Accepting request 259660 from home:vitezslav_cizek:branches:devel:libraries:c_c++

- fix a missing entities after CVE-2014-3660 fix (https://bugzilla.gnome.org/show_bug.cgi?id=738805) * added patches: 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch 0002-Adding-example-from-bugs-738805-to-regression-tests.patch * https://bugzilla.redhat.com/show_bug.cgi?id=1153753 OBS-URL: https://build.opensuse.org/request/show/259660 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=99
2014-11-04 18:12:02 +00:00
parent 4eb350248d
commit 58e3983d68
4 changed files with 339 additions and 2 deletions
--- a/0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+++ b/0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
@@ -0,0 +1,31 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: [PATCH 1/2] Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
+++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+      * far more secure as the parser will only process data coming from
+      * the document entity by default.
+      */
+-    if ((ent->checked == 0) &&
+    if (((ent->checked == 0) ||
+         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ 	unsigned long oldnbent = ctxt->nbentities;
+-- 
+2.1.2
+
--- a/0002-Adding-example-from-bugs-738805-to-regression-tests.patch
+++ b/0002-Adding-example-from-bugs-738805-to-regression-tests.patch
@@ -0,0 +1,294 @@
+From df23f584fda15955a0811bd768a8925eb98741c9 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 13:52:47 +0800
+Subject: [PATCH 2/2] Adding example from bugs 738805 to regression tests
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+Tortuous test case provided by pierre.labastie@neuf.fr
+---
+ result/ent_738805.xml       | 15 +++++++++++
+ result/ent_738805.xml.rde   | 15 +++++++++++
+ result/ent_738805.xml.rdr   | 31 +++++++++++++++++++++
+ result/ent_738805.xml.sax   | 66 +++++++++++++++++++++++++++++++++++++++++++++
+ result/ent_738805.xml.sax2  | 66 +++++++++++++++++++++++++++++++++++++++++++++
+ result/noent/ent_738805.xml | 15 +++++++++++
+ test/ent_738805.xml         | 16 +++++++++++
+ 7 files changed, 224 insertions(+)
+ create mode 100644 result/ent_738805.xml
+ create mode 100644 result/ent_738805.xml.rde
+ create mode 100644 result/ent_738805.xml.rdr
+ create mode 100644 result/ent_738805.xml.sax
+ create mode 100644 result/ent_738805.xml.sax2
+ create mode 100644 result/noent/ent_738805.xml
+ create mode 100644 test/ent_738805.xml
+
+diff --git a/result/ent_738805.xml b/result/ent_738805.xml
+new file mode 100644
+index 0000000..d285eee
+--- /dev/null
+++ b/result/ent_738805.xml
+@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE somedoc [
+<!ENTITY a "something">
+<!ENTITY b "&a;">
+]>
+<somedoc>
+
+<somebeacon someattribute="&b;"/>
+
+&a; should appear after colon: &a;
+&b; should appear after colon: &a;
+&a; should appear after colon: &b;
+&b; should appear after colon: &b;
+
+</somedoc>
+diff --git a/result/ent_738805.xml.rde b/result/ent_738805.xml.rde
+new file mode 100644
+index 0000000..fa086fe
+--- /dev/null
+++ b/result/ent_738805.xml.rde
+@@ -0,0 +1,15 @@
+0 10 somedoc 0 0
+0 1 somedoc 0 0
+1 14 #text 0 1 
+
+
+1 1 somebeacon 1 0
+1 3 #text 0 1 
+
+something should appear after colon: something
+something should appear after colon: something
+something should appear after colon: something
+something should appear after colon: something
+
+
+0 15 somedoc 0 0
+diff --git a/result/ent_738805.xml.rdr b/result/ent_738805.xml.rdr
+new file mode 100644
+index 0000000..c52dbf1
+--- /dev/null
+++ b/result/ent_738805.xml.rdr
+@@ -0,0 +1,31 @@
+0 10 somedoc 0 0
+0 1 somedoc 0 0
+1 14 #text 0 1 
+
+
+1 1 somebeacon 1 0
+1 14 #text 0 1 
+
+
+1 5 a 0 0
+1 3 #text 0 1  should appear after colon: 
+1 5 a 0 0
+1 14 #text 0 1 
+
+1 5 b 0 0
+1 3 #text 0 1  should appear after colon: 
+1 5 a 0 0
+1 14 #text 0 1 
+
+1 5 a 0 0
+1 3 #text 0 1  should appear after colon: 
+1 5 b 0 0
+1 14 #text 0 1 
+
+1 5 b 0 0
+1 3 #text 0 1  should appear after colon: 
+1 5 b 0 0
+1 14 #text 0 1 
+
+
+0 15 somedoc 0 0
+diff --git a/result/ent_738805.xml.sax b/result/ent_738805.xml.sax
+new file mode 100644
+index 0000000..2649117
+--- /dev/null
+++ b/result/ent_738805.xml.sax
+@@ -0,0 +1,66 @@
+SAX.setDocumentLocator()
+SAX.startDocument()
+SAX.internalSubset(somedoc, , )
