diff --git a/CVE-2018-20843.patch b/CVE-2018-20843.patch deleted file mode 100644 index 68036c9..0000000 --- a/CVE-2018-20843.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Wed, 12 Jun 2019 15:42:22 +0200 -Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name - (#186) - ---- - expat/lib/xmlparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index c4f3ffc..f4506b0 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -6080,7 +6080,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) - else - poolDiscard(&dtd->pool); - elementType->prefix = prefix; -- -+ break; - } - } - return 1; - diff --git a/CVE-2019-15903.patch b/CVE-2019-15903.patch deleted file mode 100644 index a66b4b1..0000000 --- a/CVE-2019-15903.patch +++ /dev/null @@ -1,112 +0,0 @@ -From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Wed, 28 Aug 2019 00:24:59 +0200 -Subject: [PATCH 189/286] xmlparse.c: Deny internal entities closing the - doctype - ---- - expat/lib/xmlparse.c | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index f4506b0..3df4347 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -412,9 +412,10 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity, - static enum XML_Error - initializeEncoding(XML_Parser parser); - static enum XML_Error --doProlog(XML_Parser parser, const ENCODING *enc, const char *s, -- const char *end, int tok, const char *next, const char **nextPtr, -- XML_Bool haveMore); -+doProlog(XML_Parser parser, const ENCODING *enc, -+ const char *s, const char *end, int tok, -+ const char *next, const char **nextPtr, -+ XML_Bool haveMore, XML_Bool allowClosingDoctype); - static enum XML_Error - processInternalEntity(XML_Parser parser, ENTITY *entity, - XML_Bool betweenDecl); -@@ -4240,8 +4241,8 @@ externalParEntProcessor(XML_Parser parser, - } - - parser->m_processor = prologProcessor; -- return doProlog(parser, parser->m_encoding, s, end, tok, next, -- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, -+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - - static enum XML_Error PTRCALL -@@ -4290,20 +4291,14 @@ prologProcessor(XML_Parser parser, - { - const char *next = s; - int tok = XmlPrologTok(parser->m_encoding, s, end, &next); -- return doProlog(parser, parser->m_encoding, s, end, tok, next, -- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, -+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - - static enum XML_Error --doProlog(XML_Parser parser, -- const ENCODING *enc, -- const char *s, -- const char *end, -- int tok, -- const char *next, -- const char **nextPtr, -- XML_Bool haveMore) --{ -+doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, -+ int tok, const char *next, const char **nextPtr, XML_Bool haveMore, -+ XML_Bool allowClosingDoctype) { - #ifdef XML_DTD - static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' }; - #endif /* XML_DTD */ -@@ -4481,6 +4476,11 @@ doProlog(XML_Parser parser, - } - break; - case XML_ROLE_DOCTYPE_CLOSE: -+ if (allowClosingDoctype != XML_TRUE) { -+ /* Must not close doctype from within expanded parameter entities */ -+ return XML_ERROR_INVALID_TOKEN; -+ } -+ - if (parser->m_doctypeName) { - parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName, - parser->m_doctypeSysid, parser->m_doctypePubid, 0); -@@ -5417,8 +5417,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, - #ifdef XML_DTD - if (entity->is_param) { - int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); -- result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, -- next, &next, XML_FALSE); -+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, -+ tok, next, &next, XML_FALSE, XML_FALSE); - } - else - #endif /* XML_DTD */ -@@ -5464,8 +5464,8 @@ internalEntityProcessor(XML_Parser parser, - #ifdef XML_DTD - if (entity->is_param) { - int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); -- result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, -- next, &next, XML_FALSE); -+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, -+ tok, next, &next, XML_FALSE, XML_TRUE); - } - else - #endif /* XML_DTD */ -@@ -5492,7 +5492,7 @@ internalEntityProcessor(XML_Parser parser, - parser->m_processor = prologProcessor; - tok = XmlPrologTok(parser->m_encoding, s, end, &next); - return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, -- (XML_Bool)!parser->m_parsingStatus.finalBuffer); -+ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE); - } - else - #endif /* XML_DTD */ ---- -2.19.1 - - diff --git a/Don-t-add-to-NULL-in-iterator.patch b/Don-t-add-to-NULL-in-iterator.patch new file mode 100644 index 0000000..ffb1302 --- /dev/null +++ b/Don-t-add-to-NULL-in-iterator.patch @@ -0,0 +1,36 @@ +From 49c165c5a8a40c0ef6a9cee00a81adac2da71533 Mon Sep 17 00:00:00 2001 +From: Ben Wagner +Date: Tue, 7 Apr 2020 13:12:18 -0400 +Subject: [PATCH 67/68] Don't add to NULL in iterator. + +In C it is undefined to add anything to NULL. Clang