pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/textproc/xerces-c Add the fix for CVE-2009-1885 - nest...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3ce3e45d9438
branches: trunk
changeset: 398290:3ce3e45d9438
user: hasso <hasso%pkgsrc.org@localhost>
date: Fri Aug 28 05:24:34 2009 +0000
description:
Add the fix for CVE-2009-1885 - nested DTD structure XML parsing remote denial
of service vulnerability. While there fix MASTER_SITES as recommended by
pkglint. Bump PKGREVISION.
diffstat:
textproc/xerces-c/Makefile | 9 +-
textproc/xerces-c/distinfo | 3 +-
textproc/xerces-c/patches/patch-ba | 653 +++++++++++++++++++++++++++++++++++++
3 files changed, 658 insertions(+), 7 deletions(-)
diffs (truncated from 692 to 300 lines):
diff -r 2739a6105f25 -r 3ce3e45d9438 textproc/xerces-c/Makefile
--- a/textproc/xerces-c/Makefile Thu Aug 27 23:47:58 2009 +0000
+++ b/textproc/xerces-c/Makefile Fri Aug 28 05:24:34 2009 +0000
@@ -1,14 +1,11 @@
-# $NetBSD: Makefile,v 1.37 2009/05/22 17:59:41 zafer Exp $
+# $NetBSD: Makefile,v 1.38 2009/08/28 05:24:34 hasso Exp $
#
DISTNAME= xerces-c-src_2_8_0
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/-src_/-/:S/_/./g}
CATEGORIES= textproc
-MASTER_SITES= http://www.apache.org/dist/xerces/c/2/sources/ \
- http://apache.speedbone.de/xerces/c/2/sources/ \
- ftp://ftp.riken.jp/net/apache/xerces/c/2/sources/
-
-
+MASTER_SITES= ${MASTER_SITE_APACHE:=xerces/c/2/sources/}
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://xerces.apache.org/xerces-c/
diff -r 2739a6105f25 -r 3ce3e45d9438 textproc/xerces-c/distinfo
--- a/textproc/xerces-c/distinfo Thu Aug 27 23:47:58 2009 +0000
+++ b/textproc/xerces-c/distinfo Fri Aug 28 05:24:34 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2009/05/10 11:24:26 hasso Exp $
+$NetBSD: distinfo,v 1.13 2009/08/28 05:24:34 hasso Exp $
SHA1 (xerces-c-src_2_8_0.tar.gz) = f0803b1330daec3f44b17dee64c3c99de6b3cd3e
RMD160 (xerces-c-src_2_8_0.tar.gz) = d576df7870b043a338358834a0e1180dca39e838
@@ -22,3 +22,4 @@
SHA1 (patch-ar) = 8b8055056afdb0c3d8a556211bf44aec496727a1
SHA1 (patch-as) = 3eaec415b91dcd129eaa7c5c6e0b5b417ad651bc
SHA1 (patch-at) = 31682536fccb69cbf29872793b2eb798e15e3bda
+SHA1 (patch-ba) = 5bf2099aa80dfa3c91d5297fd7238a5a049131d9
diff -r 2739a6105f25 -r 3ce3e45d9438 textproc/xerces-c/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/xerces-c/patches/patch-ba Fri Aug 28 05:24:34 2009 +0000
@@ -0,0 +1,653 @@
+$NetBSD: patch-ba,v 1.1 2009/08/28 05:24:34 hasso Exp $
+
+Fix for CVE-2009-1885 from upstream subversion repo.
+
+--- ../../src/xercesc/validators/DTD/DTDScanner.cpp 2008/05/21 16:42:53 658750
++++ ../../src/xercesc/validators/DTD/DTDScanner.cpp 2009/08/24 14:03:57 807224
+@@ -27,7 +27,9 @@
+ #include <xercesc/util/FlagJanitor.hpp>
+ #include <xercesc/util/Janitor.hpp>
+ #include <xercesc/util/XMLUniDefs.hpp>
++#include <xercesc/util/ValueStackOf.hpp>
+ #include <xercesc/util/UnexpectedEOFException.hpp>
++#include <xercesc/util/OutOfMemoryException.hpp>
+ #include <xercesc/sax/InputSource.hpp>
+ #include <xercesc/framework/XMLDocumentHandler.hpp>
+ #include <xercesc/framework/XMLEntityHandler.hpp>
+@@ -39,7 +41,6 @@
+ #include <xercesc/validators/DTD/DTDEntityDecl.hpp>
+ #include <xercesc/validators/DTD/DocTypeHandler.hpp>
+ #include <xercesc/validators/DTD/DTDScanner.hpp>
+-#include <xercesc/util/OutOfMemoryException.hpp>
+
+ XERCES_CPP_NAMESPACE_BEGIN
+
+@@ -1046,338 +1047,354 @@
+ // Check for a PE ref here, but don't require spaces
+ checkForPERef(false, true);
+
+- // We have to check entity nesting here
+- unsigned int curReader;
+-
++ ValueStackOf<XMLSize_t>* arrNestedDecl=NULL;
+ //
+ // We know that the caller just saw an opening parenthesis, so we need
+- // to parse until we hit the end of it, recursing for other nested
+- // parentheses we see.
