diff --git a/SOURCES/XMLReader.cpp.patch b/SOURCES/XMLReader.cpp.patch new file mode 100644 index 0000000..d315af5 --- /dev/null +++ b/SOURCES/XMLReader.cpp.patch @@ -0,0 +1,57 @@ +diff -urNp xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp xerces-c-3.1.1-patch/src/xercesc/internal/XMLReader.cpp +--- xerces-c-3.1.1/src/xercesc/internal/XMLReader.cpp 2010-01-20 12:06:14.000000000 -0500 ++++ xerces-c-3.1.1-patch/src/xercesc/internal/XMLReader.cpp 2015-06-22 12:20:22.131498873 -0400 +@@ -1460,6 +1460,17 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { ++ // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume. ++ if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // Get out the current 4 byte value and inc our raw buf index + UCS4Ch curVal = *asUCS++; + fRawBufIndex += sizeof(UCS4Ch); +@@ -1619,6 +1630,17 @@ void XMLReader::doInitDecode() + + while (fRawBufIndex < fRawBytesAvail) + { ++ // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume. ++ if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ TranscodingException ++ , XMLExcepts::Reader_CouldNotDecodeFirstLine ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // Get out the current 2 byte value + UTF16Ch curVal = *asUTF16++; + fRawBufIndex += sizeof(UTF16Ch); +@@ -1708,6 +1730,17 @@ void XMLReader::doInitDecode() + // + void XMLReader::refreshRawBuffer() + { ++ // Security fix: make sure we don't underflow on the subtraction. ++ if (fRawBufIndex > fRawBytesAvail) { ++ ThrowXMLwithMemMgr1 ++ ( ++ RuntimeException ++ , XMLExcepts::Str_StartIndexPastEnd ++ , fSystemId ++ , fMemoryManager ++ ); ++ } ++ + // + // If there are any bytes left, move them down to the start. There + // should only ever be (max bytes per char - 1) at the most. diff --git a/SPECS/xerces-c.spec b/SPECS/xerces-c.spec index 180726f..8d0c0ef 100644 --- a/SPECS/xerces-c.spec +++ b/SPECS/xerces-c.spec @@ -1,12 +1,13 @@ Summary: Validating XML Parser Name: xerces-c Version: 3.1.1 -Release: 6%{?dist} +Release: 7%{?dist} License: ASL 2.0 Group: System Environment/Libraries URL: http://xml.apache.org/xerces-c/ Source0: http://archive.apache.org/dist/xerces/c/3/sources/xerces-c-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Patch1: XMLReader.cpp.patch BuildRequires: dos2unix @@ -46,7 +47,8 @@ write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. %prep -%setup -q +%setup -q +%patch1 -p1 # Copy samples before build to avoid including built binaries in -doc package mkdir -p _docs cp -a samples/ _docs/ @@ -96,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %doc README LICENSE NOTICE CREDITS doc _docs/* %changelog +* Mon Jun 22 2015 Avesh Agarwal - 3.1.1-7 +Resolves: rhbz#1217104 CVE-2015-0252 + * Fri Jan 24 2014 Daniel Mach - 3.1.1-6 - Mass rebuild 2014-01-24