From ad841ed89b42f4ed13c2ee1fa65277982c564922 Mon Sep 17 00:00:00 2001 From: Alexandre Rostovtsev Date: Tue, 10 Jan 2012 20:29:13 +0000 Subject: [PATCH] Fix heap-based overflow in parsing long entity references (CVE-2011-3919, bug #398361, thanks to Agostino Sarubbo for reporting). Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64 --- dev-libs/libxml2/ChangeLog | 12 +- dev-libs/libxml2/Manifest | 14 +- ....8-allocation-error-copying-entities.patch | 21 ++ dev-libs/libxml2/libxml2-2.7.8-r4.ebuild | 234 ++++++++++++++++++ 4 files changed, 273 insertions(+), 8 deletions(-) create mode 100644 dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch create mode 100644 dev-libs/libxml2/libxml2-2.7.8-r4.ebuild diff --git a/dev-libs/libxml2/ChangeLog b/dev-libs/libxml2/ChangeLog index c74e8257eb15..496865bfb56c 100644 --- a/dev-libs/libxml2/ChangeLog +++ b/dev-libs/libxml2/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for dev-libs/libxml2 -# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.321 2011/10/30 15:13:37 armin76 Exp $ +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/ChangeLog,v 1.322 2012/01/10 20:29:13 tetromino Exp $ + +*libxml2-2.7.8-r4 (10 Jan 2012) + + 10 Jan 2012; Alexandre Rostovtsev + +libxml2-2.7.8-r4.ebuild, + +files/libxml2-2.7.8-allocation-error-copying-entities.patch: + Fix heap-based overflow in parsing long entity references (CVE-2011-3919, bug + #398361, thanks to Agostino Sarubbo for reporting). 30 Oct 2011; Raúl Porcel libxml2-2.7.8-r3.ebuild: alpha/ia64/m68k/s390/sh/sparc stable wrt #385699 diff --git a/dev-libs/libxml2/Manifest b/dev-libs/libxml2/Manifest index a2a043d960cd..4c9fe002c093 100644 --- a/dev-libs/libxml2/Manifest +++ b/dev-libs/libxml2/Manifest @@ -1,8 +1,9 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +Hash: SHA256 AUX libxml2-2.7.1-catalog_path.patch 2209 RMD160 0306a8611cde6a7b78f5fd43c93ebbfddc6607e7 SHA1 bec0ee91757e2fa093c89d6eba1821f40878f002 SHA256 b3343f0611f9cb6e55bf62047a988653e3e9cc50f194b18adbc330b455236290 AUX libxml2-2.7.2-winnt.patch 2120 RMD160 943293107d0c8313a525c2516f06861c013d9777 SHA1 4e68c44fe1b932c7d61b06bffb4d634701e29e0a SHA256 63cb134dbef1b7be1b9dc400da8aef1816436a193a2f97db0028cdd70e3e4cf0 +AUX libxml2-2.7.8-allocation-error-copying-entities.patch 681 RMD160 259ff1f76d546c273cf25d5747e8a89ed828e894 SHA1 84f0c39ab98c9a61e83a541931886676a4ba0fe4 SHA256 ae2554dd8a4a59f10e446996dfc299f8077ed3623cf50ab7e756734875a4faa8 AUX libxml2-2.7.8-disable_static_modules.patch 365 RMD160 aedfb1647c21a27d1d170a17cc6e15f1015c6047 SHA1 23eb1145762d4ec4b05b8118b54e7eef15cdf991 SHA256 2f2ade9ee034af32cbd6600d45b2e23d3153dd9bb57a07a9f364836d24b189df AUX libxml2-2.7.8-error-xpath.patch 2897 RMD160 eaa46dcb8c968d5b79e633fe12ed052e29e9c870 SHA1 22a43c57e114af9c10c4d6adc580bae45972c547 SHA256 2b2ee18463baa212539f1c8747e549e6ed18e49989ebaa42843729524f1cf253 AUX libxml2-2.7.8-hardening-xpath.patch 7579 RMD160 2a3739e9de88af87f866a0a6564277991b251d49 SHA1 544e5949731fdc0bed7f2e2adf444afe87d6f963 SHA256 7eac2cd552158347244806730e2b8a4c09e39cddfcf67ed74a5ec989763abbfe @@ -17,12 +18,13 @@ DIST xsts-2004-01-14.tar.gz 2761085 RMD160 faff2d7826e47ae9968564bc83dab1b54c5e4 EBUILD libxml2-2.7.8-r1.ebuild 6317 RMD160 6e2aed484b333ad7960ab6f304220f708f52cbbb SHA1 014a4188e33b80bb2e5964c24cf2b802050e099b SHA256 a2411881d85278bbfd779982c9afa2fac70d06ce21665b379e3c075a72ae0877 EBUILD libxml2-2.7.8-r2.ebuild 6505 RMD160 604f9e50f38feffa2195ad64c9e41681860ca4ef SHA1 5bec1fa91502b703602b7cbeb0398e26237e5719 SHA256 c397c3fe15cc123b1d70dc01ab26005a681123328d320ef4829fa1b9f75c1c5b EBUILD libxml2-2.7.8-r3.ebuild 6676 RMD160 3e4ca9ffbc629b35529fdb9c5ddc3c118cb4df67 SHA1 fb289003e9b4cff627acbde166b3d5c55746401e SHA256 fa937bc6cfd2f42cc4cb8916e483f879a8211e7ebcea7d19503997da49e5fa9f -MISC ChangeLog 43727 RMD160 445b981a83c1bc272b369b4b0ced2c2898774590 SHA1 007e19383553ad660e4c1dd2cd5aca43147aa49d SHA256 ba1e006f63df73cad7855d2201c04dc9fc6297e168c5a40031de682bd1103c27 +EBUILD libxml2-2.7.8-r4.ebuild 6815 RMD160 55a732ef53bb1c11116ef2eb7973adbdb0c44abd SHA1 fee7a9c0dc5bb746e3188887dfc794a6b9774895 SHA256 809b13459ac8e56a4e1f15e68a88b6526bbfb33627a8fbb185d2e30c5d4535d8 +MISC ChangeLog 44048 RMD160 b6afdcbd2353454b0eff446dc0daadaadf0207e4 SHA1 39d0234e4475ea29c1dd0da6347e533148f75f7e SHA256 f916c6e0280799f4737cce36155fca2f31f1c206efb346de8ac06761dd586eb7 MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.17 (GNU/Linux) +Version: GnuPG v2.0.18 (GNU/Linux) -iEYEARECAAYFAk6taacACgkQuQc30/atMkBR1ACgr8ess3VxvbaAWa5Tk3JhMaZq -a90AmgMFsHWtSO5FtsSYuj7yu96i4U9f -=+prL +iF4EAREIAAYFAk8Mn58ACgkQdjK8w9WeBnDglwD9FYFZvQCJhuCQFJM4aLIUgN/I +/xGnvyP7+r9S46oOa1sA/0UNyacJUG7lH94eFtA5S8O4htx/40OvZrntP9BT9ZiO +=nuJ0 -----END PGP SIGNATURE----- diff --git a/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch b/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch new file mode 100644 index 000000000000..c0d943311f23 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.7.8-allocation-error-copying-entities.patch @@ -0,0 +1,21 @@ +From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Fri, 16 Dec 2011 10:53:35 +0000 +Subject: Fix an allocation error when copying entities + +--- +diff --git a/parser.c b/parser.c +index 4e5dcb9..c55e41d 100644 +--- a/parser.c ++++ b/parser.c +@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + + buffer[nbchars++] = '&'; + if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); + } + for (;i > 0;i--) + buffer[nbchars++] = *cur++; +-- +cgit v0.9.0.2 diff --git a/dev-libs/libxml2/libxml2-2.7.8-r4.ebuild b/dev-libs/libxml2/libxml2-2.7.8-r4.ebuild new file mode 100644 index 000000000000..204a88198b66 --- /dev/null +++ b/dev-libs/libxml2/libxml2-2.7.8-r4.ebuild @@ -0,0 +1,234 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/libxml2/libxml2-2.7.8-r4.ebuild,v 1.1 2012/01/10 20:29:13 tetromino Exp $ + +EAPI="3" +PYTHON_DEPEND="python? 2" +PYTHON_USE_WITH="-build xml" +PYTHON_USE_WITH_OPT="python" +SUPPORT_PYTHON_ABIS="1" +RESTRICT_PYTHON_ABIS="3.