commit: 04f12ff7fde845e4fc896786719fbd6a2e727666 Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> AuthorDate: Mon Jun 13 14:32:09 2016 +0000 Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> CommitDate: Mon Jun 13 14:34:40 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04f12ff7
dev-libs/expat: CVE-2012-6702 + CVE-2016-5300 (bug #577928) Package-Manager: portage-2.2.28 dev-libs/expat/expat-2.1.1-r2.ebuild | 97 +++++++++++++++ ...2.1.1-CVE-2012-6702-plus-CVE-2016-5300-v1.patch | 134 +++++++++++++++++++++ 2 files changed, 231 insertions(+) diff --git a/dev-libs/expat/expat-2.1.1-r2.ebuild b/dev-libs/expat/expat-2.1.1-r2.ebuild new file mode 100644 index 0000000..93c6fa5 --- /dev/null +++ b/dev-libs/expat/expat-2.1.1-r2.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils libtool multilib toolchain-funcs multilib-minimal + +DESCRIPTION="Stream-oriented XML parser library" +HOMEPAGE="http://expat.sourceforge.net/"; +SRC_URI="mirror://sourceforge/expat/${P}.tar.bz2" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="elibc_FreeBSD examples static-libs unicode" +RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" + +src_prepare() { + # https://bugs.gentoo.org/show_bug.cgi?id=583268 + epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch + epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch + + # https://bugs.gentoo.org/show_bug.cgi?id=577928 + epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch +} + +multilib_src_configure() { + local myconf="$(use_enable static-libs static)" + + mkdir -p "${BUILD_DIR}"{u,w} || die + + ECONF_SOURCE="${S}" econf ${myconf} + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + CPPFLAGS="${CPPFLAGS} -DXML_UNICODE" ECONF_SOURCE="${S}" econf ${myconf} + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + CPPFLAGS="${CPPFLAGS} -DXML_UNICODE_WCHAR_T" ECONF_SOURCE="${S}" econf ${myconf} + popd >/dev/null + fi +} + +multilib_src_compile() { + emake + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + emake buildlib LIBRARY=libexpatu.la + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + emake buildlib LIBRARY=libexpatw.la + popd >/dev/null + fi +} + +multilib_src_install() { + emake install DESTDIR="${D}" + + if use unicode; then + pushd "${BUILD_DIR}"u >/dev/null + emake installlib DESTDIR="${D}" LIBRARY=libexpatu.la + popd >/dev/null + + pushd "${BUILD_DIR}"w >/dev/null + emake installlib DESTDIR="${D}" LIBRARY=libexpatw.la + popd >/dev/null + + pushd "${ED}"/usr/$(get_libdir)/pkgconfig >/dev/null + cp expat.pc expatu.pc + sed -i -e '/^Libs/s:-lexpat:&u:' expatu.pc || die + cp expat.pc expatw.pc + sed -i -e '/^Libs/s:-lexpat:&w:' expatw.pc || die + popd >/dev/null + fi + + if multilib_is_native_abi ; then + # libgeom in /lib and ifconfig in /sbin require libexpat on FreeBSD since + # we stripped the libbsdxml copy starting from freebsd-lib-8.2-r1 + use elibc_FreeBSD && gen_usr_ldscript -a expat + fi +} + +multilib_src_install_all() { + dodoc Changes README + dohtml doc/* + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/*.c + fi + + prune_libtool_files +} diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2012-6702-plus-CVE-2016-5300-v1.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2012-6702-plus-CVE-2016-5300-v1.patch new file mode 100644 index 0000000..19966f4 --- /dev/null +++ b/dev-libs/expat/files/expat-2.1.1-CVE-2012-6702-plus-CVE-2016-5300-v1.patch @@ -0,0 +1,134 @@ +From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebast...