rpm/xerces-c
SHA256
1
0
Fork 0
forked from pool/xerces-c
Code Pull Requests Activity

Accepting request 403800 from home:zawel1:branches:devel:libraries:c_c++

Browse Source 
- Update to 3.1.3
  * bug fixes
    + memcpy used on overlapping memory regions causes sanity test failure
    + Typo in XMLUni::fgUnknownURIName constant
    + Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.

OBS-URL: https://build.opensuse.org/request/show/403800
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/xerces-c?expand=0&rev=22
This commit is contained in:
Ismail Dönmez 2016-06-21 12:28:32 +00:00 committed by Git OBS Bridge
parent 4ede327720
commit 0e4f002d64
7 changed files with 30 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xerces-c-3.1.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:743bd0a029bf8de56a587c270d97031e0099fe2b7142cef03e0da16e282655a0
size 6959894

17
xerces-c-3.1.2.tar.gz.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJVCZSnAAoJEDeLhFQCJ3liDegP/jtKeuHuCzdkJHE1GmOZxauQ
1EEKY184iFd6vfFWVrO5t05GvtM7lQ+JducddvyUJ2Y6zOxQQys22zN41PhPMeo7
YvOp1nw04XVolke9nOzMm2s9qlYKtF+darXVZAi/ISYay36MLS1fQwx/B+tT/okM
jZFwA1pvzFI/YZ79Pj1k1W9VAlRXCGfOSveMasHv4Y97fFyQLIsyL85OetAqbIBR
UjGUZY47lcJYEMxu2SGwpCDr8hOcphF61qIDtnPdOzjHtyNfleWBYHgZhJcna1C4
lO+1BkOzzHb9Hclpu6TeDz2jPnJG6Eaxj+bG02EjSbhvgZSY+2pYFjDQUAulFNcp
ADidIh8oMke9Qv/CMesf8GagiPmPs3ftHM5+B1rYvSo8XyTJvsFrKUdDRaGPHpv7
uAAh+MI8WmvIqun7J14VZobvNb2rrVdWWitMG74eoW0ZB84P2uR7A9bIX8EaxIph
Kfe3DvUuB1/4Y5WlfOPsbl8KD5/QKvCwEnSJUd+VAxJJ3T1K74kycLNfTg4hwpF1
pPN6OCBXpeepkFN5z4UPxk3wTWjtv8vNqp0T3kx73kIwlpwcEYy3aeBiDuM7WaQ/
9aMQSWr0xbG4xlcQkl1T1nAspnszzr6V4igSpDep5sCLnyszXTICDpxRLrGPieaD
2kYITLYANPAluikgnX1i
=lzt1
-----END PGP SIGNATURE-----

3
xerces-c-3.1.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f3d4f73db7c981e16db2b16d9424b0c75d9fbd30ad81747cac047bc6170b5b49
size 9009575

17
xerces-c-3.1.3.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWxIfxAAoJEDeLhFQCJ3lilE8P/2vIKgW/8osvAZ2BCBGAUb24
qpxNvdYOGM3TUvqtdxUgL8+FYXB8iUS40iH3wCO48eUJU5fwvV/p5aW4/vly3AUP
MrLusDuYCMdVFua1cbGp2++e1HqFG5++3z/BwHjG4PnvzmiIiICPoFlVVpNXHSd2
dOXU+7HKBzrBTP4kOSv9jOx/OBpuTg+OnGUcy3BrR3cn1WCjjU37FLFr55XLm4u9
2V25IByhY/NP5GTCHRwu4fUE7bNVC64sN3J7gVtRTK4HbS353rx+30EteN7jdBit
/3PqprmIQHATn+WqEybAm3a6ofyX1+qwZjvF28j60NGupYbl5ZYIrSsXY+A0MZgb
qmFyVYWzaDW722RuGUIoKPO98G+kzywdVN+o0EZ10BmAHsw9kZIP4GLsuvgmNs3B
iJYSRlqyw47/Q566REo0tibIWUtWUlljG4QMfIpMhwW2dNFgPDk4kL0a5KKjYwD5
eAjvcaQdA8i2XJX8Dd8VLhPPBvJK2VaSx1BHnYFZZBqcD6ZrxjckaAc2n97beet5
tbSp1h7oNMn9A6EjbAqVz4gWgslix3NtHYHMKcBjoZORbmiC+KQc60zwlY7IVwtD
V9pLX8W9ce8aCsXsRhecvxwnDtJHro3730oKd+gG3+xPxSqtOM1c0BGEmV/liy+W
O0R7LgVTzKkaBKqSmkTD
=0g/c
-----END PGP SIGNATURE-----

