summaryrefslogtreecommitdiff
path: root/source/l/expat
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2022-01-25 06:16:36 +0000
committerEric Hameleers <alien@slackware.com>2022-01-25 12:00:01 +0100
commit1269f459323b2536a51bb8c7e11cdffdebb185ef (patch)
tree40da05e5d51a28f6e27d274cb15613bac01ed77c /source/l/expat
parent2ecaab4b8a696aa03b61d68c4f2665798a43a15a (diff)
downloadcurrent-1269f459323b2536a51bb8c7e11cdffdebb185ef.tar.gz
Tue Jan 25 06:16:36 UTC 202220220125061636
It may look like we're currently experiencing more stuckness, but this will lead us to Quality. We'll have this release in the can before you know it. a/aaa_glibc-solibs-2.33-x86_64-5.txz: Rebuilt. a/aaa_libraries-15.0-x86_64-16.txz: Rebuilt. Rebuilt to pick up the patched libexpat.so.1.8.3. a/kernel-firmware-20220124_eb8ea1b-noarch-1.txz: Upgraded. a/kernel-generic-5.15.16-x86_64-2.txz: Upgraded. a/kernel-huge-5.15.16-x86_64-2.txz: Upgraded. -9P_FSCACHE n 9P_FS m -> y Thanks to peake. a/kernel-modules-5.15.16-x86_64-2.txz: Upgraded. a/mkinitrd-1.4.11-x86_64-27.txz: Rebuilt. mkinitrd_command_generator.sh: properly detect partitions of a RAID device. Thanks to perrin4869. a/util-linux-2.37.3-x86_64-1.txz: Upgraded. This release fixes two security mount(8) and umount(8) issues: An issue related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996 (* Security fix *) ap/vim-8.2.4212-x86_64-1.txz: Upgraded. d/git-2.35.0-x86_64-1.txz: Upgraded. d/kernel-headers-5.15.16-x86-2.txz: Upgraded. k/kernel-source-5.15.16-noarch-2.txz: Upgraded. l/expat-2.4.3-x86_64-2.txz: Rebuilt. Fix signed integer overflow in function XML_GetBuffer for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or other undefined behavior. While we're here, also patch a memory leak on output file opening error. Thanks to marav. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852 (* Security fix *) l/fluidsynth-2.2.5-x86_64-1.txz: Upgraded. l/glibc-2.33-x86_64-5.txz: Rebuilt. This update patches two security issues: Unexpected return value from glibc's realpath(). Off-by-one buffer overflow/underflow in glibc's getcwd(). Thanks to Qualys Research Labs for reporting these issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999 (* Security fix *) l/glibc-i18n-2.33-x86_64-5.txz: Rebuilt. l/glibc-profile-2.33-x86_64-5.txz: Rebuilt. l/tdb-1.4.6-x86_64-1.txz: Upgraded. x/xf86-input-libinput-1.2.1-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-91.5.1-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.5.1/releasenotes/ xap/vim-gvim-8.2.4212-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/l/expat')
-rw-r--r--source/l/expat/178d26f50af21ec23d6e43814b9b602590b5865c.patch115
-rw-r--r--source/l/expat/5f100ffa78b74da8020b71d1582a8979193c1359.patch45
-rwxr-xr-xsource/l/expat/expat.SlackBuild6
3 files changed, 165 insertions, 1 deletions
diff --git a/source/l/expat/178d26f50af21ec23d6e43814b9b602590b5865c.patch b/source/l/expat/178d26f50af21ec23d6e43814b9b602590b5865c.patch
new file mode 100644
index 00000000..c2b55ca8
--- /dev/null
+++ b/source/l/expat/178d26f50af21ec23d6e43814b9b602590b5865c.patch
@@ -0,0 +1,115 @@
+From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Sat, 22 Jan 2022 17:48:00 +0100
+Subject: [PATCH 1/3] lib: Detect and prevent integer overflow in XML_GetBuffer
+ (CVE-2022-23852)
+
+---
+ expat/lib/xmlparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index d54af683..5ce31402 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
+ keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
+ if (keep > XML_CONTEXT_BYTES)
+ keep = XML_CONTEXT_BYTES;
++ /* Detect and prevent integer overflow */
++ if (keep > INT_MAX - neededSize) {
++ parser->m_errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
+ neededSize += keep;
+ #endif /* defined XML_CONTEXT_BYTES */
+ if (neededSize
+
+From acf956f14bf79a5e6383a969aaffec98bfbc2e44 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 23 Jan 2022 18:17:04 +0100
+Subject: [PATCH 2/3] tests: Cover integer overflow in XML_GetBuffer
+ (CVE-2022-23852)
+
+---
+ expat/tests/runtests.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
+index e89e8220..579dad1a 100644
+--- a/expat/tests/runtests.c
++++ b/expat/tests/runtests.c
+@@ -3847,6 +3847,30 @@ START_TEST(test_get_buffer_2) {
+ }
+ END_TEST
+
++/* Test for signed integer overflow CVE-2022-23852 */
++#if defined(XML_CONTEXT_BYTES)
++START_TEST(test_get_buffer_3_overflow) {
