nokogiri-xmlsec1 0.0.9 → 0.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 480d2aacdc8aaf3e5885945aa51c49509790083e
-  data.tar.gz: 0bd358a656ac2be93af6d5f078c0077a8cd25616
+  metadata.gz: fbe7884984dbb37a83b95a004e02963912977abe
+  data.tar.gz: ed73522eadca8444485de6b65187534382d5cab3
 SHA512:
-  metadata.gz: 7c88706085f9dd39e0b99cf244031caec109f450fcf43c0f0a40f70b0816b98e868e1c32df8af43d36d29282aa57b6a4225cb99fcf73bc92b7e43e161a673194
-  data.tar.gz: 646efcd3a351ac058eceddb3f10d743cf2caed80bb1b1bb0b81f13c60f5c3b1ebec853025cec00cd563295294b70eaa72e573c1b5aaa70bc9ca0c96e65989ee8
+  metadata.gz: 8a5bc53ced634554cd98476cc26cd51629aeca44624ceec5db0fa37aefe9bdd3231f6e3637f8a91bc9178a7e78dfd33b75cf59666e39a91f8f9448baee7e305f
+  data.tar.gz: 2d9a17aee39594c252ef21675b432d469d081cd64abdf2bdde4707aa7b440fca937f789d9ae0124b571d0c73beb1530b96b9a58a79dbf16cf4c53467f057e7ba

data/dependencies.yml

@@ -1,3 +1,3 @@
-libxml2: "2.8.0"
+libxml2: "2.9.2"
 libxslt: "1.1.28"
 xmlsec1: "1.2.20"

data/lib/xmlsec/version.rb

@@ -1,3 +1,3 @@
 module Xmlsec
-  VERSION = '0.0.9'
+  VERSION = '0.0.10'
 end

data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch

@@ -0,0 +1,29 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: [PATCH] Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+---
+ parser.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ 	xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+-        xmlInitializeCatalog();
+-#endif
+ 	xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+     }
+-- 
+2.1.2
+

data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch

@@ -0,0 +1,31 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+      * far more secure as the parser will only process data coming from
+      * the document entity by default.
+      */
+-    if ((ent->checked == 0) &&
++    if (((ent->checked == 0) ||
++         ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+         ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+          (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ 	unsigned long oldnbent = ctxt->nbentities;
+-- 
+2.1.2
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri-xmlsec1
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.0.10
 platform: ruby
 authors:
 - Renan Mendes Carvalho
@@ -175,17 +175,8 @@ files:
 - lib/xmlsec.rb
 - lib/xmlsec/version.rb
 - nokogiri-xmlsec1.gemspec
-- ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch
-- ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch
-- ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch
-- ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch
-- ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch
-- ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch
-- ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch
-- ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch
-- ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch
-- ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch
-- ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch
+- ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch
+- ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch
 - ports/patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch
 - ports/patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch
 - ports/patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch

