Befator-Inc-Firmen-Netzwerk/MSYS2-packages
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

libxml2: Rebuild with ICU 68, fix CVE

Browse Source
This commit is contained in:
Alexey Pavlov 2021-01-12 22:43:17 +03:00
parent fefb563625
commit 9f0f6f3cee
9 changed files with 373 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
libxml2/PKGBUILD
View File

@ -1,21 +1,38 @@
# Maintainer: Alexey Pavlov <alexpux@gmail.com>
pkgbase=libxml2
pkgname=('libxml2' 'libxml2-devel' 'libxml2-python')
pkgver=2.9.10
pkgrel=6
pkgrel=7
pkgdesc="XML parsing library, version 2"
arch=(i686 x86_64)
license=('MIT')
makedepends=('python-devel' 'icu-devel>=67.1' 'libreadline-devel' 'ncurses-devel' 'liblzma-devel' 'zlib-devel')
makedepends=('python-devel' 'icu-devel>=68.1' 'libreadline-devel' 'ncurses-devel' 'liblzma-devel' 'zlib-devel')
url="http://www.xmlsoft.org/"
source=(http://xmlsoft.org/sources/${pkgname}-${pkgver}.tar.gz
source=(http://xmlsoft.org/sources/${pkgbase}-${pkgver}.tar.gz
https://www.w3.org/XML/Test/xmlts20130923.tar.gz
libxml2-2.9.8-python3-unicode-errors.patch
fix-relaxed-approach-to-nested-documents.patch
libxml2-2.9.10-CVE-2019-20388.patch
libxml2-2.9.10-CVE-2020-7595.patch
libxml2-2.9.10-parenthesize-type-checks.patch
libxml2-2.9.10-CVE-2020-24977.patch
libxml2-2.9.10-fix-integer-overflow.patch
libxml2-2.9.10-icu68.patch
libxml2-2.9.0-do-not-check-crc.patch
libxml2-2.7.3-doc-install.patch
libxml2-cygwin-reentrant.patch
libxml2-2.9.1-msys2.patch)
sha256sums=('aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f'
'9b61db9f5dbffa545f4b8d78422167083a8568c59bd1129f94138f936cf6fc1f'
'37eb81a8ec6929eed1514e891bff2dd05b450bcf0c712153880c485b7366c17c'
'50f04807b86a179d051fb86755e82f55ba7aac9d0c005eefea93d2599a911d01'
'cfe1b3e0f026df6f979dbd77c1dcd1268e60acf3d7a8ff3f480b4e67bfcc19d6'
'c6105ff40d7b1b140fcd821b5d64ab8c7b596708071c26964727e7352b07ac7e'
'b63c161e4c8a6f0a65ba091c3d3ed09d3110d21f997ee61077c782b311fd4b33'
'62eafffc2b4949489c261c63883d27c2e83d688f1d4c899000b283e4c2a682be'
'fd227780ad5699bebca7ef412d2d50fb1d21a54f6e3fdcad0bda5bdc8f8b2525'
'f02a435761f26ff664041d49f9d05924dc627bf103c7f542feee891f69aa84a2'
'5a53d640ebce5a96e35fbdf5f644c37642dfa3345a1dc4fc355728897c19b7e7'
'bff6790eadec6d7b3affd2d3a7385ce7f80cec2cf4abbd2ed83e9cb297a614a9'
'fbd5ddb92e3cd0ab0f1f058436ca73b677f12fa00f65d634be7ef791e3706e33'
@ -43,10 +60,23 @@ del_file_exists() {
prepare() {
cd ${srcdir}
del_file_exists ${pkgname}-${pkgver}/xmlconf
mv xmlconf -t ${pkgname}-${pkgver}
del_file_exists ${pkgbase}-${pkgver}/xmlconf
mv xmlconf -t ${pkgbase}-${pkgver}
cd ${pkgname}-${pkgver}
cd ${pkgbase}-${pkgver}
# From https://src.fedoraproject.org/rpms/libxml2/tree/master
apply_patch_with_msg \
libxml2-2.9.8-python3-unicode-errors.patch \
fix-relaxed-approach-to-nested-documents.patch \
libxml2-2.9.10-CVE-2019-20388.patch \
libxml2-2.9.10-CVE-2020-7595.patch \
libxml2-2.9.10-parenthesize-type-checks.patch \
libxml2-2.9.10-CVE-2020-24977.patch \
libxml2-2.9.10-fix-integer-overflow.patch
apply_patch_with_msg \
libxml2-2.9.10-icu68.patch
apply_patch_with_msg \
libxml2-2.9.0-do-not-check-crc.patch \
@ -59,7 +89,8 @@ prepare() {
build() {
export lt_cv_deplibs_check_method='pass_all'
cd ${pkgname}-${pkgver}
CFLAGS+=" -fcommon"
cd ${pkgbase}-${pkgver}
./configure \
--prefix=/usr \
--sysconfdir=/etc \
@ -77,17 +108,17 @@ build() {
make DESTDIR=${srcdir}/dest install
PYTHON_SITELIB="$(python -c 'import site, sys; sys.stdout.write(site.getsitepackages()[0])')"
mv ${srcdir}/dest${PYTHON_SITELIB}/${pkgname/lib/msys-}mod.dll ${srcdir}/dest${PYTHON_SITELIB}/${pkgname}mod.dll
sed -i -e "s:${pkgname/lib/msys-}mod:${PN}mod:g" ${srcdir}/dest${PYTHON_SITELIB}/${pkgname}mod.la
mv ${srcdir}/dest${PYTHON_SITELIB}/${pkgbase/lib/msys-}mod.dll ${srcdir}/dest${PYTHON_SITELIB}/${pkgbase}mod.dll
sed -i -e "s:${pkgbase/lib/msys-}mod:${PN}mod:g" ${srcdir}/dest${PYTHON_SITELIB}/${pkgbase}mod.la
}
check() {
cd ${pkgname}-${pkgver}
cd ${pkgbase}-${pkgver}
make check
}
package_libxml2() {
depends=('coreutils' 'icu>=67.1' 'liblzma' 'libreadline' 'ncurses' 'zlib')
depends=('coreutils' 'icu>=68.1' 'liblzma' 'libreadline' 'ncurses' 'zlib')
groups=('libraries')
install=libxml2.install
@ -96,14 +127,14 @@ package_libxml2() {
rm -f ${pkgdir}/usr/bin/*-config
mkdir -p ${pkgdir}/usr/share
cp -rf ${srcdir}/dest/usr/share/man ${pkgdir}/usr/share/
install -Dm644 ${srcdir}/${pkgname}-${pkgver}/COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
install -Dm644 ${srcdir}/${pkgbase}-${pkgver}/COPYING "${pkgdir}/usr/share/licenses/${pkgbase}/COPYING"
}
package_libxml2-devel() {
pkgdesc="Libxml2 headers and libraries"
groups=('development')
options=('staticlibs')
depends=("libxml2=${pkgver}" 'icu-devel>=59.1' 'libreadline-devel' 'ncurses-devel' 'liblzma-devel' 'zlib-devel')
depends=("libxml2=${pkgver}" 'icu-devel>=68.1' 'libreadline-devel' 'ncurses-devel' 'liblzma-devel' 'zlib-devel')
PYTHON_SITELIB="$(python -c 'import site, sys; sys.stdout.write(site.getsitepackages()[0])')"
mkdir -p ${pkgdir}/usr/{bin,share}

