FreeBSD Bugzilla – Attachment 225187 Details for
Bug 256094
textproc/libxml2: Add upstream patch to fix CVE-2021-3541
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch file
textproc_libxml2.patch (text/plain), 3.21 KB, created by
Yasuhiro Kimura
on 2021-05-23 06:59:57 UTC
(
hide
)
Description:
Updated patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-05-23 06:59:57 UTC
Size:
3.21 KB
patch
obsolete
>From 983d757f5229f4d885edfc5b0c054fb3e0a73894 Mon Sep 17 00:00:00 2001 >From: Yasuhiro Kimura <yasu@utahime.org> >Date: Sun, 23 May 2021 15:34:22 +0900 >Subject: [PATCH] textproc/libxml2: Add upstream patch to fix CVE-2021-3541 > >Add upstream patch to fix CVE-2021-3541. >--- > textproc/libxml2/Makefile | 2 +- > textproc/libxml2/files/patch-CVE-2021-3541 | 67 ++++++++++++++++++++++ > 2 files changed, 68 insertions(+), 1 deletion(-) > create mode 100644 textproc/libxml2/files/patch-CVE-2021-3541 > >diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile >index 366bb9f46f5e..749bc604fe4a 100644 >--- a/textproc/libxml2/Makefile >+++ b/textproc/libxml2/Makefile >@@ -2,7 +2,7 @@ > > PORTNAME= libxml2 > DISTVERSION= 2.9.10 >-PORTREVISION?= 3 >+PORTREVISION?= 4 > CATEGORIES?= textproc gnome > MASTER_SITES= http://xmlsoft.org/sources/ > DIST_SUBDIR= gnome2 >diff --git a/textproc/libxml2/files/patch-CVE-2021-3541 b/textproc/libxml2/files/patch-CVE-2021-3541 >new file mode 100644 >index 000000000000..3ba64fa1d967 >--- /dev/null >+++ b/textproc/libxml2/files/patch-CVE-2021-3541 >@@ -0,0 +1,67 @@ >+From 8598060bacada41a0eb09d95c97744ff4e428f8e Mon Sep 17 00:00:00 2001 >+From: Daniel Veillard <veillard@redhat.com> >+Date: Thu, 13 May 2021 14:55:12 +0200 >+Subject: [PATCH] Patch for security issue CVE-2021-3541 >+ >+This is relapted to parameter entities expansion and following >+the line of the billion laugh attack. Somehow in that path the >+counting of parameters was missed and the normal algorithm based >+on entities "density" was useless. >+--- >+ parser.c | 26 ++++++++++++++++++++++++++ >+ 1 file changed, 26 insertions(+) >+ >+diff --git parser.c parser.c >+index f5e5e169..c9312fa4 100644 >+--- parser.c >++++ parser.c >+@@ -140,6 +140,7 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, >+ xmlEntityPtr ent, size_t replacement) >+ { >+ size_t consumed = 0; >++ int i; >+ >+ if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) >+ return (0); >+@@ -177,6 +178,28 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, >+ rep = NULL; >+ } >+ } >++ >++ /* >++ * Prevent entity exponential check, not just replacement while >++ * parsing the DTD >++ * The check is potentially costly so do that only once in a thousand >++ */ >++ if ((ctxt->instate == XML_PARSER_DTD) && (ctxt->nbentities > 10000) && >++ (ctxt->nbentities % 1024 == 0)) { >++ for (i = 0;i < ctxt->inputNr;i++) { >++ consumed += ctxt->inputTab[i]->consumed + >++ (ctxt->inputTab[i]->cur - ctxt->inputTab[i]->base); >++ } >++ if (ctxt->nbentities > consumed * XML_PARSER_NON_LINEAR) { >++ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); >++ ctxt->instate = XML_PARSER_EOF; >++ return (1); >++ } >++ consumed = 0; >++ } >++ >++ >++ >+ if (replacement != 0) { >+ if (replacement < XML_MAX_TEXT_LENGTH) >+ return(0); >+@@ -7963,6 +7986,9 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) >+ xmlChar start[4]; >+ xmlCharEncoding enc; >+ >++ if (xmlParserEntityCheck(ctxt, 0, entity, 0)) >++ return; >++ >+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && >+ ((ctxt->options & XML_PARSE_NOENT) == 0) && >+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && >+-- >+2.31.1 >+ >-- >2.31.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=225187">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256094
:
225186
| 225187