rpms/gnome-vfs2/devel gnome-vfs-2.24.3-CVE-2009-2473.patch, NONE, 1.1 gnome-vfs2.spec, 1.199, 1.200
Tomas Bzatek
tbzatek at fedoraproject.org
Wed Dec 2 13:56:11 UTC 2009
Author: tbzatek
Update of /cvs/extras/rpms/gnome-vfs2/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10628
Modified Files:
gnome-vfs2.spec
Added Files:
gnome-vfs-2.24.3-CVE-2009-2473.patch
Log Message:
* Wed Dec 2 2009 Tomas Bzatek <tbzatek at redhat.com> - 2.24.2-3
- Patch security hole in embedded neon (CVE-2009-2473)
gnome-vfs-2.24.3-CVE-2009-2473.patch:
ne_xml.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
--- NEW FILE gnome-vfs-2.24.3-CVE-2009-2473.patch ---
Index: gnome-vfs-2.24.2/imported/neon/ne_xml.c
===================================================================
--- gnome-vfs-2.24.2/imported/neon/ne_xml.c (revision 1687)
+++ gnome-vfs-2.24.2/imported/neon/ne_xml.c (revision 1688)
@@ -405,6 +405,28 @@
destroy_element(elm);
}
+#if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1
+/* Stop the parser if an entity declaration is hit. */
+static void entity_declaration(void *userData, const XML_Char *entityName,
+ int is_parameter_entity, const XML_Char *value,
+ int value_length, const XML_Char *base,
+ const XML_Char *systemId, const XML_Char *publicId,
+ const XML_Char *notationName)
+{
+ ne_xml_parser *parser = userData;
+
+ NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n",
+ entityName);
+
+ XML_StopParser(parser->parser, XML_FALSE);
+}
+#elif defined(HAVE_EXPAT)
+/* A noop default_handler. */
+static void default_handler(void *userData, const XML_Char *s, int len)
+{
+}
+#endif
+
/* Find a namespace definition for 'prefix' in given element, where
* length of prefix is 'pfxlen'. Returns the URI or NULL. */
static const char *resolve_nspace(const struct element *elm,
@@ -459,14 +481,34 @@
XML_SetCharacterDataHandler(p->parser, char_data);
XML_SetUserData(p->parser, (void *) p);
XML_SetXmlDeclHandler(p->parser, decl_handler);
+
+ /* Prevent the "billion laughs" attack against expat by disabling
+ * internal entity expansion. With 2.x, forcibly stop the parser
+ * if an entity is declared - this is safer and a more obvious
+ * failure mode. With older versions, installing a noop
+ * DefaultHandler means that internal entities will be expanded as
+ * the empty string, which is also sufficient to prevent the
+ * attack. */
+#if XML_MAJOR_VERSION > 1
+ XML_SetEntityDeclHandler(p->parser, entity_declaration);
#else
+ XML_SetDefaultHandler(p->parser, default_handler);
+#endif
+
+#else /* HAVE_LIBXML */
p->parser = xmlCreatePushParserCtxt(&sax_handler,
(void *)p, NULL, 0, NULL);
if (p->parser == NULL) {
abort();
}
+#if LIBXML_VERSION < 20602
p->parser->replaceEntities = 1;
+#else
+ /* Enable expansion of entities, and disable network access. */
+ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET);
#endif
+
+#endif /* HAVE_LIBXML || HAVE_EXPAT */
return p;
}
Index: gnome-vfs2.spec
===================================================================
RCS file: /cvs/extras/rpms/gnome-vfs2/devel/gnome-vfs2.spec,v
retrieving revision 1.199
retrieving revision 1.200
diff -u -p -r1.199 -r1.200
--- gnome-vfs2.spec 4 Nov 2009 14:55:22 -0000 1.199
+++ gnome-vfs2.spec 2 Dec 2009 13:56:11 -0000 1.200
@@ -14,7 +14,7 @@
Summary: The GNOME virtual file-system libraries
Name: gnome-vfs2
Version: 2.24.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: LGPLv2+ and GPLv2+
# the daemon and the library are LGPLv2+
# the modules are LGPLv2+ and GPLv2+
@@ -59,6 +59,10 @@ Patch3: gnome-vfs-2.9.90-modules-conf.pa
# remove gnome-mime-data dependency
Patch4: gnome-vfs-2.24.1-disable-gnome-mime-data.patch
+# CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack
+# https://bugzilla.redhat.com/show_bug.cgi?id=518215
+Patch5: gnome-vfs-2.24.3-CVE-2009-2473.patch
+
# send to upstream
Patch101: gnome-vfs-2.8.2-schema_about_for_upstream.patch
@@ -126,6 +130,7 @@ shares (SMB) to applications using GNOME
%patch3 -p1 -b .modules-conf
%patch4 -p1 -b .mime-data
+%patch5 -p1 -b .CVE-2009-2473
%patch6 -p1 -b .mailto-command
@@ -261,6 +266,9 @@ fi
%config %{_sysconfdir}/gnome-vfs-2.0/modules/smb-module.conf
%changelog
+* Wed Dec 2 2009 Tomas Bzatek <tbzatek at redhat.com> - 2.24.2-3
+- Patch security hole in embedded neon (CVE-2009-2473)
+
* Wed Nov 04 2009 Bastien Nocera <bnocera at redhat.com> 2.24.2-2
- Set a default media player application in the schemas
More information about the scm-commits
mailing list