33
libxml2/fix-relaxed-approach-to-nested-documents.patch Normal file
View File

@ -0,0 +1,33 @@
From 0815302dee2b78139832c2080348086a0564836b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 6 Dec 2019 12:27:29 +0100
Subject: [PATCH] Fix freeing of nested documents
Apparently, some libxslt RVTs can contain nested document nodes, see
issue #132. I'm not sure how this happens exactly but it can cause a
segfault in xmlFreeNodeList after the changes in commit 0762c9b6.
Make sure not to touch the (nonexistent) `content` member of xmlDocs.
---
tree.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tree.c b/tree.c
index 070670f1..0d7fc98c 100644
--- a/tree.c
+++ b/tree.c
@@ -3708,6 +3708,11 @@ xmlFreeNodeList(xmlNodePtr cur) {
(cur->type != XML_XINCLUDE_START) &&
(cur->type != XML_XINCLUDE_END) &&
(cur->type != XML_ENTITY_REF_NODE) &&
+ (cur->type != XML_DOCUMENT_NODE) &&
+#ifdef LIBXML_DOCB_ENABLED
+ (cur->type != XML_DOCB_DOCUMENT_NODE) &&
+#endif
+ (cur->type != XML_HTML_DOCUMENT_NODE) &&
(cur->content != (xmlChar *) &(cur->properties))) {
DICT_FREE(cur->content)
}
--
2.22.0

