From 2f8268a0b549b9c08744d8bc05e2cf135e40be99 Mon Sep 17 00:00:00 2001 From: Jack Hill Date: Thu, 4 Jul 2019 19:41:30 -0400 Subject: [PATCH 2/2] gnu: expat: fix CVE-2018-20843. * gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2018-20843.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file. --- gnu/local.mk | 7 ++++--- gnu/packages/patches/expat-CVE-2018-20843.patch | 16 ++++++++++++++++ gnu/packages/xml.scm | 9 +++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/expat-CVE-2018-20843.patch diff --git a/gnu/local.mk b/gnu/local.mk index 6e90d88689..bcf47d7378 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -764,20 +764,21 @@ dist_patch_DATA = \ %D%/packages/patches/einstein-build.patch \ %D%/packages/patches/emacs-exec-path.patch \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ - %D%/packages/patches/emacs-json-reformat-fix-tests.patch \ %D%/packages/patches/emacs-highlight-stages-add-gexp.patch \ + %D%/packages/patches/emacs-json-reformat-fix-tests.patch \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ - %D%/packages/patches/emacs-unpackaged-req.patch \ %D%/packages/patches/emacs-undohist-ignored.patch \ + %D%/packages/patches/emacs-unpackaged-req.patch \ %D%/packages/patches/emacs-wordnut-require-adaptive-wrap.patch \ %D%/packages/patches/emacs-zones-called-interactively.patch \ %D%/packages/patches/enlightenment-fix-setuid-path.patch \ %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/exiv2-CVE-2017-14860.patch \ %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch \ + %D%/packages/patches/exiv2-CVE-2017-14860.patch \ + %D%/packages/patches/expat-CVE-2018-20843.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..dd64b91965 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,16 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index dab6597690..8c289c5cbe 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -67,6 +67,7 @@ (let ((dot->underscore (lambda (c) (if (equal? #\. c) #\_ c)))) (package (name "expat") + (replacement expat/fixed) (version "2.2.6") (source (origin (method url-fetch) @@ -89,6 +90,14 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat)))) +(define expat/fixed + (package + (inherit expat) + (source + (origin + (inherit (package-source expat)) + (patches (search-patches "expat-CVE-2018-20843.patch")))))) + (define-public libebml (package (name "libebml") -- 2.22.0