Mailinglist Archive: opensuse-commit (1737 mails)

< Previous Next >
commit libxml2 for openSUSE:12.1:Update:Test
Hello community,

here is the log from the commit of package libxml2 for
openSUSE:12.1:Update:Test checked in at 2012-02-24 13:08:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update:Test/libxml2 (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.libxml2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libxml2", Maintainer is "VCizek@xxxxxxxx"

Changes:
--------
--- /work/SRC/openSUSE:12.1:Update:Test/libxml2/libxml2.changes 2011-11-30
19:32:20.000000000 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.libxml2.new/libxml2.changes
2012-02-24 13:08:15.000000000 +0100
@@ -1,0 +2,6 @@
+Wed Feb 22 10:19:27 UTC 2012 - vcizek@xxxxxxxx
+
+- add fix for hash table collisions CVE-2012-0841 (bnc#748561)
+- renamed tarball to .gz, as it was compressed with gzip
+
+-------------------------------------------------------------------

Old:
----
libxml2-2.7.8+git20110708.tar.bz2

New:
----
libxml2-2.7.8+git20110708.tar.gz
libxml2-CVE-2012-0841.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libxml2-python.spec ++++++
--- /var/tmp/diff_new_pack.VccIi9/_old 2012-02-24 13:08:15.000000000 +0100
+++ /var/tmp/diff_new_pack.VccIi9/_new 2012-02-24 13:08:15.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libxml2-python
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
Summary: Python Bindings for libxml2
Url: http://xmlsoft.org
Group: Development/Libraries/Python
-Source: libxml2-%{version}.tar.bz2
+Source: libxml2-%{version}.tar.gz
Source1: libxml2-python-rpmlintrc
BuildRequires: libxml2-devel
BuildRequires: python-devel python-xml

++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.VccIi9/_old 2012-02-24 13:08:15.000000000 +0100
+++ /var/tmp/diff_new_pack.VccIi9/_new 2012-02-24 13:08:15.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libxml2
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,9 +24,10 @@
Summary: A Library to Manipulate XML Files
Url: http://xmlsoft.org
Group: System/Libraries
-Source: %{name}-%{version}.tar.bz2
+Source: %{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch: libxml2-CVE-2011-2821.patch
+Patch1: libxml2-CVE-2012-0841.patch
BuildRequires: pkg-config
BuildRequires: readline-devel
BuildRequires: zlib-devel
@@ -97,6 +98,7 @@
%prep
%setup -q -n %{name}-2.7.8
%patch -p1
+%patch1 -p1

%build
# needed with patch3 - until it is no longer required

++++++ libxml2-CVE-2012-0841.patch ++++++
From 8973d58b7498fa5100a876815476b81fd1a2412a Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@xxxxxxxxxx>
Date: Sat, 04 Feb 2012 11:07:44 +0000
Subject: Add hash randomization to hash and dict structures

Following http://www.ocert.org/advisories/ocert-2011-003.html
it seems that having hash randomization might be a good idea
when using XML with untrusted data
* configure.in: lookup for rand, srand and time
* dict.c: add randomization to dictionaries hash tables
* hash.c: add randomization to normal hash tables
---
diff --git a/configure.in b/configure.in
index fa80375..828b66a 100644
--- a/configure.in
+++ b/configure.in
@@ -512,6 +512,7 @@ AC_CHECK_FUNCS(strdup strndup strerror)
AC_CHECK_FUNCS(finite isnand fp_class class fpclass)
AC_CHECK_FUNCS(strftime localtime gettimeofday ftime)
AC_CHECK_FUNCS(stat _stat signal)
+AC_CHECK_FUNCS(rand srand time)

dnl Checking the standard string functions availability
AC_CHECK_FUNCS(printf sprintf fprintf snprintf vfprintf vsprintf vsnprintf
sscanf,,
diff --git a/dict.c b/dict.c
index 3eff231..ae4966b 100644
--- a/dict.c
+++ b/dict.c
@@ -2,7 +2,7 @@
* dict.c: dictionary of reusable strings, just used to avoid allocation
* and freeing operations.
*
- * Copyright (C) 2003 Daniel Veillard.
+ * Copyright (C) 2003-2012 Daniel Veillard.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -19,6 +19,28 @@
#define IN_LIBXML
#include "libxml.h"