++ // to parse until we hit the end of it; if we find several parenthesis,
++ // store them in an array to be processed later.
+ //
+ // We have to check for one up front, since it could be something like
+ // (((a)*)) etc...
+ //
+ ContentSpecNode* curNode = 0;
+- if (fReaderMgr->skippedChar(chOpenParen))
++ while(fReaderMgr->skippedChar(chOpenParen))
+ {
+- curReader = fReaderMgr->getCurrentReaderNum();
++ // to check entity nesting
++ const unsigned int curReader = fReaderMgr->getCurrentReaderNum();
++ if(arrNestedDecl==NULL)
++ arrNestedDecl=new (fMemoryManager) ValueStackOf<XMLSize_t>(5, fMemoryManager);
++ arrNestedDecl->push(curReader);
+
+- // Lets call ourself and get back the resulting node
+- curNode = scanChildren(elemDecl, bufToUse);
++ // Check for a PE ref here, but don't require spaces
++ checkForPERef(false, true);
++ }
+
+- // If that failed, no need to go further, return failure
+- if (!curNode)
+- return 0;
++ // We must find a leaf node here, either standalone or nested in the parenthesis
++ if (!fReaderMgr->getName(bufToUse))
++ {
++ fScanner->emitError(XMLErrs::ExpectedElementName);
++ return 0;
++ }
+
+- if (curReader != fReaderMgr->getCurrentReaderNum() && fScanner->getDoValidation())
+- fScanner->getValidator()->emitError(XMLValid::PartialMarkupInPE);
++ //
++ // Create a leaf node for it. If we can find the element id for
++ // this element, then use it. Else, we have to fault in an element
++ // decl, marked as created because of being in a content model.
++ //
++ XMLElementDecl* decl = fDTDGrammar->getElemDecl(fEmptyNamespaceId, 0, bufToUse.getRawBuffer(), Grammar::TOP_LEVEL_SCOPE);
++ if (!decl)
++ {
++ decl = new (fGrammarPoolMemoryManager) DTDElementDecl
++ (
++ bufToUse.getRawBuffer()
++ , fEmptyNamespaceId
++ , DTDElementDecl::Any
++ , fGrammarPoolMemoryManager
++ );
++ decl->setCreateReason(XMLElementDecl::InContentModel);
++ decl->setExternalElemDeclaration(isReadingExternalEntity());
++ fDTDGrammar->putElemDecl(decl);
+ }
+- else
++ curNode = new (fGrammarPoolMemoryManager) ContentSpecNode
++ (
++ decl->getElementName()
++ , fGrammarPoolMemoryManager
++ );
++
++ // Check for a PE ref here, but don't require spaces
++ const bool gotSpaces = checkForPERef(false, true);
++
++ // Check for a repetition character after the leaf
++ XMLCh repCh = fReaderMgr->peekNextChar();
++ ContentSpecNode* tmpNode = makeRepNode(repCh, curNode, fGrammarPoolMemoryManager);
++ if (tmpNode != curNode)
+ {
+- // Not a nested paren, so it must be a leaf node
+- if (!fReaderMgr->getName(bufToUse))
++ if (gotSpaces)
+ {
+- fScanner->emitError(XMLErrs::ExpectedElementName);
+- return 0;
++ if (fScanner->emitErrorWillThrowException(XMLErrs::UnexpectedWhitespace))
++ {
++ delete tmpNode;
++ }
++ fScanner->emitError(XMLErrs::UnexpectedWhitespace);
+ }
++ fReaderMgr->getNextChar();
++ curNode = tmpNode;
++ }
+
++ while(arrNestedDecl==NULL || !arrNestedDecl->empty())
++ {
++ // Check for a PE ref here, but don't require spaces
++ checkForPERef(false, true);
++
+ //
+- // Create a leaf node for it. If we can find the element id for
+- // this element, then use it. Else, we have to fault in an element
+- // decl, marked as created because of being in a content model.
++ // Ok, the next character tells us what kind of content this particular
++ // model this particular parentesized section is. Its either a choice if
++ // we see ',', a sequence if we see '|', or a single leaf node if we see
++ // a closing paren.