* *-jython" + +inherit libtool flag-o-matic eutils python autotools prefix + +DESCRIPTION="Version 2 of the library to manipulate XML files" +HOMEPAGE="http://www.xmlsoft.org/" + +LICENSE="MIT" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="debug doc examples icu ipv6 python readline static-libs test" + +XSTS_HOME="http://www.w3.org/XML/2004/xml-schema-test-suite" +XSTS_NAME_1="xmlschema2002-01-16" +XSTS_NAME_2="xmlschema2004-01-14" +XSTS_TARBALL_1="xsts-2002-01-16.tar.gz" +XSTS_TARBALL_2="xsts-2004-01-14.tar.gz" + +SRC_URI="ftp://xmlsoft.org/${PN}/${P}.tar.gz + test? ( + ${XSTS_HOME}/${XSTS_NAME_1}/${XSTS_TARBALL_1} + ${XSTS_HOME}/${XSTS_NAME_2}/${XSTS_TARBALL_2} )" + +RDEPEND="sys-libs/zlib + icu? ( dev-libs/icu ) + readline? ( sys-libs/readline )" + +DEPEND="${RDEPEND} + hppa? ( >=sys-devel/binutils-2.15.92.0.2 )" + +pkg_setup() { + if use python; then + python_pkg_setup + fi +} + +src_unpack() { + # ${A} isn't used to avoid unpacking of test tarballs into $WORKDIR, + # as they are needed as tarballs in ${S}/xstc instead and not unpacked + unpack ${P}.tar.gz + cd "${S}" + + if use test; then + cp "${DISTDIR}/${XSTS_TARBALL_1}" \ + "${DISTDIR}/${XSTS_TARBALL_2}" \ + "${S}"/xstc/ \ + || die "Failed to install test tarballs" + fi +} + +src_prepare() { + # Patches needed for prefix support + epatch "${FILESDIR}"/${PN}-2.7.1-catalog_path.patch + epatch "${FILESDIR}"/${PN}-2.7.2-winnt.patch + + eprefixify catalog.c xmlcatalog.c runtest.c xmllint.c + + epunt_cxx + + # Reactivate the shared library versionning script + epatch "${FILESDIR}/${P}-reactivate-script.patch" + + # Fix a potential memory access error + epatch "${FILESDIR}/${P}-xpath-memory.patch" + + # Fix a potential freeing error in XPath + epatch "${FILESDIR}/${P}-xpath-freeing.patch" + epatch "${FILESDIR}/${P}-xpath-freeing2.patch" + + # Fix some potential problems on reallocation failures + epatch "${FILESDIR}/${P}-reallocation-failures.patch" + + epatch "${FILESDIR}/${P}-disable_static_modules.patch" + + # Hardening of XPath evaluation + epatch "${FILESDIR}/${P}-hardening-xpath.patch" + + # Fix missing error status in XPath evaluation + epatch "${FILESDIR}/${P}-error-xpath.patch" + + # Heap-based overflow in parsing long entity references + epatch "${FILESDIR}/${P}-allocation-error-copying-entities.patch" + + # Please do not remove, as else we get references to PORTAGE_TMPDIR + # in /usr/lib/python?.?/site-packages/libxml2mod.la among things. + # We now need to run eautoreconf at the end to prevent maintainer mode. +# elibtoolize + + # Python bindings are built/tested/installed manually. + sed -e "s/@PYTHON_SUBDIR@//" -i Makefile.am || die "sed failed" + + eautoreconf +} + +src_configure() { + # USE zlib support breaks gnome2 + # (libgnomeprint for instance fails to compile with + # fresh install, and existing) - (22 Dec 2002). + + # The meaning of the 'debug' USE flag does not apply to the --with-debug + # switch (enabling the libxml2 debug module). See bug #100898. + + # --with-mem-debug causes unusual segmentation faults (bug #105120). + + local myconf="--with-html-subdir=${PF}/html + --docdir=${EPREFIX}/usr/share/doc/${PF} + $(use_with debug run-debug) + $(use_with