+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+/*
+ * Following http://www.ocert.org/advisories/ocert-2011-003.html
+ * it seems that having hash randomization might be a good idea
+ * when using XML with untrusted data
+ * Note1: that it works correctly only if compiled with WITH_BIG_KEY
+ * which is the default.
+ * Note2: the fast function used for a small dict won't protect very
+ * well but since the attack is based on growing a very big hash
+ * list we will use the BigKey algo as soon as the hash size grows
+ * over MIN_DICT_SIZE so this actually works
+ */
+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME)
+#define DICT_RANDOMIZATION
+#endif
+
#include <string.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
@@ -44,23 +66,23 @@ typedef unsigned __int32 uint32_t;
#define WITH_BIG_KEY

#ifdef WITH_BIG_KEY
-#define xmlDictComputeKey(dict, name, len) \
- (((dict)->size == MIN_DICT_SIZE) ? \
- xmlDictComputeFastKey(name, len) : \
- xmlDictComputeBigKey(name, len))
-
-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
- (((prefix) == NULL) ? \
- (xmlDictComputeKey(dict, name, len)) : \
- (((dict)->size == MIN_DICT_SIZE) ? \
- xmlDictComputeFastQKey(prefix, plen, name, len) : \
- xmlDictComputeBigQKey(prefix, plen, name, len)))
+#define xmlDictComputeKey(dict, name, len) \
+ (((dict)->size == MIN_DICT_SIZE) ? \
+ xmlDictComputeFastKey(name, len, (dict)->seed) : \
+ xmlDictComputeBigKey(name, len, (dict)->seed))
+
+#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
+ (((prefix) == NULL) ? \
+ (xmlDictComputeKey(dict, name, len)) : \
+ (((dict)->size == MIN_DICT_SIZE) ? \
+ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed) : \
+ xmlDictComputeBigQKey(prefix, plen, name, len, (dict)->seed)))

#else /* !WITH_BIG_KEY */
-#define xmlDictComputeKey(dict, name, len) \
- xmlDictComputeFastKey(name, len)
-#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
- xmlDictComputeFastQKey(prefix, plen, name, len)
+#define xmlDictComputeKey(dict, name, len) \
+ xmlDictComputeFastKey(name, len, (dict)->seed)
+#define xmlDictComputeQKey(dict, prefix, plen, name, len) \
+ xmlDictComputeFastQKey(prefix, plen, name, len, (dict)->seed)
#endif /* WITH_BIG_KEY */

/*
@@ -98,6 +120,8 @@ struct _xmlDict {
xmlDictStringsPtr strings;

struct _xmlDict *subdict;
+ /* used for randomization */
+ int seed;
};

/*
@@ -125,6 +149,9 @@ static int xmlInitializeDict(void) {
if ((xmlDictMutex = xmlNewRMutex()) == NULL)
return(0);

+#ifdef DICT_RANDOMIZATION
+ srand(time(NULL));
+#endif
xmlDictInitialized = 1;
return(1);
}
@@ -277,13 +304,13 @@ found_pool:
*/

static uint32_t
-xmlDictComputeBigKey(const xmlChar* data, int namelen) {
+xmlDictComputeBigKey(const xmlChar* data, int namelen, int seed) {
uint32_t hash;
int i;

if (namelen <= 0 || data == NULL) return(0);

- hash = 0;
+ hash = seed;

for (i = 0;i < namelen; i++) {
hash += data[i];
@@ -310,12 +337,12 @@ xmlDictComputeBigKey(const xmlChar* data, int namelen) {
*/
static unsigned long
xmlDictComputeBigQKey(const xmlChar *prefix, int plen,
- const xmlChar *name, int len)
+ const xmlChar *name, int len, int seed)
{
uint32_t hash;
int i;

