From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1064998-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 0B717138334
	for <garchives@archives.gentoo.org>; Thu,  3 Jan 2019 11:22:11 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E5D60E09E7;
	Thu,  3 Jan 2019 11:22:09 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B0C5CE09E7
	for <gentoo-commits@lists.gentoo.org>; Thu,  3 Jan 2019 11:22:08 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 2A36D335D0F
	for <gentoo-commits@lists.gentoo.org>; Thu,  3 Jan 2019 11:22:07 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 433A14F2
	for <gentoo-commits@lists.gentoo.org>; Thu,  3 Jan 2019 11:22:05 +0000 (UTC)
From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" <vapier@gentoo.org>
Message-ID: <1546514504.2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.vapier@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/libxml2/, dev-libs/libxml2/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
X-VCS-Directories: dev-libs/libxml2/ dev-libs/libxml2/files/
X-VCS-Committer: vapier
X-VCS-Committer-Name: Mike Frysinger
X-VCS-Revision: 2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226
X-VCS-Branch: master
Date: Thu,  3 Jan 2019 11:22:05 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: e4fe5c75-5991-4405-919d-76065af88a04
X-Archives-Hash: 7043139dc3d6ecea6c9c36e31d9a2087

commit:     2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226
Author:     Micah Morton <mortonm <AT> chromium <DOT> org>
AuthorDate: Fri Oct 19 18:01:18 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan  3 11:21:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2acfef7f

dev-libs/libxml2: fix CVE-2018-14567

Signed-off-by: Micah Morton <mortonm <AT> chromium.org>
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .../files/libxml2-2.9.8-CVE-2018-14567.patch       | 50 ++++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.9.8-r1.ebuild           |  4 ++
 2 files changed, 54 insertions(+)

diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch
new file mode 100644
index 00000000000..0d289352d2f
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch
@@ -0,0 +1,50 @@
+From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 30 Jul 2018 13:14:11 +0200
+Subject: [PATCH] Fix infinite loop in LZMA decompression
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the liblzma error code more thoroughly to avoid infinite loops.
+
+Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+This is CVE-2018-9251 and CVE-2018-14567.
+
+Thanks to Dongliang Mu and Simon Wörner for the reports.
+---
+ xzlib.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index a839169ef2ec..0ba88cfa849d 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
+                          "internal error: inflate stream corrupt");
+                 return -1;
+             }
++            /*
++             * FIXME: Remapping a couple of error codes and falling through
++             * to the LZMA error handling looks fragile.
++             */
+             if (ret == Z_MEM_ERROR)
+                 ret = LZMA_MEM_ERROR;
+             if (ret == Z_DATA_ERROR)
+@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_PROG_ERROR, "compression error");
+             return -1;
+         }
++        if ((state->how != GZIP) &&
++            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
++            xz_error(state, ret, "lzma error");
++            return -1;
++        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.19.1
+

diff --git a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
index 1a798958bcb..43da94cafed 100644
--- a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
+++ b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild
@@ -88,6 +88,10 @@ src_prepare() {
 	# https://bugzilla.gnome.org/show_bug.cgi?id=775200
 	eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2017-8872.patch
 
+	# CVE-2018-14567
+	# https://bugzilla.gnome.org/show_bug.cgi?id=794914
+	eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2018-14567.patch
+
 	if [[ ${CHOST} == *-darwin* ]] ; then
 		# Avoid final linking arguments for python modules
 		sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die