aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/expat-CVE-2024-45491.patch
blob: 8ff10559bf1f0a35da69f1ac45b28303bd878048 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421.patch
Fixed in 2.6.3.

From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 19 Aug 2024 22:34:13 +0200
Subject: [PATCH] lib: Detect integer overflow in dtdCopy

Reported by TaiYou
---
 expat/lib/xmlparse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 91682c188..e2327bdcf 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
     if (! newE)
       return 0;
     if (oldE->nDefaultAtts) {
+      /* Detect and prevent integer overflow.
+       * The preprocessor guard addresses the "always false" warning
+       * from -Wtype-limits on platforms where
+       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+      if ((size_t)oldE->nDefaultAtts
+          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
+        return 0;
+      }
+#endif
       newE->defaultAtts
           = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
       if (! newE->defaultAtts) {
generated by cgit
ld]: Call 'make-config.scm' without #:libgcrypt. (docker-image)[config, json]: Remove. [build]: Add GUILE-GCRYPT to the extensions Remove (guix config) from the imported modules. * guix/self.scm (specification->package): Remove "libgcrypt", add "guile-gcrypt". (compiled-guix): Remove #:libgcrypt. [guile-gcrypt]: New variable. [dependencies]: Add it. [*core-modules*]: Remove #:libgcrypt from 'make-config.scm' call. Add #:extensions. [*config*]: Remove #:libgcrypt from 'make-config.scm' call. (%dependency-variables): Remove %libgcrypt. (make-config.scm): Remove #:libgcrypt. * build-aux/build-self.scm (guile-gcrypt): New variable. (make-config.scm): Remove #:libgcrypt. (build-program)[fake-gcrypt-hash]: New variable. Add (gcrypt hash) to the imported modules. Adjust load path assignments. * gnu/packages/package-management.scm (guix)[propagated-inputs]: Add GUILE-GCRYPT. [arguments]: In 'wrap-program' phase, add GUILE-GCRYPT to the search path. Ludovic Courtès 2018-08-24import: cpan: Adjust test to new URL....This is a followup to 9aba9b127840a116c806a2cbac901cf8077abcd0. * tests/cpan.scm ("cpan->guix-package"): Adjust 'home-page' URL. Ludovic Courtès 2017-10-30Revert "import: cpan: Use HTTPS for home pages."...This reverts commit 29f7bf59d5d4d4b848eaedc6766bb4e02cae20d3: HTTPS support at search.cpan.org is unreliable, at best. Don't rely on it. Tobias Geerinckx-Rice 2017-10-29import: cpan: Use HTTPS for home pages....* guix/import/cpan.scm (cpan-home): Use HTTPS. * tests/cpan.scm ("cpan->guix-package"): Expect it. Tobias Geerinckx-Rice 2017-10-28import: cpan: Add trailing "/" on home-page....This appeases 'guix lint', which otherwise complains about permanent redirects. * guix/import/cpan.scm (cpan-module->sexp): Add trailing "/" on home-page. * tests/cpan.scm ("cpan->guix-package"): Adjust accordingly. Eric Bavier 2017-10-28import: cpan: Propagate imported dependencies....This is most often the need for perl module dependencies. * guix/import/cpan.scm (cpan-module->sexp): 'inputs -> 'propagated-inputs. * tests/cpan.scm ("cpan->guix-package"): Adjust accordingly. Eric Bavier 2017-09-14import: cpan: Adjust expected license in tests....This is a followup to 01ef804d69b2e57dd7b1d3d13e66e3f67e7c548a. * tests/cpan.scm ("cpan->guix-package"): Expect 'perl-license'. Ludovic Courtès 2017-06-07import: cpan: Update CPAN importer to use MetaCPAN v1 API....