diff options
| author |   Benjamin Gordon <bmgordon@chromium.org> | 2021-03-05 09:25:29 -0700 |
|---|---|---|
| committer |   Sam James <sam@gentoo.org> | 2021-03-11 17:47:44 +0000 |
| commit | cf3128be852f26ac32c5dd67e904012b094b9496 (patch) | |
| tree | 796f54e7e806b0b05a5807bb430c70ed96f8b173 /dev-libs | |
| parent | app-office/libreoffice: Restore 7.0.5.2 KEYWORDS (diff) | |
| download | gentoo-cf3128be852f26ac32c5dd67e904012b094b9496.tar.gz gentoo-cf3128be852f26ac32c5dd67e904012b094b9496.tar.bz2 gentoo-cf3128be852f26ac32c5dd67e904012b094b9496.zip | |
dev-libs/libxml2: Add upstream patch for xmllint
This fixes an out-of-bounds read in xmllint when built with icu. See
CVE-2020-24977 and https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
for more info.
Signed-off-by: Benjamin Gordon <bmgordon@chromium.org>
Bug: https://bugs.gentoo.org/749849
Closes: https://github.com/gentoo/gentoo/pull/19835
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch | 36 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.9.10-r5.ebuild (renamed from dev-libs/libxml2/libxml2-2.9.10-r4.ebuild) | 3 |
2 files changed, 39 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch new file mode 100644 index 000000000000..7807b32cce5f --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.10-xmllint-utf8.patch @@ -0,0 +1,36 @@ +From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Aug 2020 21:54:27 +0200 +Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' + +Make sure that truncated UTF-8 sequences don't cause an out-of-bounds +array access. + +Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for +the report. + +Fixes #178. +--- + xmllint.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/xmllint.c b/xmllint.c +index f6a8e463..c647486f 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -528,6 +528,12 @@ static void + xmlHTMLEncodeSend(void) { + char *result; + ++ /* ++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might ++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid ++ * an out-of-bounds read. ++ */ ++ memset(&buffer[sizeof(buffer)-4], 0, 4); + result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); + if (result) { + xmlGenericError(xmlGenericErrorContext, "%s", result); +-- +GitLab + diff --git a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild index 9db3902e430f..1e48320e3fdd 100644 --- a/dev-libs/libxml2/libxml2-2.9.10-r4.ebuild +++ b/dev-libs/libxml2/libxml2-2.9.10-r5.ebuild @@ -92,6 +92,9 @@ src_prepare() { # bug #745162 eapply "${FILESDIR}"/${PN}-2.9.8-python3-unicode-errors.patch + # https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 + eapply "${FILESDIR}"/${PN}-2.9.10-xmllint-utf8.patch + if [[ ${CHOST} == *-darwin* ]] ; then # Avoid final linking arguments for python modules sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die |