Accepting request 731221 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Version update to 2.2.8 * Security fixes: (CVE-2019-15903, bsc#1149429) - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; * Bug fixes: - Fix cases where XML_StopParser did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without "-d DIRECTORY"; previously, only "-d DIRECTORY" would give you a proper exit code: Now both cases return exit code 2. * Other changes: - examples: Improve elements.c - Autotools: Add argument --enable-xml-attr-info - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom - Autotools: Fix linking issues with "./configure LD=clang" - Autotools: Fix "make run-xmltest" for out-of-source builds - CMake: Pull all options from Expat <=2.2.7 into namespace - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Install expat_config.h to include directory - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..]) - CMake: Now produces a summary of applied configuration - CMake: Require C++ compiler only when tests are enabled - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) - CMake: Port "make run-xmltest" from GNU Autotools to CMake - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF - Removed patches fixed in the update: OBS-URL: https://build.opensuse.org/request/show/731221 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/expat?expand=0&rev=79
2019-09-16 09:43:53 +00:00 · 2019-09-16 09:43:53 +00:00 · f5ae13f145
commit f5ae13f145
parent 860c603684
8 changed files with 60 additions and 199 deletions
--- a/expat-2.2.7.tar.xz
+++ b/expat-2.2.7.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:30e3f40acf9a8fdbd5c379bdcc8d1178a1d9af306de29fc8ece922bc4c57bef8
 size 424264
--- a/expat-2.2.7.tar.xz.asc
+++ b/expat-2.2.7.tar.xz.asc
@ -1,6 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iF0EABECAB0WIQQ9fpWdifrP7jg3GSGwC8ZqQBoWAAUCXQpmTQAKCRCwC8ZqQBoW
 AEIpAJ9+jIcvEUpNEhXku8RShzGrE5gc3gCgml4U3lnpbC7+avvh3F17U7+vSuE=
 =Jbtz
 -----END PGP SIGNATURE-----
--- a/expat-2.2.8.tar.xz
+++ b/expat-2.2.8.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:61caa81a49d858afb2031c7b1a25c97174e7f2009aa1ec4e1ffad2316b91779b
 size 422324
--- a/expat-2.2.8.tar.xz.asc
+++ b/expat-2.2.8.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAl18EWEACgkQliYqz/vT
 rsbjsg/+Lu9ULWosv29viYV7Q9t5506vwMKLea029/JjeuBw/TnHdN/Nfth4BMtb
 Iq8nw88C1+wFMX3xvqHoZsswjBsT4c6qMtSno3vAljS7mDh0Npt85qbA6IZpqDAh
 Lh+lJTInwCrsWVtkDEInrqiY15zs5NMaX85NFknlANZwhXHtnqVqBedt0jNe3URM
 He4NxIHDyLYs/4vnkEafKLwOPLEJ7ylsRCMjwcdL2WFUjbf/ZRG9Rz0z7fmXEWZm
 WGCfNFnPOK2Mt0XRxEVsjAg1zkkMMEqOyY3XSz0pg5Kej8yJI0UU/FnemaPgGt6U
 mEiLJJwvSyx3gIuLfTM6Sdi6MBHXHrbNN7XR1GRlH6w9x1HSzJQfJ4xVeHheykBq
 K9IY6ZWqhjoPC0kBWuWOXnwlkOuoK3/E91G2/S1MKEHeSlDTD81sNjfdUxeXfX1L
 LXk16BUeRsbj5Ykin+Cuw3lSin9RM6vNvr5gYfgw2Oeiye5b8vQ12CNUyHytU7fO
 HseMaoT+ZTbgc7bs7LYzSJh/Ba+O+RDXB9gJ2iYwqQfTgBjgXZWuvVNLNdTwNWXJ
 x7Hd0z+MjHFY5rOljQY/FvG8YOSHoiNhD5me+O3ZwQCz4jWXxEaW3JsxnXn/GmNV
 O2zQuB74tRZbCylNC0iocdhWu2OHFDjQGTl0GoaXNQEpo+tGEsM=
 =JAwW
 -----END PGP SIGNATURE-----
--- a/expat-CVE-2019-15903-tests.patch
+++ b/expat-CVE-2019-15903-tests.patch
@ -1,93 +0,0 @@
 From 438493691f1b8620a71d5aee658fe160103ff863 Mon Sep 17 00:00:00 2001
 From: Sebastian Pipping <sebastian@pipping.org>
 Date: Wed, 28 Aug 2019 15:14:19 +0200
 Subject: [PATCH] tests: Cover denying internal entities closing the doctype
 ---
 expat/tests/runtests.c | 67 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 Index: expat-2.2.5/tests/runtests.c
 ===================================================================
 --- expat-2.2.5.orig/tests/runtests.c
 +++ expat-2.2.5/tests/runtests.c
@@ -7193,6 +7193,69 @@ overwrite_end_checker(void *userData, co
     CharData_AppendXMLChars(storage, XCS("\n"), 1);
 }
 +#ifdef XML_DTD
 +START_TEST(test_misc_deny_internal_entity_closing_doctype_issue_317) {
 +  const char *const inputOne = "<!DOCTYPE d [\n"
 +                               "<!ENTITY % e ']><d/>'>\n"
 +                               "\n"
 +                               "%e;";
 +  const char *const inputTwo = "<!DOCTYPE d [\n"
 +                               "<!ENTITY % e1 ']><d/>'><!ENTITY % e2 '&e1;'>\n"
 +                               "\n"
 +                               "%e2;";
 +  const char *const inputThree = "<!DOCTYPE d [\n"
 +                                 "<!ENTITY % e ']><d'>\n"
 +                                 "\n"
 +                                 "%e;";
 +  const char *const inputIssue317 = "<!DOCTYPE doc [\n"