+SAX.entityDecl(a, 1, (null), (null), something)
+SAX.getEntity(a)
+SAX.entityDecl(b, 1, (null), (null), &a;)
+SAX.getEntity(b)
+SAX.externalSubset(somedoc, , )
+SAX.startElement(somedoc)
+SAX.characters(
+
+, 2)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.startElement(somebeacon, someattribute='&b;')
+SAX.endElement(somebeacon)
+SAX.characters(
+
+, 2)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters(
+, 1)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters(
+, 1)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters(
+, 1)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters(
+
+, 2)
+SAX.endElement(somedoc)
+SAX.endDocument()
+diff --git a/result/ent_738805.xml.sax2 b/result/ent_738805.xml.sax2
+new file mode 100644
+index 0000000..1eae781
+--- /dev/null
+++ b/result/ent_738805.xml.sax2
+@@ -0,0 +1,66 @@
+SAX.setDocumentLocator()
+SAX.startDocument()
+SAX.internalSubset(somedoc, , )
+SAX.entityDecl(a, 1, (null), (null), something)
+SAX.getEntity(a)
+SAX.entityDecl(b, 1, (null), (null), &a;)
+SAX.getEntity(b)
+SAX.externalSubset(somedoc, , )
+SAX.startElementNs(somedoc, NULL, NULL, 0, 0, 0)
+SAX.characters(
+
+, 2)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.startElementNs(somebeacon, NULL, NULL, 0, 1, 0, someattribute='&b;...', 3)
+SAX.endElementNs(somebeacon, NULL, NULL)
+SAX.characters(
+
+, 2)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters(
+, 1)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters(
+, 1)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters(
+, 1)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters( should appear after colon: , 28)
+SAX.getEntity(b)
+SAX.getEntity(a)
+SAX.characters(something, 9)
+SAX.reference(a)
+SAX.reference(b)
+SAX.characters(
+
+, 2)
+SAX.endElementNs(somedoc, NULL, NULL)
+SAX.endDocument()
+diff --git a/result/noent/ent_738805.xml b/result/noent/ent_738805.xml
+new file mode 100644
+index 0000000..5e44a55
+--- /dev/null
+++ b/result/noent/ent_738805.xml
+@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE somedoc [
+<!ENTITY a "something">
+<!ENTITY b "&a;">
+]>
+<somedoc>
+
+<somebeacon someattribute="something"/>
+
+something should appear after colon: something
+something should appear after colon: something
+something should appear after colon: something
+something should appear after colon: something
+
+</somedoc>
+diff --git a/test/ent_738805.xml b/test/ent_738805.xml
+new file mode 100644
+index 0000000..9ec70b1
+--- /dev/null
+++ b/test/ent_738805.xml
+@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE  somedoc [
+  <!ENTITY a   "something">
+  <!ENTITY b   "&a;">
+]>
+
+<somedoc>
+
+<somebeacon someattribute="&b;"/>
+
+&a; should appear after colon: &a;
+&b; should appear after colon: &a;
+&a; should appear after colon: &b;
+&b; should appear after colon: &b;
+
+</somedoc>
+-- 
+2.1.2
+
--- a/libxml2.changes
+++ b/libxml2.changes
@@ -1,9 +1,17 @@
+-------------------------------------------------------------------
+Mon Nov  3 17:13:24 UTC 2014 - vcizek@suse.com
+
+- fix a missing entities after CVE-2014-3660 fix
+  (https://bugzilla.gnome.org/show_bug.cgi?id=738805)
+  * added patches:
+    0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+    0002-Adding-example-from-bugs-738805-to-regression-tests.patch
+
 -------------------------------------------------------------------
 Mon Nov  3 10:01:23 UTC 2014 - vcizek@suse.com

 - fix a regression in libxml2 2.9.2
-  (https://bugzilla.gnome.org/show_bug.cgi?id=738805,
-   https://bugzilla.redhat.com/show_bug.cgi?id=1153753)
+  * https://bugzilla.redhat.com/show_bug.cgi?id=1153753
 - add libxml2-dont_initialize_catalog.patch

 -------------------------------------------------------------------
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -32,6 +32,8 @@ Source2:        baselibs.conf
 Source3:        %{name}.keyring
 Patch0:         fix-perl.diff
 Patch1:         libxml2-dont_initialize_catalog.patch
+Patch2:         0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+Patch3:         0002-Adding-example-from-bugs-738805-to-regression-tests.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
@@ -127,6 +129,8 @@ progress.
 %setup -q
 %patch0
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1

 %build
 %configure --disable-static \