++ XML_Parser parser = XML_ParserCreate(NULL);
++ assert(parser != NULL);
++
++ const char *const text = "\n";
++ const int expectedKeepValue = (int)strlen(text);
++
++ // After this call, variable "keep" in XML_GetBuffer will
++ // have value expectedKeepValue
++ if (XML_Parse(parser, text, (int)strlen(text), XML_FALSE /* isFinal */)
++ == XML_STATUS_ERROR)
++ xml_failure(parser);
++
++ assert(expectedKeepValue > 0);
++ if (XML_GetBuffer(parser, INT_MAX - expectedKeepValue + 1) != NULL)
++ fail("enlarging buffer not failed");
++
++ XML_ParserFree(parser);
++}
++END_TEST
++#endif // defined(XML_CONTEXT_BYTES)
++
+ /* Test position information macros */
+ START_TEST(test_byte_info_at_end) {
+ const char *text = "<doc></doc>";
+@@ -11731,6 +11755,9 @@ make_suite(void) {
+ tcase_add_test(tc_basic, test_empty_parse);
+ tcase_add_test(tc_basic, test_get_buffer_1);
+ tcase_add_test(tc_basic, test_get_buffer_2);
++#if defined(XML_CONTEXT_BYTES)
++ tcase_add_test(tc_basic, test_get_buffer_3_overflow);
++#endif
+ tcase_add_test(tc_basic, test_byte_info_at_end);
+ tcase_add_test(tc_basic, test_byte_info_at_error);
+ tcase_add_test(tc_basic, test_byte_info_at_cdata);
+
+From 99cec436fbd9444f57ee74ca8ae4c0a13e561a4f Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 22 Jan 2022 17:49:17 +0100
+Subject: [PATCH 3/3] Changes: Document CVE-2022-23852
+
+---
+ expat/Changes | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/expat/Changes b/expat/Changes
+index 7540d38c..64d75d05 100644
+--- a/expat/Changes
++++ b/expat/Changes
+@@ -2,6 +2,18 @@ NOTE: We are looking for help with a few things:
+ https://github.com/libexpat/libexpat/labels/help%20wanted
+ If you can help, please get in touch. Thanks!
+
++Release x.x.x xxx xxxxxxx xx xxxx
++ Security fixes:
++ #550 CVE-2022-23852 -- Fix signed integer overflow
++ (undefined behavior) in function XML_GetBuffer
++ (that is also called by function XML_Parse internally)
++ for when XML_CONTEXT_BYTES is defined to >0 (which is both
++ common and default).
++ Impact is denial of service or more.
++
++ Special thanks to:
++ Samanta Navarro
++
+ Release 2.4.3 Sun January 16 2022
+ Security fixes:
+ #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
diff --git a/source/l/expat/5f100ffa78b74da8020b71d1582a8979193c1359.patch b/source/l/expat/5f100ffa78b74da8020b71d1582a8979193c1359.patch
new file mode 100644
index 00000000..59404f30
--- /dev/null
+++ b/source/l/expat/5f100ffa78b74da8020b71d1582a8979193c1359.patch
@@ -0,0 +1,45 @@
+From 85a6f8fcdb2bc1530934f8cf684bdab86f1f2a1c Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 20 Jan 2022 04:41:47 +0100
+Subject: [PATCH] xmlwf: Fix a memory leak on output file opening error
+
+---
+ expat/Changes | 6 ++++++
+ expat/xmlwf/xmlwf.c | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/expat/Changes b/expat/Changes
+index 64d75d05..5ff5da5e 100644
+--- a/expat/Changes
++++ b/expat/Changes
+@@ -11,8 +11,14 @@ Release x.x.x xxx xxxxxxx xx xxxx
+ common and default).
+ Impact is denial of service or more.
+
++ Bug fixes:
++ #544 #545 xmlwf: Fix a memory leak on output file opening error
++
+ Special thanks to:
++ hwt0415
+ Samanta Navarro
++ and
++ Clang LeakSan and the Clang team
+
+ Release 2.4.3 Sun January 16 2022
+ Security fixes:
+diff --git a/expat/xmlwf/xmlwf.c b/expat/xmlwf/xmlwf.c
+index 29118bb6..b6f300b0 100644
+--- a/expat/xmlwf/xmlwf.c
++++ b/expat/xmlwf/xmlwf.c
+@@ -1175,9 +1175,9 @@ tmain(int argc, XML_Char **argv) {
+ if (! userData.fp) {
+ tperror(outName);
+ exitCode = XMLWF_EXIT_OUTPUT_ERROR;
++ free(outName);
++ XML_ParserFree(parser);
+ if (continueOnError) {
+- free(outName);
+- cleanupUserData(&userData);
+ continue;
+ } else {
+ break;
diff --git a/source/l/expat/expat.SlackBuild b/source/l/expat/expat.SlackBuild
index ac9926fa..e0ec9085 100755
--- a/source/l/expat/expat.SlackBuild
+++ b/source/l/expat/expat.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=expat
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -73,6 +73,10 @@ cd expat-$VERSION || exit 1
chown -R root:root .
find . -perm 777 -exec chmod 755 {} \+
find . -perm 664 -exec chmod 644 {} \+
+
+zcat $CWD/178d26f50af21ec23d6e43814b9b602590b5865c.patch.gz | patch -p2 --verbose || exit 1
+zcat $CWD/5f100ffa78b74da8020b71d1582a8979193c1359.patch.gz | patch -p2 --verbose || exit 1
+
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \