From 58e3983d68f7b401427b0c73be0b5de71b8329748ee03de8d6b47c643e3e8db6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Tue, 4 Nov 2014 18:12:02 +0000
Subject: [PATCH] Accepting request 259660 from
 home:vitezslav_cizek:branches:devel:libraries:c_c++

- fix a missing entities after CVE-2014-3660 fix
  (https://bugzilla.gnome.org/show_bug.cgi?id=738805)
  * added patches:
    0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
    0002-Adding-example-from-bugs-738805-to-regression-tests.patch

  * https://bugzilla.redhat.com/show_bug.cgi?id=1153753

OBS-URL: https://build.opensuse.org/request/show/259660
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=99
---
 ...ing-entities-after-CVE-2014-3660-fix.patch |  31 ++
 ...from-bugs-738805-to-regression-tests.patch | 294 ++++++++++++++++++
 libxml2.changes                               |  12 +-
 libxml2.spec                                  |   4 +
 4 files changed, 339 insertions(+), 2 deletions(-)
 create mode 100644 0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
 create mode 100644 0002-Adding-example-from-bugs-738805-to-regression-tests.patch

diff --git a/0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch b/0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
new file mode 100644
index 0000000..ccde0f0
--- /dev/null
+++ b/0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
@@ -0,0 +1,31 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: [PATCH 1/2] Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+      * far more secure as the parser will only process data coming from
+      * the document entity by default.
+      */
+-    if ((ent->checked == 0) &&
++    if (((ent->checked == 0) ||
++         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ 	unsigned long oldnbent = ctxt->nbentities;
+-- 
+2.1.2
+
diff --git a/0002-Adding-example-from-bugs-738805-to-regression-tests.patch b/0002-Adding-example-from-bugs-738805-to-regression-tests.patch
new file mode 100644
index 0000000..3ebacb8
--- /dev/null
+++ b/0002-Adding-example-from-bugs-738805-to-regression-tests.patch
@@ -0,0 +1,294 @@
+From df23f584fda15955a0811bd768a8925eb98741c9 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 13:52:47 +0800
+Subject: [PATCH 2/2] Adding example from bugs 738805 to regression tests
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+Tortuous test case provided by pierre.labastie@neuf.fr
+---
+ result/ent_738805.xml       | 15 +++++++++++
+ result/ent_738805.xml.rde   | 15 +++++++++++
+ result/ent_738805.xml.rdr   | 31 +++++++++++++++++++++
+ result/ent_738805.xml.sax   | 66 +++++++++++++++++++++++++++++++++++++++++++++
+ result/ent_738805.xml.sax2  | 66 +++++++++++++++++++++++++++++++++++++++++++++
+ result/noent/ent_738805.xml | 15 +++++++++++
+ test/ent_738805.xml         | 16 +++++++++++
+ 7 files changed, 224 insertions(+)
+ create mode 100644 result/ent_738805.xml
+ create mode 100644 result/ent_738805.xml.rde
+ create mode 100644 result/ent_738805.xml.rdr
+ create mode 100644 result/ent_738805.xml.sax
+ create mode 100644 result/ent_738805.xml.sax2
+ create mode 100644 result/noent/ent_738805.xml
+ create mode 100644 test/ent_738805.xml
+
+diff --git a/result/ent_738805.xml b/result/ent_738805.xml
+new file mode 100644
+index 0000000..d285eee
+--- /dev/null
++++ b/result/ent_738805.xml
+@@ -0,0 +1,15 @@
++<?xml version="1.0" encoding="ISO-8859-1"?>
++<!DOCTYPE somedoc [
++<!ENTITY a "something">
++<!ENTITY b "&a;">
++]>
++<somedoc>
++
++<somebeacon someattribute="&b;"/>
++
++&a; should appear after colon: &a;
++&b; should appear after colon: &a;
++&a; should appear after colon: &b;
++&b; should appear after colon: &b;
++
++</somedoc>
+diff --git a/result/ent_738805.xml.rde b/result/ent_738805.xml.rde
+new file mode 100644
+index 0000000..fa086fe
+--- /dev/null
++++ b/result/ent_738805.xml.rde
+@@ -0,0 +1,15 @@
++0 10 somedoc 0 0
++0 1 somedoc 0 0
++1 14 #text 0 1 
++
++
++1 1 somebeacon 1 0
++1 3 #text 0 1 
++
++something should appear after colon: something
++something should appear after colon: something
++something should appear after colon: something
++something should appear after colon: something
++
++
++0 15 somedoc 0 0
+diff --git a/result/ent_738805.xml.rdr b/result/ent_738805.xml.rdr
+new file mode 100644
+index 0000000..c52dbf1
+--- /dev/null
++++ b/result/ent_738805.xml.rdr
+@@ -0,0 +1,31 @@
++0 10 somedoc 0 0
++0 1 somedoc 0 0
++1 14 #text 0 1 
++
++
++1 1 somebeacon 1 0
++1 14 #text 0 1 
++
++
++1 5 a 0 0
++1 3 #text 0 1  should appear after colon: 
++1 5 a 0 0
++1 14 #text 0 1 
++
++1 5 b 0 0
++1 3 #text 0 1  should appear after colon: 
++1 5 a 0 0
++1 14 #text 0 1 
++
++1 5 a 0 0
++1 3 #text 0 1  should appear after colon: 
++1 5 b 0 0
++1 14 #text 0 1 
++
++1 5 b 0 0
++1 3 #text 0 1  should appear after colon: 
++1 5 b 0 0
++1 14 #text 0 1 
++
++
