fix CVE-2018-1311
This commit is contained in:
wang_yue111
parent
f14987f4a4
commit
88ea30334c
52
CVE-2018-1311.patch
Normal file
52
CVE-2018-1311.patch
Normal file
@ -0,0 +1,52 @@
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311
|
||||
|
||||
--- a/src/xercesc/internal/IGXMLScanner.cpp
|
||||
+++ b/src/xercesc/internal/IGXMLScanner.cpp
|
||||
@@ -1532,7 +1532,6 @@ void IGXMLScanner::scanDocTypeDecl()
|
||||
DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
|
||||
declDTD->setSystemId(sysId);
|
||||
declDTD->setIsExternal(true);
|
||||
- Janitor<DTDEntityDecl> janDecl(declDTD);
|
||||
|
||||
// Mark this one as a throw at end
|
||||
reader->setThrowAtEnd(true);
|
||||
@@ -3095,7 +3094,6 @@ Grammar* IGXMLScanner::loadDTDGrammar(co
|
||||
DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
|
||||
declDTD->setSystemId(src.getSystemId());
|
||||
declDTD->setIsExternal(true);
|
||||
- Janitor<DTDEntityDecl> janDecl(declDTD);
|
||||
|
||||
// Mark this one as a throw at end
|
||||
newReader->setThrowAtEnd(true);
|
||||
--- a/tests/expected/MemHandlerTest1.log
|
||||
+++ b/tests/expected/MemHandlerTest1.log
|
||||
@@ -1,4 +1,4 @@
|
||||
-At destruction, domBuilderMemMonitor has 0 bytes.
|
||||
-At destruction, sax2MemMonitor has 0 bytes.
|
||||
-At destruction, sax1MemMonitor has 0 bytes.
|
||||
+At destruction, domBuilderMemMonitor has 276 bytes.
|
||||
+At destruction, sax2MemMonitor has 276 bytes.
|
||||
+At destruction, sax1MemMonitor has 276 bytes.
|
||||
At destruction, staticMemMonitor has 0 bytes.
|
||||
--- /dev/null
|
||||
+++ b/tests/expected/MemHandlerTest1_32.log
|
||||
@@ -0,0 +1,4 @@
|
||||
+At destruction, domBuilderMemMonitor has 180 bytes.
|
||||
+At destruction, sax2MemMonitor has 180 bytes.
|
||||
+At destruction, sax1MemMonitor has 180 bytes.
|
||||
+At destruction, staticMemMonitor has 0 bytes.
|
||||
--- a/scripts/run-test.in
|
||||
+++ b/scripts/run-test.in
|
||||
@@ -46,6 +46,11 @@ run_test() {
|
||||
sed -i -e 's;\( *[0-9][0-9]* *ms *\);{timing removed};' "$output"
|
||||
|
||||
exp=$(cat "${srcdir}/expected/${name}.log")
|
||||
+
|
||||
+ if [ "${name}" = "MemHandlerTest1" ] && [ "$(dpkg-architecture -q DEB_HOST_ARCH_BITS)" -eq 32 ]; then
|
||||
+ exp=$(cat "${srcdir}/expected/${name}_32.log")
|
||||
+ fi
|
||||
+
|
||||
obs=$(cat "$output")
|
||||
|
||||
echo "------"
|
||||
@ -1,10 +1,11 @@
|
||||
Name: xerces-c
|
||||
Version: 3.2.2
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: A Validating XML Parser
|
||||
License: ASL 2.0
|
||||
URL: http://xml.apache.org/xerces-c/
|
||||
Source0: http://archive.apache.org/dist/xerces/c/3/sources/xerces-c-%{version}.tar.gz
|
||||
Patch1: CVE-2018-1311.patch
|
||||
|
||||
BuildRequires: dos2unix
|
||||
|
||||
@ -65,5 +66,8 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}
|
||||
%doc README NOTICE CREDITS doc _docs/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 23 2021 wangyue <wangyue92@huawei.com> - 3.2.2-3
|
||||
- fix CVE-2018-1311
|
||||
|
||||
* Thu Mar 05 2020 daiqianwen <daiqianwen@huawei.com> - 3.2.2-2
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user