33
libxml2/libxml2-2.9.10-CVE-2019-20388.patch Normal file
View File

@ -0,0 +1,33 @@
From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 20 Aug 2019 16:33:06 +0800
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.
Found with libFuzzer.
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
xmlschemas.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/xmlschemas.c b/xmlschemas.c
index 301c8449..39d92182 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
vctxt->nberrors = 0;
vctxt->depth = -1;
vctxt->skipDepth = -1;
- vctxt->xsiAssemble = 0;
vctxt->hasKeyrefs = 0;
#ifdef ENABLE_IDC_NODE_TABLES_TEST
vctxt->createIDCNodeTables = 1;
--
2.24.1

36
libxml2/libxml2-2.9.10-CVE-2020-24977.patch Normal file
View File

@ -0,0 +1,36 @@
From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 7 Aug 2020 21:54:27 +0200
Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
array access.
Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
the report.
Fixes #178.
---
xmllint.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xmllint.c b/xmllint.c
index f6a8e463..c647486f 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -528,6 +528,12 @@ static void
xmlHTMLEncodeSend(void) {
char *result;
+ /*
+ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
+ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
+ * an out-of-bounds read.
+ */
+ memset(&buffer[sizeof(buffer)-4], 0, 4);
result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
if (result) {
xmlGenericError(xmlGenericErrorContext, "%s", result);
--
2.28.0.rc2

32
libxml2/libxml2-2.9.10-CVE-2020-7595.patch Normal file
View File

@ -0,0 +1,32 @@
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
return NULL which cause a infinite loop in xmlStringLenDecodeEntities
Found with libFuzzer.
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
parser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index d1c31963..a34bb6cd 100644
--- a/parser.c
+++ b/parser.c
@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
else
c = 0;
while ((c != 0) && (c != end) && /* non input consuming loop */
- (c != end2) && (c != end3)) {
+ (c != end2) && (c != end3) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
if (c == 0) break;
if ((c == '&') && (str[1] == '#')) {
--
2.24.1

41
libxml2/libxml2-2.9.10-fix-integer-overflow.patch Normal file
View File

@ -0,0 +1,41 @@
From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 3 Aug 2020 17:30:41 +0200
Subject: [PATCH] Fix integer overflow when comparing schema dates
Found by OSS-Fuzz.
---
xmlschemastypes.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index 4249d700..d6b9f924 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
minday = 0;
maxday = 0;
} else {
+ if (myear > LONG_MAX / 366)
+ return -2;
/* FIXME: This doesn't take leap year exceptions every 100/400 years
into account. */
maxday = 365 * myear + (myear + 3) / 4;
@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
if ((x == NULL) || (y == NULL))
return -2;
+ if ((x->value.date.year > LONG_MAX / 366) ||
+ (x->value.date.year < LONG_MIN / 366) ||
+ (y->value.date.year > LONG_MAX / 366) ||
+ (y->value.date.year < LONG_MIN / 366)) {
+ /* Possible overflow when converting to days. */
+ return -2;
+ }
+
if (x->value.date.tz_flag) {
if (!y->value.date.tz_flag) {
--
2.28.0.rc2

28
libxml2/libxml2-2.9.10-icu68.patch Normal file
View File

@ -0,0 +1,28 @@
From b516ed189eb440e909f36baca1557b98e4d9ffd7 Mon Sep 17 00:00:00 2001
From: Frederik Seiffert <frederik@algoriddim.com>
Date: Thu, 12 Nov 2020 12:53:43 +0100
Subject: [PATCH] Fix building with ICU 68.
ICU 68 no longer defines the TRUE macro.
Closes #204.
---
encoding.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/encoding.c b/encoding.c
index c34aca44..264f60bb 100644
--- a/encoding.c
+++ b/encoding.c
@@ -2004,7 +2004,7 @@ xmlEncOutputChunk(xmlCharEncodingHandler *handler, unsigned char *out,
#ifdef LIBXML_ICU_ENABLED
else if (handler->uconv_out != NULL) {
ret = xmlUconvWrapper(handler->uconv_out, 0, out, outlen, in, inlen,
- TRUE);
+ 1);
}
#endif /* LIBXML_ICU_ENABLED */
else {
--
GitLab

