Bug#774358: libxml2: CVE-2014-3660 patch makes installation-guide FTBFS

Thu, 26 Mar 2015 00:48:46 -0700 

Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a écrit :
> Control: found -1 2.8.0+dfsg1-7+wheezy3
> 
> This is still an issue in stable, the proposed patch was not applied
> there, and thus installation-guide still FTBFS on wheezy, notably on our
> dillon.debian.org machine, thus making http://d-i.debian.org/manual/
> completely out of date. Could this be proposed for stable update?
> 
> I have attached the proposed patch again.

Just to insist: while the symptoms of my report (#774358) may look like
#768089, the *actual* bug is *not* the same. Please read my bug report
and the proposed patch again: the issue is that the security fix for
CVE-2014-3660 from a newer version of libxml2 (2.9.x) was backported
into the libxml2 of wheezy (2.8.x) without noticing the subtle source
code difference which does matter a lot.

Samuel

--- libxml2-2.8.0+dfsg1/debian/patches/cve-2014-3660.patch.original     
2015-01-01 14:48:26.337554556 +0100
+++ libxml2-2.8.0+dfsg1/debian/patches/cve-2014-3660.patch      2015-01-01 
14:48:53.000874666 +0100
@@ -6,11 +6,11 @@
  parser.c |   42 ++++++++++++++++++++++++++++++++++++++----
  1 file changed, 38 insertions(+), 4 deletions(-)
 
-diff --git a/parser.c b/parser.c
-index 7ef712d..b435913 100644
---- a/parser.c
-+++ b/parser.c
-@@ -127,6 +127,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+Index: libxml2-2.8.0+dfsg1/parser.c
+===================================================================
+--- libxml2-2.8.0+dfsg1.orig/parser.c  2015-01-01 13:20:23.913738969 +0000
++++ libxml2-2.8.0+dfsg1/parser.c       2015-01-01 13:47:31.930940787 +0000
+@@ -127,6 +127,27 @@
          return (0);
      if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
          return (1);
@@ -29,10 +29,8 @@
 +      rep = xmlStringDecodeEntities(ctxt, ent->content,
 +                                XML_SUBSTITUTE_REF, 0, 0, 0);
 +
-+      ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
++      ent->checked = ctxt->nbentities - oldnbent + 1;
 +      if (rep != NULL) {
-+          if (xmlStrchr(rep, '<'))
-+              ent->checked |= 1;
 +          xmlFree(rep);
 +          rep = NULL;
 +      }


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to