377
xerces-c-CVE-2016-0729.patch
View File

@ -1,377 +0,0 @@
Index: xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp
===================================================================
--- xerces-c-3.1.1.orig/src/xercesc/internal/XMLReader.cpp
+++ xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp
@@ -1460,8 +1460,30 @@ void XMLReader::doInitDecode()
while (fRawBufIndex < fRawBytesAvail)
{
- // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume.
+ // Make sure there are at least sizeof(UCS4Ch) bytes to consume.
if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
ThrowXMLwithMemMgr1
(
TranscodingException
@@ -1547,6 +1569,23 @@ void XMLReader::doInitDecode()
const char curCh = *asChars++;
fRawBufIndex++;
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
// Looks ok, so store it
fCharSizeBuf[fCharsAvail] = 1;
fCharBuf[fCharsAvail++] = XMLCh(curCh);
@@ -1630,8 +1669,30 @@ void XMLReader::doInitDecode()
while (fRawBufIndex < fRawBytesAvail)
{
- // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume.
+ // Make sure there are at least sizeof(UTF16Ch) bytes to consume.
if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
ThrowXMLwithMemMgr1
(
TranscodingException
@@ -1676,6 +1737,24 @@ void XMLReader::doInitDecode()
const XMLCh chCur = XMLEBCDICTranscoder::xlatThisOne(*srcPtr++);
fRawBufIndex++;
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+
//
// And put it into the character buffer. This stuff has to
// look like it was normally transcoded.
@@ -1730,7 +1809,7 @@ void XMLReader::doInitDecode()
//
void XMLReader::refreshRawBuffer()
{
- // Security fix: make sure we don't underflow on the subtraction.
+ // Make sure we don't underflow on the subtraction.
if (fRawBufIndex > fRawBytesAvail) {
ThrowXMLwithMemMgr1
(
Index: xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp
===================================================================
--- xerces-c-3.1.1.orig/src/xercesc/util/XMLURL.cpp
+++ xerces-c-3.1.1/src/xercesc/util/XMLURL.cpp
@@ -611,9 +611,20 @@ BinInputStream* XMLURL::makeNewStream()
while (percentIndex != -1) {
- if (percentIndex+2 >= (int)end ||
- !isHexDigit(realPath[percentIndex+1]) ||
- !isHexDigit(realPath[percentIndex+2]))
+ // Isolate the length/boundary check so we don't try and copy off the end.
+ if (percentIndex+2 >= (int)end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(realPath[percentIndex]), (percentIndex + 1 >= (int)end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , realPath
+ , value1
+ , fMemoryManager);
+ }
+ else if (!isHexDigit(realPath[percentIndex+1]) || !isHexDigit(realPath[percentIndex+2]))
{
XMLCh value1[4];
XMLString::moveChars(value1, &(realPath[percentIndex]), 3);
Index: xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp
===================================================================
--- xerces-c-3.1.1.orig/src/xercesc/util/XMLUri.cpp
+++ xerces-c-3.1.1/src/xercesc/util/XMLUri.cpp
@@ -875,11 +875,21 @@ void XMLUri::initializePath(const XMLCh*
// check for valid escape sequence
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_PATH
+ , value1
+ , fMemoryManager);
+ }
+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
+ {
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -892,7 +902,7 @@ void XMLUri::initializePath(const XMLCh*
else if (!isUnreservedCharacter(testChar) &&
!isPathCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -920,11 +930,21 @@ void XMLUri::initializePath(const XMLCh*
// check for valid escape sequence
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_PATH
+ , value1
+ , fMemoryManager);
+ }
+ else if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
+ {
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -941,7 +961,7 @@ void XMLUri::initializePath(const XMLCh*
// contains '[' and ']'.
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -979,11 +999,21 @@ void XMLUri::initializePath(const XMLCh*
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_QUERY
+ , value1
+ , fMemoryManager);
+ }
+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -995,7 +1025,7 @@ void XMLUri::initializePath(const XMLCh*
}
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1030,11 +1060,21 @@ void XMLUri::initializePath(const XMLCh*
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ , XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_FRAGMENT
+ , value1
+ , fMemoryManager);
+ }
+ if (!XMLString::isHex(uriSpec[index+1]) || !XMLString::isHex(uriSpec[index+2]))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1046,7 +1086,7 @@ void XMLUri::initializePath(const XMLCh*
}
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1410,14 +1450,15 @@ void XMLUri::isConformantUserInfo(const
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}
else
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
value1[0] = chPercent;
value1[1] = *(tmpStr+1);
value1[2] = *(tmpStr+2);
@@ -1468,8 +1509,9 @@ bool XMLUri::isValidServerBasedAuthority
}
else if (userinfo[index] == chPercent) // '%'
{
- if (XMLString::isHex(userinfo[index+1]) && // 1st hex
- XMLString::isHex(userinfo[index+2]) ) // 2nd hex
+ if (index + 2 < userLen
+ && XMLString::isHex(userinfo[index+1]) // 1st hex
+ && XMLString::isHex(userinfo[index+2]) ) // 2nd hex
index +=3;
else
return false;
@@ -1508,8 +1550,9 @@ bool XMLUri::isValidServerBasedAuthority
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}
@@ -1537,8 +1580,9 @@ bool XMLUri::isValidRegistryBasedAuthori
}
else if (authority[index] == chPercent) // '%'
{
- if (XMLString::isHex(authority[index+1]) && // 1st hex
- XMLString::isHex(authority[index+2]) ) // 2nd hex
+ if (index + 2 < authLen
+ && XMLString::isHex(authority[index+1]) // 1st hex
+ && XMLString::isHex(authority[index+2]) ) // 2nd hex
index +=3;
else
return false;
@@ -1566,8 +1610,9 @@ bool XMLUri::isValidRegistryBasedAuthori
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr + 1)) // 1st hex
+ && XMLString::isHex(*(tmpStr + 2))) // 2nd hex
{
tmpStr+=3;
}
@@ -1602,8 +1647,9 @@ bool XMLUri::isURIString(const XMLCh* co
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >=3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}