@pipping.org> +Date: Wed, 16 Mar 2016 15:30:12 +0100 +Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0) + +Squashed backport against vanilla Expat 2.1.1, addressing: +* CVE-2012-6702 -- unanticipated internal calls to srand +* CVE-2016-5300 -- use of too little entropy + +Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d +(released with Expat 2.1.0) Expat called srand by itself +from inside generate_hash_secret_salt for an instance +of XML_Parser if XML_SetHashSalt was either (a) not called +for that instance or if (b) salt 0 was passed to XML_SetHashSalt +prior to parsing. That call to srand passed (rather litle) +entropy extracted from the current time as a seed for srand. + +That call to srand (1) broke repeatability for code calling +srand with a non-random seed prior to parsing with Expat, +and (2) resulted in a rather small set of hashing salts in +Expat in total. + +For a short- to mid-term fix, the new approach avoids calling +srand altogether, extracts more entropy out of the clock and +other sources, too. + +For a long term fix, we may want to read sizeof(long) bytes +from a source like getrandom(..) on Linux, and from similar +sources on other supported architectures. + +https://bugzilla.redhat.com/show_bug.cgi?id=1197087 +--- + expat/CMakeLists.txt | 3 +++ + expat/lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++------- + 2 files changed, 44 insertions(+), 7 deletions(-) + +diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt +index 353627e..524d514 100755 +--- a/expat/CMakeLists.txt ++++ b/expat/CMakeLists.txt +@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib) + if(MSVC) + add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996) + endif(MSVC) ++if(WIN32) ++ add_definitions(-DCOMPILED_FROM_DSP) ++endif(WIN32) + + set(expat_SRCS + lib/xmlparse.c +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index e308c79..c5f942f 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -6,7 +6,14 @@ + #include <string.h> /* memset(), memcpy() */ + #include <assert.h> + #include <limits.h> /* UINT_MAX */ +-#include <time.h> /* time() */ ++ ++#ifdef COMPILED_FROM_DSP ++#define getpid GetCurrentProcessId ++#else ++#include <sys/time.h> /* gettimeofday() */ ++#include <sys/types.h> /* getpid() */ ++#include <unistd.h> /* getpid() */ ++#endif + + #define XML_BUILDING_EXPAT 1 + +@@ -432,7 +439,7 @@ static ELEMENT_TYPE * + getElementType(XML_Parser parser, const ENCODING *enc, + const char *ptr, const char *end); + +-static unsigned long generate_hash_secret_salt(void); ++static unsigned long generate_hash_secret_salt(XML_Parser parser); + static XML_Bool startParsing(XML_Parser parser); + + static XML_Parser +@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = { + }; + + static unsigned long +-generate_hash_secret_salt(void) ++gather_time_entropy(void) + { +- unsigned int seed = time(NULL) % UINT_MAX; +- srand(seed); +- return rand(); ++#ifdef COMPILED_FROM_DSP ++ FILETIME ft; ++ GetSystemTimeAsFileTime(&ft); /* never fails */ ++ return ft.dwHighDateTime ^ ft.dwLowDateTime; ++#else ++ struct timeval tv; ++ int gettimeofday_res; ++ ++ gettimeofday_res = gettimeofday(&tv, NULL); ++ assert (gettimeofday_res == 0); ++ ++ /* Microseconds time is <20 bits entropy */ ++ return tv.tv_usec; ++#endif ++} ++ ++static unsigned long ++generate_hash_secret_salt(XML_Parser parser) ++{ ++ /* Process ID is 0 bits entropy if attacker has local access ++ * XML_Parser address is few bits of entropy if attacker has local access */ ++ const unsigned long entropy = ++ gather_time_entropy() ^ getpid() ^ (unsigned long)parser; ++ ++ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ ++ if (sizeof(unsigned long) == 4) { ++ return entropy * 2147483647; ++ } else { ++ return entropy * 2305843009213693951; ++ } + } + + static XML_Bool /* only valid for root parser */ +@@ -703,7 +737,7 @@ startParsing(XML_Parser parser) + { + /* hash functions must be initialized before setContext() is called */ + if (hash_secret_salt == 0) +- hash_secret_salt = generate_hash_secret_salt(); ++ hash_secret_salt = generate_hash_secret_salt(parser); + if (ns) { + /* implicit context only set for root parser, since child + parsers (i.e. external entity parsers) will inherit it +-- +2.8.2 +