++0 15 somedoc 0 0
+diff --git a/result/ent_738805.xml.sax b/result/ent_738805.xml.sax
+new file mode 100644
+index 0000000..2649117
+--- /dev/null
++++ b/result/ent_738805.xml.sax
+@@ -0,0 +1,66 @@
++SAX.setDocumentLocator()
++SAX.startDocument()
++SAX.internalSubset(somedoc, , )
++SAX.entityDecl(a, 1, (null), (null), something)
++SAX.getEntity(a)
++SAX.entityDecl(b, 1, (null), (null), &a;)
++SAX.getEntity(b)
++SAX.externalSubset(somedoc, , )
++SAX.startElement(somedoc)
++SAX.characters(
++
++, 2)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.startElement(somebeacon, someattribute='&b;')
++SAX.endElement(somebeacon)
++SAX.characters(
++
++, 2)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters(
++, 1)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters(
++, 1)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters(
++, 1)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters(
++
++, 2)
++SAX.endElement(somedoc)
++SAX.endDocument()
+diff --git a/result/ent_738805.xml.sax2 b/result/ent_738805.xml.sax2
+new file mode 100644
+index 0000000..1eae781
+--- /dev/null
++++ b/result/ent_738805.xml.sax2
+@@ -0,0 +1,66 @@
++SAX.setDocumentLocator()
++SAX.startDocument()
++SAX.internalSubset(somedoc, , )
++SAX.entityDecl(a, 1, (null), (null), something)
++SAX.getEntity(a)
++SAX.entityDecl(b, 1, (null), (null), &a;)
++SAX.getEntity(b)
++SAX.externalSubset(somedoc, , )
++SAX.startElementNs(somedoc, NULL, NULL, 0, 0, 0)
++SAX.characters(
++
++, 2)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.startElementNs(somebeacon, NULL, NULL, 0, 1, 0, someattribute='&b;...', 3)
++SAX.endElementNs(somebeacon, NULL, NULL)
++SAX.characters(
++
++, 2)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters(
++, 1)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters(
++, 1)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters(
++, 1)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters( should appear after colon: , 28)
++SAX.getEntity(b)
++SAX.getEntity(a)
++SAX.characters(something, 9)
++SAX.reference(a)
++SAX.reference(b)
++SAX.characters(
++
++, 2)
++SAX.endElementNs(somedoc, NULL, NULL)
++SAX.endDocument()
+diff --git a/result/noent/ent_738805.xml b/result/noent/ent_738805.xml
+new file mode 100644
+index 0000000..5e44a55
+--- /dev/null
++++ b/result/noent/ent_738805.xml
+@@ -0,0 +1,15 @@
++<?xml version="1.0" encoding="ISO-8859-1"?>
++<!DOCTYPE somedoc [
++<!ENTITY a "something">
++<!ENTITY b "&a;">
++]>
++<somedoc>
++
++<somebeacon someattribute="something"/>
++
++something should appear after colon: something
++something should appear after colon: something
++something should appear after colon: something
++something should appear after colon: something
++
++</somedoc>
+diff --git a/test/ent_738805.xml b/test/ent_738805.xml
+new file mode 100644
+index 0000000..9ec70b1
+--- /dev/null
++++ b/test/ent_738805.xml
+@@ -0,0 +1,16 @@
++<?xml version="1.0" encoding="ISO-8859-1"?>
++<!DOCTYPE  somedoc [
++  <!ENTITY a   "something">
++  <!ENTITY b   "&a;">
++]>
++
++<somedoc>
++
++<somebeacon someattribute="&b;"/>
++
++&a; should appear after colon: &a;
++&b; should appear after colon: &a;
++&a; should appear after colon: &b;
++&b; should appear after colon: &b;
++
++</somedoc>
+-- 
+2.1.2
+
diff --git a/libxml2.changes b/libxml2.changes
index f84f990..365bb73 100644
--- a/libxml2.changes
+++ b/libxml2.changes
@@ -1,9 +1,17 @@
+-------------------------------------------------------------------
+Mon Nov  3 17:13:24 UTC 2014 - vcizek@suse.com
+
+- fix a missing entities after CVE-2014-3660 fix
+  (https://bugzilla.gnome.org/show_bug.cgi?id=738805)
+  * added patches:
+    0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+    0002-Adding-example-from-bugs-738805-to-regression-tests.patch
+
 -------------------------------------------------------------------
 Mon Nov  3 10:01:23 UTC 2014 - vcizek@suse.com
 
 - fix a regression in libxml2 2.9.2
-  (https://bugzilla.gnome.org/show_bug.cgi?id=738805,
-   https://bugzilla.redhat.com/show_bug.cgi?id=1153753)
+  * https://bugzilla.redhat.com/show_bug.cgi?id=1153753
 - add libxml2-dont_initialize_catalog.patch
 
 -------------------------------------------------------------------
diff --git a/libxml2.spec b/libxml2.spec
index e9833aa..48a7805 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -32,6 +32,8 @@ Source2:        baselibs.conf
 Source3:        %{name}.keyring
 Patch0:         fix-perl.diff
 Patch1:         libxml2-dont_initialize_catalog.patch
+Patch2:         0001-Fix-missing-entities-after-CVE-2014-3660-fix.patch
+Patch3:         0002-Adding-example-from-bugs-738805-to-regression-tests.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
@@ -127,6 +129,8 @@ progress.
 %setup -q
 %patch0
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %build
 %configure --disable-static \