pkg/53704: textproc/libxml2: Fix CVE-2017-8872

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/53704: textproc/libxml2: Fix CVE-2017-8872
From: attila%fueloep.org@localhost
Date: Mon, 5 Nov 2018 23:30:00 +0000 (UTC)

>Number:         53704
>Category:       pkg
>Synopsis:       textproc/libxml2: Fix CVE-2017-8872
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Nov 05 23:30:00 +0000 2018
>Originator:     Attila Fülöp
>Release:        trunk
>Organization:
>Environment:
SunOS bld-181018 5.11 joyent_20181011T004530Z i86pc i386 i86pc Solaris
>Description:
Fixes CVE-2017-8872.
See: https://gitlab.gnome.org/GNOME/libxml2/issues/26
Backported commit: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407

Patch attached.
>How-To-Repeat:

>Fix:
diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index 89d09e2660f..ee4fcf1cc90 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -2,7 +2,7 @@
 
 .include "../../textproc/libxml2/Makefile.common"
 
-PKGREVISION=   3
+PKGREVISION=   4
 
 COMMENT=       XML parser library from the GNOME project
 LICENSE=       modified-bsd
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index e8e2979f4ff..6626bc687f8 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -10,8 +10,10 @@ SHA1 (patch-ac) = 34afe787f6012b460a85be993048e133907a1621
 SHA1 (patch-ad) = d65b7e3be9694147e96ce4bb70a1739e2279ba81
 SHA1 (patch-ae) = 4eede9719724f94402e850ee6d6043a74aaf62b2
 SHA1 (patch-encoding.c) = 6cf0a7d421828b9f40a4079ee85adb791c54d096
+SHA1 (patch-parser.c) = 4304bae3d6797c03bca82839173a8d08be7a37eb
 SHA1 (patch-python_libxml.py) = 869a72ae5ba2e27e6d46552878890acb22337675
 SHA1 (patch-python_libxml2.py) = 209d105b0f3aedb834091390a7c6819705108e34
 SHA1 (patch-python_setup.py) = 7771fd02ee6779463f1d3321f099d7e6d19cd1b1
+SHA1 (patch-result_errors_759573.xml.err) = 9246b60612d3bc07edbcf75f0ddf65ca6a105792
 SHA1 (patch-xpath.c) = 9b9832e36e947598d8f5dade80181e82bff54a5c
 SHA1 (patch-xzlib.c) = a9b4de24d844b9fee30988ae4dbdee950797fd0d
diff --git a/textproc/libxml2/patches/patch-parser.c b/textproc/libxml2/patches/patch-parser.c
new file mode 100644
index 00000000000..a3d2c4d24d7
--- /dev/null
+++ b/textproc/libxml2/patches/patch-parser.c
@@ -0,0 +1,23 @@
+$NetBSD$
+
+Fixes CVE-2017-8872.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+https://gitlab.gnome.org/GNOME/libxml2/issues/26
+https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
+
+--- parser.c.orig      2018-01-25 06:44:40.000000000 +0000
++++ parser.c
+@@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+           ctxt->input->free((xmlChar *) ctxt->input->base);
+           ctxt->input->free = NULL;
+       }
++      if (ctxt->input->buf != NULL) {
++          xmlFreeParserInputBuffer(ctxt->input->buf);
++          ctxt->input->buf = NULL;
++      }
+       ctxt->input->cur = BAD_CAST"";
++        ctxt->input->length = 0;
+       ctxt->input->base = ctxt->input->cur;
+         ctxt->input->end = ctxt->input->cur;
+     }
diff --git a/textproc/libxml2/patches/patch-result_errors_759573.xml.err b/textproc/libxml2/patches/patch-result_errors_759573.xml.err
new file mode 100644
index 00000000000..91b03e7ea19
--- /dev/null
+++ b/textproc/libxml2/patches/patch-result_errors_759573.xml.err
@@ -0,0 +1,32 @@
+$NetBSD$
+
+Test output adjustment for CVE-2017-8872 fix.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=775200
+https://gitlab.gnome.org/GNOME/libxml2/issues/26
+https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
+
+--- result/errors/759573.xml.err.orig  2017-07-23 05:10:06.000000000 +0000
++++ result/errors/759573.xml.err
+@@ -21,14 +21,11 @@ Entity: line 1:
+             ^
+ ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
+ 
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-     ^
++
++^
+ ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-     ^
+-./test/errors/759573.xml:1: parser error : StartTag: invalid element name
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-      ^
+-./test/errors/759573.xml:1: parser error : Extra content at the end of the document
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+-      ^
++
++^
++./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
++
++^

Prev by Date: pkg/53703: devel/snappy: Fails to link on CentOS 7
Next by Date: Re: pkg/53702 (lang/nodejs is broken)
Previous by Thread: pkg/53703: devel/snappy: Fails to link on CentOS 7
Next by Thread: pkg/53706: wm/blackbox70 fails to build on NetBSD 8.0_STABLE
Indexes:

Home | Main Index | Thread Index | Old Index