data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch

@@ -1,265 +0,0 @@
-From bc168aab5749acbe6630a29be4dcfabf0a81e2da Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 17 Jul 2012 16:19:17 +0800
-Subject: [PATCH 1/9] Fix parser local buffers size problems
-
-[Origin: 459eeb9dc752d5185f57ff6b135027f11981a626]
----
- parser.c | 74 +++++++++++++++++++++++++++++++++++++---------------------------
- 1 file changed, 43 insertions(+), 31 deletions(-)
-
-diff --git a/parser.c b/parser.c
-index 2c38fae..9863275 100644
---- a/parser.c
-+++ b/parser.c
-@@ -40,6 +40,7 @@
- #endif
- 
- #include <stdlib.h>
-+#include <limits.h>
- #include <string.h>
- #include <stdarg.h>
- #include <libxml/xmlmemory.h>
-@@ -117,10 +118,10 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
-  * parser option.
-  */
- static int
--xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
-+xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-                      xmlEntityPtr ent)
- {
--    unsigned long consumed = 0;
-+    size_t consumed = 0;
- 
-     if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
-         return (0);
-@@ -2589,15 +2590,17 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
- 
- /*
-  * Macro used to grow the current buffer.
-+ * buffer##_size is expected to be a size_t
-+ * mem_error: is expected to handle memory allocation failures
-  */
- #define growBuffer(buffer, n) {						\
-     xmlChar *tmp;							\
--    buffer##_size *= 2;							\
--    buffer##_size += n;							\
--    tmp = (xmlChar *)							\
--		xmlRealloc(buffer, buffer##_size * sizeof(xmlChar));	\
-+    size_t new_size = buffer##_size * 2 + n;                            \
-+    if (new_size < buffer##_size) goto mem_error;                       \
-+    tmp = (xmlChar *) xmlRealloc(buffer, new_size);                     \
-     if (tmp == NULL) goto mem_error;					\
-     buffer = tmp;							\
-+    buffer##_size = new_size;                                           \
- }
- 
- /**
-@@ -2623,14 +2626,14 @@ xmlChar *
- xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		      int what, xmlChar end, xmlChar  end2, xmlChar end3) {
-     xmlChar *buffer = NULL;
--    int buffer_size = 0;
-+    size_t buffer_size = 0;
-+    size_t nbchars = 0;
- 
-     xmlChar *current = NULL;
-     xmlChar *rep = NULL;
-     const xmlChar *last;
-     xmlEntityPtr ent;
-     int c,l;
--    int nbchars = 0;
- 
-     if ((ctxt == NULL) || (str == NULL) || (len < 0))
- 	return(NULL);
-@@ -2647,7 +2650,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
-      * allocate a translation buffer.
-      */
-     buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
--    buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
-+    buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
-     if (buffer == NULL) goto mem_error;
- 
-     /*
-@@ -2667,7 +2670,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	    if (val != 0) {
- 		COPY_BUF(0,buffer,nbchars,val);
- 	    }
--	    if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
-+	    if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- 	        growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 	    }
- 	} else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
-@@ -2685,7 +2688,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
- 		if (ent->content != NULL) {
- 		    COPY_BUF(0,buffer,nbchars,ent->content[0]);
--		    if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
-+		    if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- 			growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 		    }
- 		} else {
-@@ -2702,8 +2705,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    current = rep;
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
--			if (nbchars >
--		            buffer_size - XML_PARSER_BUFFER_SIZE) {
-+			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- 			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
- 				goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-@@ -2717,7 +2719,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		const xmlChar *cur = ent->name;
- 
- 		buffer[nbchars++] = '&';
--		if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
-+		if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
- 		    growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
- 		}
- 		for (;i > 0;i--)
-@@ -2745,8 +2747,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    current = rep;
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
--			if (nbchars >
--		            buffer_size - XML_PARSER_BUFFER_SIZE) {
-+			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- 			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
- 			        goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-@@ -2759,8 +2760,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	} else {
- 	    COPY_BUF(l,buffer,nbchars,c);
- 	    str += l;
--	    if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
