diff options
| author | Leo Famulari <leo@famulari.name> | 2016-05-26 22:29:24 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-05-30 21:47:40 -0400 |
| commit | df2dd07b880432a0205dd399fede6dee5b9af76b (patch) | |
| tree | 009f9249fbb413d0746d2cae7a0f9834e4132ee3 /gnu/packages/patches/libxml2-CVE-2016-3705.patch | |
| parent | c06f6db7a424fd47e3cd2625dbfda2367316f3bd (diff) | |
gnu: libxml2: Update replacement to 2.9.4 [security fixes].
This fixes CVE-2016-{1762, 1833, 1834, 1835, 1836, 1837, 1838, 1839,
1840, 3627, 3705, 4483}.
* gnu/packages/patches/libxml2-CVE-2016-3627.patch,
gnu/packages/patches/libxml2-CVE-2016-3705.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/xml.scm (libxml2/fixed): Update to 2.9.4.
[source]: Remove patches.
Diffstat (limited to 'gnu/packages/patches/libxml2-CVE-2016-3705.patch')
| -rw-r--r-- | gnu/packages/patches/libxml2-CVE-2016-3705.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/gnu/packages/patches/libxml2-CVE-2016-3705.patch b/gnu/packages/patches/libxml2-CVE-2016-3705.patch deleted file mode 100644 index e803630f3a..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-3705.patch +++ /dev/null @@ -1,68 +0,0 @@ -From <http://seclists.org/fulldisclosure/2016/May/10>. - -From 6f0af3f6b9b1c5f82a2bb5ded65923437fee5d21 Mon Sep 17 00:00:00 2001 -From: Peter Simons <psimons () suse com> -Date: Fri, 15 Apr 2016 11:56:55 +0200 -Subject: [PATCH 2/2] Add missing increments of recursion depth counter to XML - parser. - -The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call -xmlStringDecodeEntities() in a recursive context without incrementing the -'depth' counter in the parser context. Because of that omission, the parser -failed to detect attribute recursions in certain documents before running out -of stack space. ---- - parser.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/parser.c b/parser.c -index 9604a72..4da151f 100644 ---- a/parser.c -+++ b/parser.c -@@ -144,8 +144,10 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - - ent->checked = 1; - -+ ++ctxt->depth; - rep = xmlStringDecodeEntities(ctxt, ent->content, - XML_SUBSTITUTE_REF, 0, 0, 0); -+ --ctxt->depth; - - ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; - if (rep != NULL) { -@@ -3966,8 +3968,10 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { - * an entity declaration, it is bypassed and left as is. - * so XML_SUBSTITUTE_REF is not set here. - */ -+ ++ctxt->depth; - ret = xmlStringDecodeEntities(ctxt, buf, XML_SUBSTITUTE_PEREF, - 0, 0, 0); -+ --ctxt->depth; - if (orig != NULL) - *orig = buf; - else -@@ -4092,9 +4096,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { - } else if ((ent != NULL) && - (ctxt->replaceEntities != 0)) { - if (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) { -+ ++ctxt->depth; - rep = xmlStringDecodeEntities(ctxt, ent->content, - XML_SUBSTITUTE_REF, - 0, 0, 0); -+ --ctxt->depth; - if (rep != NULL) { - current = rep; - while (*current != 0) { /* non input consuming */ -@@ -4130,8 +4136,10 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { - (ent->content != NULL) && (ent->checked == 0)) { - unsigned long oldnbent = ctxt->nbentities; - -+ ++ctxt->depth; - rep = xmlStringDecodeEntities(ctxt, ent->content, - XML_SUBSTITUTE_REF, 0, 0, 0); -+ --ctxt->depth; - - ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; - if (rep != NULL) { --- -2.8.1 |