packages/xerces-c
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2018-1311

Browse Source
This commit is contained in:
wang_yue111 2021-03-23 17:09:39 +08:00
parent f14987f4a4
commit 88ea30334c
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
CVE-2018-1311.patch Normal file
View File

@ -0,0 +1,52 @@
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311
--- a/src/xercesc/internal/IGXMLScanner.cpp
+++ b/src/xercesc/internal/IGXMLScanner.cpp
@@ -1532,7 +1532,6 @@ void IGXMLScanner::scanDocTypeDecl()
DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
declDTD->setSystemId(sysId);
declDTD->setIsExternal(true);
- Janitor<DTDEntityDecl> janDecl(declDTD);
// Mark this one as a throw at end
reader->setThrowAtEnd(true);
@@ -3095,7 +3094,6 @@ Grammar* IGXMLScanner::loadDTDGrammar(co
DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
declDTD->setSystemId(src.getSystemId());
declDTD->setIsExternal(true);
- Janitor<DTDEntityDecl> janDecl(declDTD);
// Mark this one as a throw at end
newReader->setThrowAtEnd(true);
--- a/tests/expected/MemHandlerTest1.log
+++ b/tests/expected/MemHandlerTest1.log
@@ -1,4 +1,4 @@
-At destruction, domBuilderMemMonitor has 0 bytes.
-At destruction, sax2MemMonitor has 0 bytes.
-At destruction, sax1MemMonitor has 0 bytes.
+At destruction, domBuilderMemMonitor has 276 bytes.
+At destruction, sax2MemMonitor has 276 bytes.
+At destruction, sax1MemMonitor has 276 bytes.
At destruction, staticMemMonitor has 0 bytes.
--- /dev/null
+++ b/tests/expected/MemHandlerTest1_32.log
@@ -0,0 +1,4 @@
+At destruction, domBuilderMemMonitor has 180 bytes.
+At destruction, sax2MemMonitor has 180 bytes.
+At destruction, sax1MemMonitor has 180 bytes.
+At destruction, staticMemMonitor has 0 bytes.
--- a/scripts/run-test.in
+++ b/scripts/run-test.in
@@ -46,6 +46,11 @@ run_test() {
sed -i -e 's;\( *[0-9][0-9]* *ms *\);{timing removed};' "$output"
exp=$(cat "${srcdir}/expected/${name}.log")
+
+ if [ "${name}" = "MemHandlerTest1" ] && [ "$(dpkg-architecture -q DEB_HOST_ARCH_BITS)" -eq 32 ]; then
+ exp=$(cat "${srcdir}/expected/${name}_32.log")
+ fi
+
obs=$(cat "$output")
echo "------"

6
xerces-c.spec
View File

@ -1,10 +1,11 @@
Name: xerces-c Name: xerces-c
Version: 3.2.2 Version: 3.2.2
Release: 2 Release: 3
Summary: A Validating XML Parser Summary: A Validating XML Parser
License: ASL 2.0 License: ASL 2.0
URL: http://xml.apache.org/xerces-c/ URL: http://xml.apache.org/xerces-c/
Source0: http://archive.apache.org/dist/xerces/c/3/sources/xerces-c-%{version}.tar.gz Source0: http://archive.apache.org/dist/xerces/c/3/sources/xerces-c-%{version}.tar.gz
Patch1: CVE-2018-1311.patch
BuildRequires: dos2unix BuildRequires: dos2unix
@ -65,5 +66,8 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}
%doc README NOTICE CREDITS doc _docs/* %doc README NOTICE CREDITS doc _docs/*
%changelog %changelog
* Tue Mar 23 2021 wangyue <wangyue92@huawei.com> - 3.2.2-3
- fix CVE-2018-1311
* Thu Mar 05 2020 daiqianwen <daiqianwen@huawei.com> - 3.2.2-2 * Thu Mar 05 2020 daiqianwen <daiqianwen@huawei.com> - 3.2.2-2
- Package init - Package init