologTok(parser->m_encoding, s, end, &next);
return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
- (XML_Bool)!parser->m_parsingStatus.finalBuffer);
+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
}
else
#endif /* XML_DTD */
---
2.19.1

36
Don-t-add-to-NULL-in-iterator.patch Normal file
View File

@ -0,0 +1,36 @@
From 49c165c5a8a40c0ef6a9cee00a81adac2da71533 Mon Sep 17 00:00:00 2001
From: Ben Wagner <bungeman@chromium.org>
Date: Tue, 7 Apr 2020 13:12:18 -0400
Subject: [PATCH 67/68] Don't add to NULL in iterator.
In C it is undefined to add anything to NULL. Clang recently began
taking advantage of this and can assume that if anything is added or
subtracted from a pointer that the pointer can be assumed non-NULL. The
Address Sanitizer has been updated to report when this happens at
runtime and produces messages like
expat/lib/xmlparse.c:6509:23: runtime error: applying zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior expat/lib/xmlparse.c:6509:23
This can be mitigated with 'p ? p + n : NULL' which optimizes to just
the add in all optimizing compilers, but avoids the undefined behavior.
---
lib/xmlparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 638ea52..849411c 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -6506,7 +6506,7 @@ hashTableInit(HASH_TABLE *p, const XML_Memory_Handling_Suite *ms) {
static void FASTCALL
hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table) {
iter->p = table->v;
- iter->end = iter->p + table->size;
+ iter->end = iter->p ? iter->p + table->size : NULL;
}
static NAMED *FASTCALL
--
1.8.3.1

BIN
expat-2.2.6.tar.gz
View File

Binary file not shown.

BIN
expat-2.2.9.tar.gz Normal file
View File

Binary file not shown.

20
expat.spec
View File

@ -1,13 +1,14 @@
%define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/')
Name: expat
Version: 2.2.6
Release: 5
Version: 2.2.9
Release: 2
Summary: An XML parser library
License: MIT
URL: https://libexpat.github.io/
Source0: https://github.com/libexpat/libexpat/releases/download/%{Rversion}/expat-%{version}.tar.gz
Patch6000: CVE-2018-20843.patch
Patch6001: CVE-2019-15903.patch
Patch0000: xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch
Patch0001: Don-t-add-to-NULL-in-iterator.patch
BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto
@ -25,7 +26,7 @@ This package provides with static libraries and header files for developing wit
%package_help
%prep
%autosetup -p1 -n libexpat-%{Rversion}/expat
%autosetup -p1
autoreconf -fiv
%build
@ -60,6 +61,15 @@ make check
%{_mandir}/man1/*
%changelog
* Sun Jun 28 2020 liuchenguang <liuchenguang4@huawei.com> - 2.2.9-2
- quality enhancement synchronization github patch
* Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.9-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update to 2.2.9
* Mon Oct 21 2019 shenyangyang <shenyangyang4@huawei.com> - 2.2.6-5
- Type:NA
- ID:NA

63
xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch Normal file
View File

@ -0,0 +1,63 @@
From ef09dbabd409f7b4d42c40c03b74f718aa1b17c1 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Thu, 19 Mar 2020 15:22:58 +0100
Subject: [PATCH 64/68] xmlparse.c: Fix undefined behavior for XML_UNICODE
Pointer arithmetic with NULL is undefined behavior.
This reverts c71f27573bd0205558a78792b554764f9c962179
---
Changes | 4 ++++
lib/xmlparse.c | 15 ++++++++++++---
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/Changes b/Changes
index 1680489..a801d7f 100644
--- a/Changes
+++ b/Changes
@@ -3,6 +3,10 @@ NOTE: We are looking for help with a few things:
If you can help, please get in touch. Thanks!
Release 2.2.9 Wed Septemper 25 2019
+ Bug fixes:
+ #390 #395 Fix undefined behavior during parsing when compiled with
+ -DXML_UNICODE that was introduced with Expat 2.0.1
+
Other changes:
examples: Drop executable bits from elements.c
#349 Windows: Change the name of the Windows DLLs from expat*.dll
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 8b8c6f0..638ea52 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -48,6 +48,17 @@
#include <stdio.h> /* fprintf */
#include <stdlib.h> /* getenv, rand_s */
+#if defined(_WIN32) && defined(_MSC_VER) && (_MSC_VER < 1600)
+/* vs2008/9.0 and earlier lack stdint.h; _MSC_VER 1600 is vs2010/10.0 */
+# if defined(_WIN64)
+typedef unsigned __int64 uintptr_t;
+# else
+typedef unsigned __int32 uintptr_t;
+# endif
+#else
+# include <stdint.h> /* uintptr_t */
+#endif
+
#ifdef _WIN32
# define getpid GetCurrentProcessId
#else
@@ -121,9 +132,7 @@
# define XmlGetInternalEncoding XmlGetUtf16InternalEncoding
# define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS
# define XmlEncode XmlUtf16Encode
-/* Using pointer subtraction to convert to integer type. */
-# define MUST_CONVERT(enc, s) \
- (! (enc)->isUtf16 || (((char *)(s) - (char *)NULL) & 1))
+# define MUST_CONVERT(enc, s) (! (enc)->isUtf16 || (((uintptr_t)(s)) & 1))
typedef unsigned short ICHAR;
#else
# define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX
--
1.8.3.1