[libxml-libxml-perl] 01/01: Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Apr 30 13:43:29 UTC 2015
This is an automated email from the git hooks/post-receive script.
hertzog pushed a commit to branch squeeze
in repository libxml-libxml-perl.
commit 1aaf9208e438fc906bf01eb8a10ddbf7460a8613
Author: Raphaël Hertzog <hertzog at debian.org>
Date: Thu Apr 30 15:14:46 2015 +0200
Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call
Backported the upstream patch at
https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/:
* Replaced like() with ok()
* Updated number of test with the older syntax
---
debian/changelog | 8 ++++
debian/patches/CVE-2015-3451.patch | 75 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 84 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 675dc35..27a55c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libxml-libxml-perl (1.70.ds-1+deb6u1) squeeze-lts; urgency=high
+
+ * Security upload by the Debian LTS team.
+ * Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a
+ _clone() call. Backported the upstream patch.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Thu, 30 Apr 2015 15:05:14 +0200
+
libxml-libxml-perl (1.70.ds-1) unstable; urgency=low
[ Jonathan Yu ]
diff --git a/debian/patches/CVE-2015-3451.patch b/debian/patches/CVE-2015-3451.patch
new file mode 100644
index 0000000..125da55
--- /dev/null
+++ b/debian/patches/CVE-2015-3451.patch
@@ -0,0 +1,75 @@
+Description: Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call
+ Preserve unset options after a _clone() call (e.g: in load_xml()).
+Origin: backport, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/
+Bug-Debian: http://bugs.debian.org/783443
+
+--- a/LibXML.pm
++++ b/LibXML.pm
+@@ -391,8 +391,11 @@ sub _clone {
+ line_nubers => $self->{XML_LIBXML_LINENUMBERS},
+ base_uri => $self->{XML_LIBXML_BASE_URI},
+ gdome => $self->{XML_LIBXML_GDOME},
+- set_parser_flags => $self->{XML_LIBXML_PARSER_OPTIONS},
+ });
++ # The parser options may contain some options that were zeroed from the
++ # defaults so set_parser_flags won't work here. We need to assign them
++ # explicitly.
++ $new->{XML_LIBXML_PARSER_OPTIONS} = $self->{XML_LIBXML_PARSER_OPTIONS};
+ return $new;
+ }
+
+--- a/t/43options.t
++++ b/t/43options.t
+@@ -3,7 +3,7 @@
+ use Test;
+ use strict;
+ use warnings;
+-BEGIN { plan tests => 289}
++BEGIN { plan tests => 290}
+
+ use XML::LibXML;
+
+@@ -92,6 +92,43 @@ no_network
+ }
+
+ {
++ my $XML = <<'EOT';
++<?xml version="1.0" encoding="UTF-8"?>
++<!DOCTYPE title [ <!ELEMENT title ANY >
++<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
++<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
++<channel>
++ <title>XXE</title>
++ <link>example.com</link>
++ <description>XXE</description>
++ <item>
++ <title>&xxe;</title>
++ <link>example.com</link>
++ <description>XXE here</description>
++ </item>
++</channel>
++</rss>
++EOT
++
++ my $sys_line = <<'EOT';
++<!ENTITY xxe SYSTEM "file:///etc/passwd"
++EOT
++
++ chomp ($sys_line);
++
++ my $parser = XML::LibXML->new(
++ expand_entities => 0,
++ load_ext_dtd => 0,
++ no_network => 1,
++ expand_xinclude => 0,
++ );
++ my $XML_DOC = $parser->load_xml( string => $XML, );
++
++ # TEST expand_entities is preserved after _clone()/etc.
++ ok(scalar($XML_DOC->toString()), qr/\Q$sys_line\E/);
++}
++
++{
+ my $p = XML::LibXML->new(map { $_=>1 } @all);
+ for (@all) {
+ ok($p->get_option($_)==1);
diff --git a/debian/patches/series b/debian/patches/series
index 7c857d7..8b352c1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
fix_manpage_typos
fix_errmsg_typo.patch
+CVE-2015-3451.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libxml-libxml-perl.git
More information about the Pkg-perl-cvs-commits
mailing list