* guix/import/cpan.scm (module->dist-name, cpan-fetch): Use metacpan.org URLs. * tests/cpan.scm ("cpan->guix-package"): Adjust accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org> James Richardson 2017-02-13tests: Adjust for 'http-fetch' change in (guix import json)....This is a followup to commit 81e0bc1834490a1a8092c75a0733b15c2b407285. * tests/cpan.scm ("cpan->guix-package"): Add a 'rest' argument to the lambda that mocks 'http-fetch'. * tests/crate.scm ("crate->guix-package"): Likewise. * tests/gem.scm ("gem->guix-package"): Likewise. * tests/pypi.scm ("pypi->guix-package"): Likewise. ("pypi->guix-package, wheels"): Likewise. Ludovic Courtès 2016-12-18tests: Mock up http-fetch....This is a follow-up to commit 63773200d7ac68fcaee6efd9ffe8ea7aa3fafa38. * tests/cpan.scm ("cpan->guix-package"): Add mock definition of http-fetch. Ricardo Wurmus 2016-12-18tests: Adjust cpan tests....This is a follow-up to commit ff55fe559951b88bfd691b9dada3a0f26002c4cb. * tests/cpan.scm (source-url-http, source-url-https): Use cpan-source-url. Ricardo Wurmus 2016-11-10tests: Adjust 'url-fetch' mocks to TLS changes....This is a followup to bc3c41ce36349ed4ec758c70b48a7059e363043a. * tests/cpan.scm ("cpan->guix-package"): Add #:verify-certificate? parameter in 'url-fetch' mock. * tests/cran.scm ("description->package"): Likewise. Ludovic Courtès 2016-08-31tests: cpan: Fix mock urls....Followup to 7a62263ee5. * tests/cpan.scm (cpan->guix-package): Use "https" in mock urls. Eric Bavier 2016-07-03import: cpan: Use our mirrors for 'https' URLs....* guix/import/cpan.scm (fix-source-url): New procedure. (cpan-module->sexp): Use it to construct our source-url. * tests/cpan.scm: Add tests for fix-source-url. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Alex Sassmannshausen 2016-04-03build: Add a Guile custom test driver using SRFI-64....Before that '.log' files for scheme tests were fragmented and not included in test-suite.log. This unifies the semantics of SRFI-64 API with Automake test suite. * build-aux/test-driver.scm: New file. * Makefile.am (SCM_LOG_DRIVER, AM_SCM_LOG_DRIVER_FLAGS): New variables. (SCM_LOG_COMPILER, AM_SCM_LOG_FLAGS): Delete variables. (AM_TESTS_ENVIRONMENT): Set GUILE_AUTO_COMPILE to 0. * test-env.in: Silence guix-daemon. * doc/guix.texi (Running the Test Suite): Describe how to display the detailed results. Bug reports require only 'test-suite.log' file. * tests/base32.scm, tests/build-utils.scm, tests/builders.scm, tests/challenge.scm, tests/cpan.scm, tests/cpio.scm, tests/cran.scm, tests/cve.scm, tests/derivations.scm, tests/elpa.scm, tests/file-systems.scm, tests/gem.scm, tests/gexp.scm, tests/gnu-maintenance.scm, tests/grafts.scm, tests/graph.scm, tests/gremlin.scm, tests/hackage.scm, tests/hash.scm, tests/import-utils.scm, tests/lint.scm, tests/monads.scm, tests/nar.scm, tests/packages.scm, tests/pk-crypto.scm, tests/pki.scm, tests/profiles.scm, tests/publish.scm, tests/pypi.scm, tests/records.scm, tests/scripts-build.scm, tests/scripts.scm, tests/services.scm, tests/sets.scm, tests/size.scm, tests/snix.scm, tests/store.scm, tests/substitute.scm, tests/syscalls.scm, tests/system.scm, tests/ui.scm, tests/union.scm, tests/upstream.scm, tests/utils.scm: Don't exit at the end of test groups. * tests/containers.scm: Likewise. Use 'test-skip' instead of exiting with error code 77. Mathieu Lirzin 2016-03-06tests: Disable grafting by default for most tests....This allows tests to run as expected even in the presence of replacements among the bootstrap packages, such as Perl (commit d8173f21f7b4e3cb83541b8fa70621d2b6d4ce1c). * tests/cpan.scm: Add (%graft? #f). * tests/derivations.scm: Likewise. * tests/graph.scm: Likewise. * tests/monads.scm: Likewise. * tests/profiles.scm: Likewise. * tests/gexp.scm: Likewise. ("gexp->derivation vs. grafts"): Explicitly reenable grafting before, and disable it after, using 'set-grafting'. Ludovic Courtès