 +                                    "<!ENTITY % foo ']>\n"
 +                                    "<doc>Hell<oc (#PCDATA)*>'>\n"
 +                                    "%foo;\n"
 +                                    "]>\n"
 +                                    "<doc>Hello, world</dVc>";
 +
 +  const char *const inputs[] = {inputOne, inputTwo, inputThree, inputIssue317};
 +  size_t inputIndex = 0;
 +
 +  for (; inputIndex < sizeof(inputs) / sizeof(inputs[0]); inputIndex++) {
 +    XML_Parser parser;
 +    enum XML_Status parseResult;
 +    int setParamEntityResult;
 +    XML_Size lineNumber;
 +    XML_Size columnNumber;
 +    const char *const input = inputs[inputIndex];
 +
 +    parser = XML_ParserCreate(NULL);
 +    setParamEntityResult
 +        = XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
 +    if (setParamEntityResult != 1)
 +      fail("Failed to set XML_PARAM_ENTITY_PARSING_ALWAYS.");
 +
 +    parseResult = XML_Parse(parser, input, (int)strlen(input), 0);
 +    if (parseResult != XML_STATUS_ERROR) {
 +      parseResult = XML_Parse(parser, "", 0, 1);
 +      if (parseResult != XML_STATUS_ERROR) {
 +        fail("Parsing was expected to fail but succeeded.");
 +      }
 +    }
 +
 +    if (XML_GetErrorCode(parser) != XML_ERROR_INVALID_TOKEN)
 +      fail("Error code does not match XML_ERROR_INVALID_TOKEN");
 +
 +    lineNumber = XML_GetCurrentLineNumber(parser);
 +    if (lineNumber != 4)
 +      fail("XML_GetCurrentLineNumber does not work as expected.");
 +
 +    columnNumber = XML_GetCurrentColumnNumber(parser);
 +    if (columnNumber != 0)
 +      fail("XML_GetCurrentColumnNumber does not work as expected.");
 +
 +    XML_ParserFree(parser);
 +  }
 +}
 +END_TEST
 +#endif
 +
 static void
 run_ns_tagname_overwrite_test(const char *text, const XML_Char *result)
 {
@@ -12210,6 +12273,9 @@ make_suite(void)
     tcase_add_test(tc_misc, test_misc_features);
     tcase_add_test(tc_misc, test_misc_attribute_leak);
     tcase_add_test(tc_misc, test_misc_utf16le);
 +#ifdef XML_DTD
 +    tcase_add_test(tc_misc, test_misc_deny_internal_entity_closing_doctype_issue_317);
 +#endif
     suite_add_tcase(s, tc_alloc);
     tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);
--- a/expat-CVE-2019-15903.patch
+++ b/expat-CVE-2019-15903.patch
@ -1,89 +0,0 @@
 From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001
 From: Sebastian Pipping <sebastian@pipping.org>
 Date: Wed, 28 Aug 2019 00:24:59 +0200
 Subject: [PATCH] xmlparse.c: Deny internal entities closing the doctype
 ---
 expat/lib/xmlparse.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)
 Index: expat-2.2.5/lib/xmlparse.c
 ===================================================================
 --- expat-2.2.5.orig/lib/xmlparse.c
 +++ expat-2.2.5/lib/xmlparse.c
@@ -411,7 +411,7 @@ initializeEncoding(XML_Parser parser);
 static enum XML_Error
 doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
          const char *end, int tok, const char *next, const char **nextPtr,
 -         XML_Bool haveMore);
 +         XML_Bool haveMore, XML_Bool allowClosingDoctype);
 static enum XML_Error
 processInternalEntity(XML_Parser parser, ENTITY *entity,
                       XML_Bool betweenDecl);
@@ -4218,7 +4218,7 @@ externalParEntProcessor(XML_Parser parse
   parser->m_processor = prologProcessor;
   return doProlog(parser, parser->m_encoding, s, end, tok, next,
 -                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
 +                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
 }
 static enum XML_Error PTRCALL
@@ -4268,7 +4268,7 @@ prologProcessor(XML_Parser parser,
   const char *next = s;
   int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
   return doProlog(parser, parser->m_encoding, s, end, tok, next,
 -                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
 +                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
 }
 static enum XML_Error
@@ -4279,7 +4279,8 @@ doProlog(XML_Parser parser,
          int tok,
          const char *next,
          const char **nextPtr,
 -         XML_Bool haveMore)
 +         XML_Bool haveMore,
 +	 XML_Bool allowClosingDoctype)
 {
 #ifdef XML_DTD
   static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
@@ -4458,6 +4459,11 @@ doProlog(XML_Parser parser,
       }
       break;
     case XML_ROLE_DOCTYPE_CLOSE:
 +      if (allowClosingDoctype != XML_TRUE) {
 +        /* Must not close doctype from within expanded parameter entities */
 +        return XML_ERROR_INVALID_TOKEN;
 +      }