9
xerces-c.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Jun 21 11:00:01 CEST 2016 - zawel1@gmail.com
- Update to 3.1.3
* bug fixes
+ memcpy used on overlapping memory regions causes sanity test failure
+ Typo in XMLUni::fgUnknownURIName constant
+ Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.
-------------------------------------------------------------------
Thu Jun 16 15:43:53 UTC 2016 - pjanouch@suse.de

5
xerces-c.spec
View File

@ -17,7 +17,7 @@
Name: xerces-c
Version: 3.1.2
Version: 3.1.3
Release: 0
Summary: A Validating XML Parser
License: Apache-2.0
@ -27,8 +27,6 @@ Source0: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}
Source1: http://www.apache.org/dist/xerces/c/3/sources/%{name}-%{version}.tar.gz.asc
Source2: %{name}.keyring
Source3: baselibs.conf
# PATCH-FIX-UPSTREAM bsc#966822
Patch2: %{name}-CVE-2016-0729.patch
# PATCH-FIX-UPSTREAM bsc#979208
Patch3: %{name}-CVE-2016-2099.patch
BuildRequires: fdupes
@ -95,7 +93,6 @@ This package includes files needed for development with Xerces-c
%prep
%setup -q -n xerces-c-%{version}
%patch2 -p1
%patch3 -p0
%build