recently began +taking advantage of this and can assume that if anything is added or +subtracted from a pointer that the pointer can be assumed non-NULL. The +Address Sanitizer has been updated to report when this happens at +runtime and produces messages like + +expat/lib/xmlparse.c:6509:23: runtime error: applying zero offset to null pointer +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior expat/lib/xmlparse.c:6509:23 + +This can be mitigated with 'p ? p + n : NULL' which optimizes to just +the add in all optimizing compilers, but avoids the undefined behavior. +--- + lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 638ea52..849411c 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6506,7 +6506,7 @@ hashTableInit(HASH_TABLE *p, const XML_Memory_Handling_Suite *ms) { + static void FASTCALL + hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table) { + iter->p = table->v; +- iter->end = iter->p + table->size; ++ iter->end = iter->p ? iter->p + table->size : NULL; + } + + static NAMED *FASTCALL +-- +1.8.3.1 + diff --git a/expat-2.2.6.tar.gz b/expat-2.2.6.tar.gz deleted file mode 100644 index 75aac46..0000000 Binary files a/expat-2.2.6.tar.gz and /dev/null differ diff --git a/expat-2.2.9.tar.gz b/expat-2.2.9.tar.gz new file mode 100644 index 0000000..725490b Binary files /dev/null and b/expat-2.2.9.tar.gz differ diff --git a/expat.spec b/expat.spec index 74543ba..380fd5a 100644 --- a/expat.spec +++ b/expat.spec @@ -1,13 +1,14 @@ %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/') Name: expat -Version: 2.2.6 -Release: 5 +Version: 2.2.9 +Release: 2 Summary: An XML parser library License: MIT URL: https://libexpat.github.io/ Source0: https://github.com/libexpat/libexpat/releases/download/%{Rversion}/expat-%{version}.tar.gz -Patch6000: CVE-2018-20843.patch -Patch6001: CVE-2019-15903.patch + +Patch0000: xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch +Patch0001: Don-t-add-to-NULL-in-iterator.patch BuildRequires: sed,autoconf,automake,gcc-c++,libtool,xmlto @@ -25,7 +26,7 @@ This package provides with static libraries and header files for developing wit %package_help %prep -%autosetup -p1 -n libexpat-%{Rversion}/expat +%autosetup -p1 autoreconf -fiv %build @@ -60,6 +61,15 @@ make check %{_mandir}/man1/* %changelog +* Sun Jun 28 2020 liuchenguang - 2.2.9-2 +- quality enhancement synchronization github patch + +* Mon May 11 2020 openEuler Buildteam - 2.2.9-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update to 2.2.9 + * Mon Oct 21 2019 shenyangyang - 2.2.6-5 - Type:NA - ID:NA diff --git a/xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch b/xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch new file mode 100644 index 0000000..5dc2582 --- /dev/null +++ b/xmlparse.c-Fix-undefined-behavior-for-XML_UNICODE.patch @@ -0,0 +1,63 @@ +From ef09dbabd409f7b4d42c40c03b74f718aa1b17c1 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Thu, 19 Mar 2020 15:22:58 +0100 +Subject: [PATCH 64/68] xmlparse.c: Fix undefined behavior for XML_UNICODE + +Pointer arithmetic with NULL is undefined behavior. +This reverts c71f27573bd0205558a78792b554764f9c962179 +--- + Changes | 4 ++++ + lib/xmlparse.c | 15 ++++++++++++--- + 2 files changed, 16 insertions(+), 3 deletions(-) + +diff --git a/Changes b/Changes +index 1680489..a801d7f 100644 +--- a/Changes ++++ b/Changes +@@ -3,6 +3,10 @@ NOTE: We are looking for help with a few things: + If you can help, please get in touch. Thanks! + + Release 2.2.9 Wed Septemper 25 2019 ++ Bug fixes: ++ #390 #395 Fix undefined behavior during parsing when compiled with ++ -DXML_UNICODE that was introduced with Expat 2.0.1 ++ + Other changes: + examples: Drop executable bits from elements.c + #349 Windows: Change the name of the Windows DLLs from expat*.dll +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 8b8c6f0..638ea52 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -48,6 +48,17 @@ + #include /* fprintf */ + #include /* getenv, rand_s */ + ++#if defined(_WIN32) && defined(_MSC_VER) && (_MSC_VER < 1600) ++/* vs2008/9.0 and earlier lack stdint.h; _MSC_VER 1600 is vs2010/10.0 */ ++# if defined(_WIN64) ++typedef unsigned __int64 uintptr_t; ++# else ++typedef unsigned __int32 uintptr_t; ++# endif ++#else ++# include /* uintptr_t */ ++#endif ++ + #ifdef _WIN32 + # define getpid GetCurrentProcessId + #else +@@ -121,9 +132,7 @@ + # define XmlGetInternalEncoding XmlGetUtf16InternalEncoding + # define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS + # define XmlEncode XmlUtf16Encode +-/* Using pointer subtraction to convert to integer type. */ +-# define MUST_CONVERT(enc, s) \ +- (! (enc)->isUtf16 || (((char *)(s) - (char *)NULL) & 1)) ++# define MUST_CONVERT(enc, s) (! (enc)->isUtf16 || (((uintptr_t)(s)) & 1)) + typedef unsigned short ICHAR; + #else + # define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX +-- +1.8.3.1 +