 +
       if (parser->m_doctypeName) {
         parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
                                 parser->m_doctypeSysid, parser->m_doctypePubid, 0);
@@ -5395,7 +5401,7 @@ processInternalEntity(XML_Parser parser,
   if (entity->is_param) {
     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
     result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
 -                      next, &next, XML_FALSE);
 +                      next, &next, XML_FALSE, XML_FALSE);
   }
   else
 #endif /* XML_DTD */
@@ -5442,7 +5448,7 @@ internalEntityProcessor(XML_Parser parse
   if (entity->is_param) {
     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
     result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
 -                      next, &next, XML_FALSE);
 +                      next, &next, XML_FALSE, XML_TRUE);
   }
   else
 #endif /* XML_DTD */
@@ -5469,7 +5475,7 @@ internalEntityProcessor(XML_Parser parse
     parser->m_processor = prologProcessor;
     tok = XmlPrologTok(parser->m_encoding, s, end, &next);
     return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
 -                    (XML_Bool)!parser->m_parsingStatus.finalBuffer);
 +                    (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
   }
   else
 #endif /* XML_DTD */
--- a/expat.changes
+++ b/expat.changes
@ -1,3 +1,39 @@
 -------------------------------------------------------------------
 Mon Sep 16 08:21:52 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 - Version update to 2.2.8
  * Security fixes: (CVE-2019-15903, bsc#1149429)
    - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
      (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
  * Bug fixes:
    - Fix cases where XML_StopParser did not have any effect
      when called from inside of an end element handler
    - xmlwf: Fix exit code for operation without "-d DIRECTORY";
      previously, only "-d DIRECTORY" would give you a proper exit code:
      Now both cases return exit code 2.
  * Other changes:
    - examples: Improve elements.c
    - Autotools: Add argument --enable-xml-attr-info
    - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
    - Autotools: Fix linking issues with "./configure LD=clang"
    - Autotools: Fix "make run-xmltest" for out-of-source builds
    - CMake: Pull all options from Expat <=2.2.7 into namespace
    - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
    - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
    - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
    - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
    - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
    - CMake: Install expat_config.h to include directory
    - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
    - CMake: Now produces a summary of applied configuration
    - CMake: Require C++ compiler only when tests are enabled
    - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
    - CMake: Port "make run-xmltest" from GNU Autotools to CMake
    - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
 - Removed patches fixed in the update:
  * expat-CVE-2019-15903.patch
  * expat-CVE-2019-15903-tests.patch
 -------------------------------------------------------------------
 Wed Sep  4 17:11:38 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
--- a/expat.spec
+++ b/expat.spec
@ -16,21 +16,18 @@
 #
-%global unversion 2_2_7
+%global unversion 2_2_8
 Name:           expat
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT
 Group:          Development/Libraries/C and C++
-URL:            http://libexpat.github.io
+URL:            https://libexpat.github.io
 Source0:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz
 Source1:        %{name}faq.html
 Source2:        baselibs.conf
 Source3:        https://github.com/libexpat/libexpat/releases/download/R_%{unversion}/expat-%{version}.tar.xz.asc
 # PATCH-FIX-UPSTREAM bsc#1149429 CVE-2019-15903 crafted XML input results in heap-based buffer over-read
 Patch1:         expat-CVE-2019-15903.patch
 Patch2:         expat-CVE-2019-15903-tests.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -65,8 +62,6 @@ in libexpat.
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 cp %{SOURCE1} .
 rm -f examples/*.dsp
@ -88,6 +83,8 @@ rm -f examples/*.dsp
 %install
 %make_install
 find %{buildroot} -type f -name "*.la" -delete -print
 # Fix permissions error: spurious-executable-perm
 chmod 0644 examples/elements.c
 %check
 make %{?_smp_mflags} check