++ //
++ const XMLCh opCh = fReaderMgr->peekNextChar();
++
++ if ((opCh != chComma)
++ && (opCh != chPipe)
++ && (opCh != chCloseParen))
++ {
++ // Not a legal char, so delete our node and return failure
++ delete curNode;
++ fScanner->emitError(XMLErrs::ExpectedSeqChoiceLeaf);
++ return 0;
++ }
++
+ //
+- XMLElementDecl* decl = fDTDGrammar->getElemDecl(fEmptyNamespaceId, 0, bufToUse.getRawBuffer(), Grammar::TOP_LEVEL_SCOPE);
+- if (!decl)
++ // Create the head node of the correct type. We need this to remember
++ // the top of the local tree. If it was a single subexpr, then just
++ // set the head node to the current node. For the others, we'll build
++ // the tree off the second child as we move across.
++ //
++ ContentSpecNode* headNode = 0;
++ ContentSpecNode::NodeTypes curType = ContentSpecNode::UnknownType;
++ if (opCh == chComma)
+ {
+- decl = new (fGrammarPoolMemoryManager) DTDElementDecl
++ curType = ContentSpecNode::Sequence;
++ headNode = new (fGrammarPoolMemoryManager) ContentSpecNode
+ (
+- bufToUse.getRawBuffer()
+- , fEmptyNamespaceId
+- , DTDElementDecl::Any
++ curType
++ , curNode
++ , 0
++ , true
++ , true
+ , fGrammarPoolMemoryManager
+ );
+- decl->setCreateReason(XMLElementDecl::InContentModel);
+- decl->setExternalElemDeclaration(isReadingExternalEntity());
+- fDTDGrammar->putElemDecl(decl);
++ curNode = headNode;
+ }
+- curNode = new (fGrammarPoolMemoryManager) ContentSpecNode
+- (
+- decl->getElementName()
+- , fGrammarPoolMemoryManager
+- );
+-
+- // Check for a PE ref here, but don't require spaces
+- const bool gotSpaces = checkForPERef(false, true);
+-
+- // Check for a repetition character after the leaf
+- const XMLCh repCh = fReaderMgr->peekNextChar();
+- ContentSpecNode* tmpNode = makeRepNode(repCh, curNode, fGrammarPoolMemoryManager);
+- if (tmpNode != curNode)
++ else if (opCh == chPipe)
+ {
+- if (gotSpaces)
+- {
+- if (fScanner->emitErrorWillThrowException(XMLErrs::UnexpectedWhitespace))
+- {
+- delete tmpNode;
+- }
+- fScanner->emitError(XMLErrs::UnexpectedWhitespace);
+- }
++ curType = ContentSpecNode::Choice;
++ headNode = new (fGrammarPoolMemoryManager) ContentSpecNode
++ (
++ curType
++ , curNode
++ , 0
++ , true
++ , true
++ , fGrammarPoolMemoryManager
++ );
++ curNode = headNode;
++ }
++ else
++ {
++ headNode = curNode;
+ fReaderMgr->getNextChar();
+- curNode = tmpNode;
+ }
+- }
+-
+- // Check for a PE ref here, but don't require spaces
+- checkForPERef(false, true);
+
+- //
+- // Ok, the next character tells us what kind of content this particular
+- // model this particular parentesized section is. Its either a choice if
+- // we see ',', a sequence if we see '|', or a single leaf node if we see
+- // a closing paren.
+- //
+- const XMLCh opCh = fReaderMgr->peekNextChar();
+-
+- if ((opCh != chComma)
+- && (opCh != chPipe)
+- && (opCh != chCloseParen))
+- {
+- // Not a legal char, so delete our node and return failure
+- delete curNode;
+- fScanner->emitError(XMLErrs::ExpectedSeqChoiceLeaf);
+- return 0;
+- }
+-
+- //
+- // Create the head node of the correct type. We need this to remember
+- // the top of the local tree. If it was a single subexpr, then just
+- // set the head node to the current node. For the others, we'll build
+- // the tree off the second child as we move across.
+- //
+- ContentSpecNode* headNode = 0;
+- ContentSpecNode::NodeTypes curType = ContentSpecNode::UnknownType;
+- if (opCh == chComma)
+- {
+- curType = ContentSpecNode::Sequence;
+- headNode = new (fGrammarPoolMemoryManager) ContentSpecNode
+- (
+- curType
+- , curNode
+- , 0
+- , true
+- , true
+- , fGrammarPoolMemoryManager
Home |
Main Index |
Thread Index |
Old Index