icu) + $(use_with python) + $(use_with readline) + $(use_with readline history) + $(use_enable ipv6) + $(use_enable static-libs static)" + + # filter seemingly problematic CFLAGS (#26320) + filter-flags -fprefetch-loop-arrays -funroll-loops + + econf ${myconf} +} + +src_compile() { + default + + if use python; then + python_copy_sources python + building() { + emake PYTHON_INCLUDES="${EPREFIX}$(python_get_includedir)" \ + PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" + } + python_execute_function -s --source-dir python building + fi +} + +src_test() { + default + + if use python; then + testing() { + emake test + } + python_execute_function -s --source-dir python testing + fi +} + +src_install() { + emake DESTDIR="${D}" \ + EXAMPLES_DIR="${EPREFIX}"/usr/share/doc/${PF}/examples \ + install || die "Installation failed" + + # on windows, xmllint is installed by interix libxml2 in parent prefix. + # this is the version to use. the native winnt version does not support + # symlinks, which makes repoman fail if the portage tree is linked in + # from another location (which is my default). -- mduft + if [[ ${CHOST} == *-winnt* ]]; then + rm -rf "${ED}"/usr/bin/xmllint + rm -rf "${ED}"/usr/bin/xmlcatalog + fi + + if use python; then + installation() { + emake DESTDIR="${D}" \ + PYTHON_SITE_PACKAGES="${EPREFIX}$(python_get_sitedir)" \ + docsdir="${EPREFIX}"/usr/share/doc/${PF}/python \ + exampledir="${EPREFIX}"/usr/share/doc/${PF}/python/examples \ + install + } + python_execute_function -s --source-dir python installation + + python_clean_installation_image + fi + + rm -rf "${ED}"/usr/share/doc/${P} + dodoc AUTHORS ChangeLog Copyright NEWS README* TODO* || die "dodoc failed" + + if ! use python; then + rm -rf "${ED}"/usr/share/doc/${PF}/python + rm -rf "${ED}"/usr/share/doc/${PN}-python-${PV} + fi + + if ! use doc; then + rm -rf "${ED}"/usr/share/gtk-doc + rm -rf "${ED}"/usr/share/doc/${PF}/html + fi + + if ! use examples; then + rm -rf "${ED}/usr/share/doc/${PF}/examples" + rm -rf "${ED}/usr/share/doc/${PF}/python/examples" + fi + + if ! use static-libs; then + # Remove useless .la files + find "${D}" -name '*.la' -exec rm -f {} + || die "la file removal failed" + fi +} + +pkg_postinst() { + if use python; then + python_mod_optimize drv_libxml2.py libxml2.py + fi + + # We don't want to do the xmlcatalog during stage1, as xmlcatalog will not + # be in / and stage1 builds to ROOT=/tmp/stage1root. This fixes bug #208887. + if [ "${ROOT}" != "/" ] + then + elog "Skipping XML catalog creation for stage building (bug #208887)." + else + # need an XML catalog, so no-one writes to a non-existent one + CATALOG="${EROOT}etc/xml/catalog" + + # we dont want to clobber an existing catalog though, + # only ensure that one is there + # + if [ ! -e ${CATALOG} ]; then + [ -d "${EROOT}etc/xml" ] || mkdir -p "${EROOT}etc/xml" + "${EPREFIX}"/usr/bin/xmlcatalog --create > ${CATALOG} + einfo "Created XML catalog in ${CATALOG}" + fi + fi +} + +pkg_postrm() { + if use python; then + python_mod_cleanup drv_libxml2.py libxml2.py + fi +} -- 2.26.2