From e414eaa362f55e149ec9f068e19123017859eb56 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Sun, 20 Sep 2020 16:21:26 +0800
Subject: [PATCH] fix CVE-2017-12629

---
 CVE-2017-12629.patch | 138 +++++++++++++++++++++++++++++++++++++++++++
 lucene3.spec         |   7 ++-
 2 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2017-12629.patch

diff --git a/CVE-2017-12629.patch b/CVE-2017-12629.patch
new file mode 100644
index 0000000..49e5404
--- /dev/null
+++ b/CVE-2017-12629.patch
@@ -0,0 +1,138 @@
+From 1853361e9f49f6b04aa5cd9ead85cf4620d4d249 Mon Sep 17 00:00:00 2001
+From: Christine Poerschke <cpoerschke@apache.org>
+Date: Fri, 13 Oct 2017 12:46:58 +0100
+Subject: [PATCH] SOLR-11477: Disallow resolving of external entities in
+Lucene
+ queryparser/xml/CoreParser and SolrCoreParser (defType=xmlparser or
+ {!xmlparser ...}) by default.
+
+(Michael Stepankin, Olga Barinova, Uwe Schindler, Christine Poerschke)
+
+---
+ .../apache/lucene/xmlparser/CoreParser.java   | 74 +++++++++++++++----
+ 1 file changed, 58 insertions(+), 16 deletions(-)
+
+diff --git a/contrib/xml-query-parser/src/java/org/apache/lucene/xmlparser/CoreParser.java b/contrib/xml-query-parser/src/java/org/apache/lucene/xmlparser/CoreParser.java
+index c84b90a..68c1529 100644
+--- a/contrib/xml-query-parser/src/java/org/apache/lucene/xmlparser/CoreParser.java
++++ b/contrib/xml-query-parser/src/java/org/apache/lucene/xmlparser/CoreParser.java
+@@ -1,9 +1,12 @@
+ package org.apache.lucene.xmlparser;
+ 
+ import java.io.InputStream;
++import java.util.Locale;
+ 
++import javax.xml.XMLConstants;
+ import javax.xml.parsers.DocumentBuilder;
+ import javax.xml.parsers.DocumentBuilderFactory;
++import javax.xml.parsers.ParserConfigurationException;
+ 
+ import org.apache.lucene.analysis.Analyzer;
+ import org.apache.lucene.queryParser.QueryParser;
+@@ -11,6 +14,10 @@ import org.apache.lucene.search.Query;
+ import org.apache.lucene.xmlparser.builders.*;
+ import org.w3c.dom.Document;
+ import org.w3c.dom.Element;
++import org.xml.sax.EntityResolver;
++import org.xml.sax.ErrorHandler;
++import org.xml.sax.SAXException;
++import org.xml.sax.InputSource;
+ 
+ /**
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+@@ -123,7 +130,11 @@ public class CoreParser implements QueryBuilder
+ 		sqof.addBuilder("SpanNot",snot);
+ 		queryFactory.addBuilder("SpanNot",snot);	
+ 	}
+-	
++
++  /**
++   * Parses the given stream as XML file and returns a {@link Query}.
++   * By default this disallows external entities for security reasons.
++   */	
+ 	public Query parse(InputStream xmlStream) throws ParserException
+ 	{
+ 		return getQuery(parseXML(xmlStream).getDocumentElement());
+@@ -138,28 +149,49 @@ public class CoreParser implements QueryBuilder
+ 		filterFactory.addBuilder(nodeName,builder);
+ 	}
+ 	
+-	private static Document parseXML(InputStream pXmlFile) throws ParserException
+-	{
+-		DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+-		DocumentBuilder db = null;
++  /**
++   * Returns a SAX {@link EntityResolver} to be used by {@link DocumentBuilder}.
++   * By default this returns {@link #DISALLOW_EXTERNAL_ENTITY_RESOLVER}, which disallows the
++   * expansion of external entities (for security reasons). To restore legacy behavior,
++   * override this method to return {@code null}.
++   */
++  protected EntityResolver getEntityResolver() {