92
libxml2/libxml2-2.9.10-parenthesize-type-checks.patch Normal file
View File

@ -0,0 +1,92 @@
From edc7b6abb0c125eeb888748c334897f60aab0854 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Fri, 28 Feb 2020 12:48:14 +0100
Subject: [PATCH] Parenthesize Py<type>_Check() in ifs
In C, if expressions should be parenthesized.
PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized
expression before, but that's not API to rely on.
Since Python 3.9.0a4 it needs to be parenthesized explicitly.
Fixes https://gitlab.gnome.org/GNOME/libxml2/issues/149
---
python/libxml.c | 4 ++--
python/types.c | 12 ++++++------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/python/libxml.c b/python/libxml.c
index bc676c4e..81e709f3 100644
--- a/python/libxml.c
+++ b/python/libxml.c
@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
lenread = PyBytes_Size(ret);
data = PyBytes_AsString(ret);
#ifdef PyUnicode_Check
- } else if PyUnicode_Check (ret) {
+ } else if (PyUnicode_Check (ret)) {
#if PY_VERSION_HEX >= 0x03030000
Py_ssize_t size;
const char *tmp;
@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
lenread = PyBytes_Size(ret);
data = PyBytes_AsString(ret);
#ifdef PyUnicode_Check
- } else if PyUnicode_Check (ret) {
+ } else if (PyUnicode_Check (ret)) {
#if PY_VERSION_HEX >= 0x03030000
Py_ssize_t size;
const char *tmp;
diff --git a/python/types.c b/python/types.c
index c2bafeb1..ed284ec7 100644
--- a/python/types.c
+++ b/python/types.c
@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
if (obj == NULL) {
return (NULL);
}
- if PyFloat_Check (obj) {
+ if (PyFloat_Check (obj)) {
ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj));
- } else if PyLong_Check(obj) {
+ } else if (PyLong_Check(obj)) {
#ifdef PyLong_AS_LONG
ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj));
#else
ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj));
#endif
#ifdef PyBool_Check
- } else if PyBool_Check (obj) {
+ } else if (PyBool_Check (obj)) {
if (obj == Py_True) {
ret = xmlXPathNewBoolean(1);
@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
ret = xmlXPathNewBoolean(0);
}
#endif
- } else if PyBytes_Check (obj) {
+ } else if (PyBytes_Check (obj)) {
xmlChar *str;
str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj),
PyBytes_GET_SIZE(obj));
ret = xmlXPathWrapString(str);
#ifdef PyUnicode_Check
- } else if PyUnicode_Check (obj) {
+ } else if (PyUnicode_Check (obj)) {
#if PY_VERSION_HEX >= 0x03030000
xmlChar *str;
const char *tmp;
@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
ret = xmlXPathWrapString(str);
#endif
#endif
- } else if PyList_Check (obj) {
+ } else if (PyList_Check (obj)) {
int i;
PyObject *node;
xmlNodePtr cur;
--
2.24.1

34
libxml2/libxml2-2.9.8-python3-unicode-errors.patch Normal file
View File

@ -0,0 +1,34 @@
Index: libxml2-2.9.5/python/libxml.c
===================================================================
--- libxml2-2.9.5.orig/python/libxml.c
+++ libxml2-2.9.5/python/libxml.c
@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
PyObject *message;
PyObject *result;
char str[1000];
+ unsigned char *ptr = (unsigned char *)str;
#ifdef DEBUG_ERROR
printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
str[999] = 0;
va_end(ap);
+#if PY_MAJOR_VERSION >= 3
+ /* Ensure the error string doesn't start at UTF8 continuation. */
+ while (*ptr && (*ptr & 0xc0) == 0x80)
+ ptr++;
+#endif
+
list = PyTuple_New(2);
PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
- message = libxml_charPtrConstWrap(str);
+ message = libxml_charPtrConstWrap(ptr);
PyTuple_SetItem(list, 1, message);
result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
+ /* Forget any errors caused in the error handler. */
+ PyErr_Clear();
Py_XDECREF(list);
Py_XDECREF(result);
}