[bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412.

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412.
@ 2018-01-13 18:08 Leo Famulari
  2018-01-13 18:08 ` [bug#30098] [PATCH 2/2] gnu: python-libxml2: Inherit the replacement source of libxml2 Leo Famulari
  2018-01-16 14:31 ` [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Ludovic Courtès
  0 siblings, 2 replies; 3+ messages in thread
From: Leo Famulari @ 2018-01-13 18:08 UTC (permalink / raw)
  To: 30099

* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
---
 gnu/local.mk                                      |  1 +
 gnu/packages/patches/libxml2-CVE-2017-15412.patch | 47 +++++++++++++++++++++++
 gnu/packages/xml.scm                              |  3 +-
 3 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libxml2-CVE-2017-15412.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 6af8bfc4b..bea676c04 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -860,6 +860,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxml2-CVE-2017-7376.patch		\
   %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch	\
   %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch	\
+  %D%/packages/patches/libxml2-CVE-2017-15412.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
   %D%/packages/patches/libxslt-CVE-2017-5029.patch		\
diff --git a/gnu/packages/patches/libxml2-CVE-2017-15412.patch b/gnu/packages/patches/libxml2-CVE-2017-15412.patch
new file mode 100644
index 000000000..07fe190ed
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-15412.patch
@@ -0,0 +1,47 @@
+Fix CVE-2017-15412:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
+https://bugs.chromium.org/p/chromium/issues/detail?id=727039
+https://bugzilla.redhat.com/show_bug.cgi?id=1523128
+https://bugzilla.gnome.org/show_bug.cgi?id=783160
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
+
+From 0f3b843b3534784ef57a4f9b874238aa1fda5a73 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 1 Jun 2017 23:12:19 +0200
+Subject: [PATCH] Fix XPath stack frame logic
+
+Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
+xmlXPathCompOpEvalPositionalPredicate to make sure that the context
+object on the stack is actually protected. Otherwise, memory corruption
+can occur when calling sloppily coded XPath extension functions.
+
+Fixes bug 783160.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 94815075..b816bd36 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
+ 		}
+ 	    }
+ 
+-            frame = xmlXPathSetFrame(ctxt);
+ 	    valuePush(ctxt, contextObj);
++            frame = xmlXPathSetFrame(ctxt);
+ 	    res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
+-            tmp = valuePop(ctxt);
+             xmlXPathPopFrame(ctxt, frame);
++            tmp = valuePop(ctxt);
+ 
+ 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+                 while (tmp != contextObj) {
+-- 
+2.15.1
+
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 23b447502..ce0d13a99 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -155,7 +155,8 @@ project (but it is usable outside of the Gnome platform).")
                         "libxml2-CVE-2017-7375.patch"
                         "libxml2-CVE-2017-7376.patch"
                         "libxml2-CVE-2017-9047+CVE-2017-9048.patch"
-                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))))
+                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch"
+                        "libxml2-CVE-2017-15412.patch")))))))
 
 (define-public python-libxml2
   (package (inherit libxml2)
-- 
2.15.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#30098] [PATCH 2/2] gnu: python-libxml2: Inherit the replacement source of libxml2.
  2018-01-13 18:08 [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Leo Famulari
@ 2018-01-13 18:08 ` Leo Famulari
  2018-01-16 14:31 ` [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Ludovic Courtès
  1 sibling, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2018-01-13 18:08 UTC (permalink / raw)
  To: 30098

Previously, python-libxml2 would inherit the ungrafted libxml2, missing
several patches on the libxml2 source code.

* gnu/packages/xml.scm (python-libxml2, python2-libxml2): Use
package/inherit.
---
 gnu/packages/xml.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index ce0d13a99..01a435344 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -159,7 +159,7 @@ project (but it is usable outside of the Gnome platform).")
                         "libxml2-CVE-2017-15412.patch")))))))
 
 (define-public python-libxml2
-  (package (inherit libxml2)
+  (package/inherit libxml2
     (name "python-libxml2")
     (build-system python-build-system)
     (arguments
-- 
2.15.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412.
  2018-01-13 18:08 [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Leo Famulari
  2018-01-13 18:08 ` [bug#30098] [PATCH 2/2] gnu: python-libxml2: Inherit the replacement source of libxml2 Leo Famulari
@ 2018-01-16 14:31 ` Ludovic Courtès
  1 sibling, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2018-01-16 14:31 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 30099

Leo Famulari <leo@famulari.name> skribis:

> * gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.

[...]

> Previously, python-libxml2 would inherit the ungrafted libxml2, missing
> several patches on the libxml2 source code.
>
> * gnu/packages/xml.scm (python-libxml2, python2-libxml2): Use
> package/inherit.

LGTM, thanks!

Ludo'.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-01-16 14:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-13 18:08 [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Leo Famulari
2018-01-13 18:08 ` [bug#30098] [PATCH 2/2] gnu: python-libxml2: Inherit the replacement source of libxml2 Leo Famulari
2018-01-16 14:31 ` [bug#30099] [PATCH 1/2] gnu: libxml2: Fix CVE-2017-15412 Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).