++    return DISALLOW_EXTERNAL_ENTITY_RESOLVER;
++  }
++
++  /**
++   * Subclass and override to return a SAX {@link ErrorHandler} to be used by {@link DocumentBuilder}.
++   * By default this returns {@code null} so no error handler is used.
++   * This method can be used to redirect XML parse errors/warnings to a custom logger.
++   */
++  protected ErrorHandler getErrorHandler() {
++    return null;
++  }
++
++  private Document parseXML(InputStream pXmlFile) throws ParserException {
++    final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
++    dbf.setValidating(false);
+ 		try
+ 		{
+-			db = dbf.newDocumentBuilder();
+-		}
+-		catch (Exception se)
+-		{
+-			throw new ParserException("XML Parser configuration error", se);
++			dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
++		      } catch (ParserConfigurationException e) {
++			// ignore since all implementations are required to support the
++			// {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} feature
+ 		}
+-		org.w3c.dom.Document doc = null;
++		final DocumentBuilder db;
+ 		try
+ 		{
+-			doc = db.parse(pXmlFile);
++			db = dbf.newDocumentBuilder();
++		      } catch (Exception se) {
++			throw new ParserException("XML Parser configuration error.", se);
+ 		}
+-		catch (Exception se)
+-		{
+-			throw new ParserException("Error parsing XML stream:" + se, se);
++		try {
++		  db.setEntityResolver(getEntityResolver());
++		  db.setErrorHandler(getErrorHandler());
++		  return db.parse(pXmlFile);
++		} catch (Exception se) {
++		  throw new ParserException("Error parsing XML stream: " + se, se);
+ 		}
+-		return doc;
+ 	}
+ 	
+ 
+@@ -167,4 +199,14 @@ public class CoreParser implements QueryBuilder
+ 	{
+ 		return queryFactory.getQuery(e);
+ 	}
++
++	public static final EntityResolver DISALLOW_EXTERNAL_ENTITY_RESOLVER = new EntityResolver() {
++	@Override
++	public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
++	  throw new SAXException(String.format(Locale.ENGLISH,
++	      "External Entity resolving unsupported:  publicId=\"%s\" systemId=\"%s\"",
++	      publicId, systemId));
++	 }
++	};
++
+ }
+-- 
+2.23.0
+
diff --git a/lucene3.spec b/lucene3.spec
index 71e4164..6827fb5 100644
--- a/lucene3.spec
+++ b/lucene3.spec
@@ -1,7 +1,7 @@
 Summary:             High-performance, full-featured text search engine
 Name:                lucene3
 Version:             3.6.2
-Release:             1
+Release:             2
 Epoch:               0
 License:             ASL 2.0 and BSD
 URL:                 http://lucene.apache.org/
@@ -12,6 +12,7 @@ Patch0:              lucene_contrib_icu4j_v50.patch
 Patch1:              lucene-3.6.2-hamcrest-core.patch
 Patch2:              lucene-3.6.2-javascript.patch
 Patch3:              test-framework.patch
+Patch4:              CVE-2017-12629.patch
 #svn export http://svn.apache.org/repos/asf/lucene/dev/tags/lucene_solr_3_6_2/dev-tools@r145
 #tar caf dev-tools.tar.xz dev-tools/
 Source4:             dev-tools.tar.xz
@@ -51,6 +52,7 @@ sed -i -e "s|3.5.0|3.6.2|g" backwards/ivy.xml
 %patch1 -p1
 %patch2 -p1
 %patch3 -p0
+%patch4 -p1
 
 %build
 mkdir -p docs
@@ -113,5 +115,8 @@ done
 %license LICENSE.txt NOTICE.txt
 
 %changelog
+* Sun 20 Sep 2020 wangyue <wangyue92@huawei.com> - 3.6.2-2
+- fix CVE-2017-12629
+
 * Sat Aug 22 2020 Jeffery.Gao <gaojianxing@huawei.com> - 3.6.2-1
 - package init