[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/
Date: Thu,  3 Jan 2019 11:22:05 +0000 (UTC)	[thread overview]
Message-ID: <1546514504.2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.vapier@gentoo> (raw)

commit:     2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226
Author:     Micah Morton <mortonm <AT> chromium <DOT> org>
AuthorDate: Fri Oct 19 18:01:18 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan  3 11:21:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2acfef7f

dev-libs/libxml2: fix CVE-2018-14567

Signed-off-by: Micah Morton <mortonm <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .../files/libxml2-2.9.8-CVE-2018-14567.patch       | 50 ++++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.9.8-r1.ebuild           |  4 ++
 2 files changed, 54 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch
new file mode 100644
index 00000000000..0d289352d2f
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch
@@ -0,0 +1,50 @@
+From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 30 Jul 2018 13:14:11 +0200
+Subject: [PATCH] Fix infinite loop in LZMA decompression
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the liblzma error code more thoroughly to avoid infinite loops.
+
+Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+This is CVE-2018-9251 and CVE-2018-14567.
+
+Thanks to Dongliang Mu and Simon Wörner for the reports.
+---
+ xzlib.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index a839169ef2ec..0ba88cfa849d 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
+                          "internal error: inflate stream corrupt");
+                 return -1;
+             }
++            /*
++             * FIXME: Remapping a couple of error codes and falling through
++             * to the LZMA error handling looks fragile.
++             */
+             if (ret == Z_MEM_ERROR)
+                 ret = LZMA_MEM_ERROR;
+             if (ret == Z_DATA_ERROR)
+@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_PROG_ERROR, "compression error");
+             return -1;
+         }
++        if ((state->how != GZIP) &&
++            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
++            xz_error(state, ret, "lzma error");
++            return -1;
++        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.19.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
index 1a798958bcb..43da94cafed 100644
--- a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
@@ -88,6 +88,10 @@ src_prepare() {
 	# https://bugzilla.gnome.org/show_bug.cgi?id=775200
 	eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2017-8872.patch
 
+	# CVE-2018-14567
+	# https://bugzilla.gnome.org/show_bug.cgi?id=794914
+	eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2018-14567.patch
+
 	if [[ ${CHOST} == *-darwin* ]] ; then
 		# Avoid final linking arguments for python modules
 		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die

next             reply	other threads:[~2019-01-03 11:22 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-03 11:22 Mike Frysinger [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-05-05  8:00 [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/ Sam James
2024-11-10 21:11 Sam James
2023-05-10 22:01 Sam James
2022-11-29 19:59 David Seifert
2021-10-29 13:46 David Seifert
2021-05-20  1:46 Sam James
2021-05-13 17:50 Sam James
2020-12-03  0:14 Sam James
2020-10-30 22:39 Matt Turner
2020-10-30 22:34 Matt Turner
2020-01-01 16:28 Mart Raudsepp
2019-03-30 20:57 Mart Raudsepp
2019-01-03 11:22 Mike Frysinger
2019-01-03 11:22 Mike Frysinger
2018-07-25 16:47 Mart Raudsepp
2015-11-29 11:58 Justin Lecher

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0d289352d2 dfblob:1a798958bc dfblob:43da94cafe )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1546514504.2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.vapier@gentoo \
    --to=vapier@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox