diff mbox series

[bug#36424] expat-2.2.7 for CVE-2018-20843

Message ID alpine.DEB.2.20.1907101651470.17508@marsh.hcoop.net
State Accepted
Headers show
Series [bug#36424] expat-2.2.7 for CVE-2018-20843 | expand

Commit Message

Jack Hill July 10, 2019, 8:54 p.m. UTC
Please find updated patch files attached, that I think take into account 
Marius's suggestions (thanks Marius!)

Best,
Jack

P.S. I'm afraid, I'm still struggling with alpine inserting carriage returns 
in the attachments.

Comments

Marius Bakke July 11, 2019, 11 p.m. UTC | #1
Jack Hill <jackhill@jackhill.us> writes:

> Please find updated patch files attached, that I think take into account 
> Marius's suggestions (thanks Marius!)

Thank you!  I made a tiny tweak to use char=? instead of equal=? for the
character comparison.

Pushed as 5a836ce38c9c29e9c2bd306007347486b90c5064.
Jack Hill July 11, 2019, 11:09 p.m. UTC | #2
On Fri, 12 Jul 2019, Marius Bakke wrote:

> Thank you!  I made a tiny tweak to use char=? instead of equal=? for the
> character comparison.

Cool, now I know about char=? ☺

> Pushed as 5a836ce38c9c29e9c2bd306007347486b90c5064.

Thanks, and thanks for being patient with me working through the issues.

Best,
Jack
diff mbox series

Patch

From c79efd83ecaa0b541de050da035ef67d972ac458 Mon Sep 17 00:00:00 2001
From: Jack Hill <jackhill@jackhill.us>
Date: Wed, 10 Jul 2019 16:23:03 -0400
Subject: [PATCH 2/2] gnu: expat: fix CVE-2018-20843

* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
* gnu/packages/patches/expat-CVE-2018-20843.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patch file.
---
 gnu/local.mk                                  |  1 +
 .../patches/expat-CVE-2018-20843.patch        | 21 +++++++++++++++++++
 gnu/packages/xml.scm                          |  9 ++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 gnu/packages/patches/expat-CVE-2018-20843.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9a70d73759..054aa93fd5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -785,6 +785,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14860.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch	\
+  %D%/packages/patches/expat-CVE-2018-20843.patch		\
   %D%/packages/patches/extundelete-e2fsprogs-1.44.patch		\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
   %D%/packages/patches/fastcap-mulSetup.patch			\
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch
new file mode 100644
index 0000000000..216fbe9667
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2018-20843.patch
@@ -0,0 +1,21 @@ 
+Fix extraction of namespace prefix from XML name.
+Fixes CVE-2018-20843
+
+This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+
+CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5..737d7cd 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+       else
+         poolDiscard(&dtd->pool);
+       elementType->prefix = prefix;
+-
++      break;
+     }
+   }
+   return 1;
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index b6a376a405..fbd0ff284b 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -66,6 +66,7 @@ 
 (define-public expat
   (package
     (name "expat")
+    (replacement expat/fixed)
     (version "2.2.6")
     (source (let ((dot->underscore (lambda (c) (if (equal? #\. c) #\_ c))))
               (origin
@@ -88,6 +89,14 @@  stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define expat/fixed
+  (package
+    (inherit expat)
+    (source
+     (origin
+       (inherit (package-source expat))
+       (patches (search-patches "expat-CVE-2018-20843.patch"))))))
+
 (define-public libebml
   (package
     (name "libebml")
-- 
2.22.0