- hash = 0;
+ hash = seed;

for (i = 0;i < plen; i++) {
hash += prefix[i];
@@ -346,8 +373,8 @@ xmlDictComputeBigQKey(const xmlChar *prefix, int plen,
* for low hash table fill.
*/
static unsigned long
-xmlDictComputeFastKey(const xmlChar *name, int namelen) {
- unsigned long value = 0L;
+xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+ unsigned long value = seed;

if (name == NULL) return(0);
value = *name;
@@ -381,9 +408,9 @@ xmlDictComputeFastKey(const xmlChar *name, int namelen) {
*/
static unsigned long
xmlDictComputeFastQKey(const xmlChar *prefix, int plen,
- const xmlChar *name, int len)
+ const xmlChar *name, int len, int seed)
{
- unsigned long value = 0L;
+ unsigned long value = (unsigned long) seed;

if (plen == 0)
value += 30 * (unsigned long) ':';
@@ -460,6 +487,11 @@ xmlDictCreate(void) {
dict->subdict = NULL;
if (dict->dict) {
memset(dict->dict, 0, MIN_DICT_SIZE * sizeof(xmlDictEntry));
+#ifdef DICT_RANDOMIZATION
+ dict->seed = rand();
+#else
+ dict->seed = 0;
+#endif
return(dict);
}
xmlFree(dict);
@@ -486,6 +518,7 @@ xmlDictCreateSub(xmlDictPtr sub) {
#ifdef DICT_DEBUG_PATTERNS
fprintf(stderr, "R");
#endif
+ dict->seed = sub->seed;
dict->subdict = sub;
xmlDictReference(dict->subdict);
}
diff --git a/hash.c b/hash.c
index b78bc2d..fe1424f 100644
--- a/hash.c
+++ b/hash.c
@@ -3,7 +3,7 @@
*
* Reference: Your favorite introductory book on algorithms
*
- * Copyright (C) 2000 Bjorn Reese and Daniel Veillard.
+ * Copyright (C) 2000,2012 Bjorn Reese and Daniel Veillard.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -21,6 +21,22 @@
#include "libxml.h"

#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+/*
+ * Following http://www.ocert.org/advisories/ocert-2011-003.html
+ * it seems that having hash randomization might be a good idea
+ * when using XML with untrusted data
+ */
+#if defined(HAVE_RAND) && defined(HAVE_SRAND) && defined(HAVE_TIME)
+#define HASH_RANDOMIZATION
+#endif
+
#include <libxml/parser.h>
#include <libxml/hash.h>
#include <libxml/xmlmemory.h>
@@ -31,6 +47,10 @@

/* #define DEBUG_GROW */

+#ifdef HASH_RANDOMIZATION
+static int hash_initialized = 0;
+#endif
+
/*
* A single entry in the hash table
*/
@@ -53,6 +73,9 @@ struct _xmlHashTable {
int size;
int nbElems;
xmlDictPtr dict;
+#ifdef HASH_RANDOMIZATION
+ int random_seed;
+#endif
};

/*
@@ -65,6 +88,9 @@ xmlHashComputeKey(xmlHashTablePtr table, const xmlChar *name,
unsigned long value = 0L;
char ch;

+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (name != NULL) {
value += 30 * (*name);
while ((ch = *name++) != 0) {
@@ -92,6 +118,9 @@ xmlHashComputeQKey(xmlHashTablePtr table,
unsigned long value = 0L;
char ch;

+#ifdef HASH_RANDOMIZATION
+ value = table->random_seed;
+#endif
if (prefix != NULL)
value += 30 * (*prefix);
else
@@ -156,6 +185,13 @@ xmlHashCreate(int size) {
table->table = xmlMalloc(size * sizeof(xmlHashEntry));
if (table->table) {
memset(table->table, 0, size * sizeof(xmlHashEntry));
+#ifdef HASH_RANDOMIZATION
+ if (!hash_initialized) {
+ srand(time(NULL));
+ hash_initialized = 1;
+ }
+ table->random_seed = rand();
+#endif
return(table);
}
xmlFree(table);
--
cgit v0.9.0.2

--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages