~ruther/guix-local

7c3f22e9c3311dcb27e9b8bd31c6fa6eb0a549d8 — Leo Famulari 8 years ago 3b1ada0 
gnu: libxml2: Fix CVE-2017-15412.

* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
patch browse .tar.gz 
3 files changed, 50 insertions(+), 1 deletions(-)

M gnu/local.mk
A gnu/packages/patches/libxml2-CVE-2017-15412.patch
M gnu/packages/xml.scm

M gnu/local.mk => gnu/local.mk +1 -0
@@ 862,6 862,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/libxml2-CVE-2017-7376.patch		\
  %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch	\
  %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch	\
  %D%/packages/patches/libxml2-CVE-2017-15412.patch		\
  %D%/packages/patches/libxslt-generated-ids.patch		\
  %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
  %D%/packages/patches/libxslt-CVE-2017-5029.patch		\


A gnu/packages/patches/libxml2-CVE-2017-15412.patch => gnu/packages/patches/libxml2-CVE-2017-15412.patch +47 -0
@@ 0,0 1,47 @@
Fix CVE-2017-15412:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
https://bugs.chromium.org/p/chromium/issues/detail?id=727039
https://bugzilla.redhat.com/show_bug.cgi?id=1523128
https://bugzilla.gnome.org/show_bug.cgi?id=783160

Patch copied from upstream source repository:

https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73

From 0f3b843b3534784ef57a4f9b874238aa1fda5a73 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 1 Jun 2017 23:12:19 +0200
Subject: [PATCH] Fix XPath stack frame logic

Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
xmlXPathCompOpEvalPositionalPredicate to make sure that the context
object on the stack is actually protected. Otherwise, memory corruption
can occur when calling sloppily coded XPath extension functions.

Fixes bug 783160.
---
 xpath.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xpath.c b/xpath.c
index 94815075..b816bd36 100644
--- a/xpath.c
+++ b/xpath.c
@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
 		}
 	    }
 
-            frame = xmlXPathSetFrame(ctxt);
 	    valuePush(ctxt, contextObj);
+            frame = xmlXPathSetFrame(ctxt);
 	    res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
-            tmp = valuePop(ctxt);
             xmlXPathPopFrame(ctxt, frame);
+            tmp = valuePop(ctxt);
 
 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
                 while (tmp != contextObj) {
-- 
2.15.1



M gnu/packages/xml.scm => gnu/packages/xml.scm +2 -1
@@ 155,7 155,8 @@ project (but it is usable outside of the Gnome platform).")
                        "libxml2-CVE-2017-7375.patch"
                        "libxml2-CVE-2017-7376.patch"
                        "libxml2-CVE-2017-9047+CVE-2017-9048.patch"
                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))))
                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch"
                        "libxml2-CVE-2017-15412.patch")))))))

(define-public python-libxml2
  (package (inherit libxml2)