--	      growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-+	    if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
-+	        growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 	    }
- 	}
- 	if (str < last)
-@@ -3764,8 +3765,8 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-     xmlChar limit = 0;
-     xmlChar *buf = NULL;
-     xmlChar *rep = NULL;
--    int len = 0;
--    int buf_size = 0;
-+    size_t len = 0;
-+    size_t buf_size = 0;
-     int c, l, in_space = 0;
-     xmlChar *current = NULL;
-     xmlEntityPtr ent;
-@@ -3787,7 +3788,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-      * allocate a translation buffer.
-      */
-     buf_size = XML_PARSER_BUFFER_SIZE;
--    buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
-+    buf = (xmlChar *) xmlMallocAtomic(buf_size);
-     if (buf == NULL) goto mem_error;
- 
-     /*
-@@ -3804,7 +3805,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 
- 		if (val == '&') {
- 		    if (ctxt->replaceEntities) {
--			if (len > buf_size - 10) {
-+			if (len + 10 > buf_size) {
- 			    growBuffer(buf, 10);
- 			}
- 			buf[len++] = '&';
-@@ -3813,7 +3814,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 			 * The reparsing will be done in xmlStringGetNodeList()
- 			 * called by the attribute() function in SAX.c
- 			 */
--			if (len > buf_size - 10) {
-+			if (len + 10 > buf_size) {
- 			    growBuffer(buf, 10);
- 			}
- 			buf[len++] = '&';
-@@ -3823,7 +3824,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 			buf[len++] = ';';
- 		    }
- 		} else if (val != 0) {
--		    if (len > buf_size - 10) {
-+		    if (len + 10 > buf_size) {
- 			growBuffer(buf, 10);
- 		    }
- 		    len += xmlCopyChar(0, &buf[len], val);
-@@ -3835,7 +3836,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 		    ctxt->nbentities += ent->owner;
- 		if ((ent != NULL) &&
- 		    (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
--		    if (len > buf_size - 10) {
-+		    if (len + 10 > buf_size) {
- 			growBuffer(buf, 10);
- 		    }
- 		    if ((ctxt->replaceEntities == 0) &&
-@@ -3863,7 +3864,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-                                     current++;
-                                 } else
-                                     buf[len++] = *current++;
--				if (len > buf_size - 10) {
-+				if (len + 10 > buf_size) {
- 				    growBuffer(buf, 10);
- 				}
- 			    }
-@@ -3871,7 +3872,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 			    rep = NULL;
- 			}
- 		    } else {
--			if (len > buf_size - 10) {
-+			if (len + 10 > buf_size) {
- 			    growBuffer(buf, 10);
- 			}
- 			if (ent->content != NULL)
-@@ -3899,7 +3900,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 		     * Just output the reference
- 		     */
- 		    buf[len++] = '&';
--		    while (len > buf_size - i - 10) {
-+		    while (len + i + 10 > buf_size) {
- 			growBuffer(buf, i + 10);
- 		    }
- 		    for (;i > 0;i--)
-@@ -3912,7 +3913,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 	        if ((len != 0) || (!normalize)) {
- 		    if ((!normalize) || (!in_space)) {
- 			COPY_BUF(l,buf,len,0x20);
--			while (len > buf_size - 10) {
-+			while (len + 10 > buf_size) {
- 			    growBuffer(buf, 10);
- 			}
- 		    }
-@@ -3921,7 +3922,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- 	    } else {
- 	        in_space = 0;
- 		COPY_BUF(l,buf,len,c);
--		if (len > buf_size - 10) {
-+		if (len + 10 > buf_size) {
- 		    growBuffer(buf, 10);
- 		}
- 	    }
-@@ -3946,7 +3947,18 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-         }
-     } else
- 	NEXT;
--    if (attlen != NULL) *attlen = len;
-+
-+    /*
-+     * There we potentially risk an overflow, don't allow attribute value of
-+     * lenght more than INT_MAX it is a very reasonnable assumption !
-+     */
-+    if (len >= INT_MAX) {
-+        xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
-+                       "AttValue lenght too long\n");
-+        goto mem_error;
-+    }
-+
-+    if (attlen != NULL) *attlen = (int) len;
-     return(buf);
- 
- mem_error:
--- 
-1.8.4.1
-

data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch

@@ -1,102 +0,0 @@
-From 64d7de23165b706510f4ce4f29d96552eeb257d7 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Wed, 18 Jul 2012 11:38:17 +0800
-Subject: [PATCH 2/9] Fix entities local buffers size problems
-
-[Origin: 4f9fdc709c4861c390cd84e2ed1fd878b3442e28]
----
- entities.c | 36 +++++++++++++++++++++++-------------
- 1 file changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/entities.c b/entities.c
-index 6aef49f..859ec3b 100644
---- a/entities.c
-+++ b/entities.c
-@@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
-  * Macro used to grow the current buffer.
-  */
- #define growBufferReentrant() {						\
--    buffer_size *= 2;							\
--    buffer = (xmlChar *)						\
--    		xmlRealloc(buffer, buffer_size * sizeof(xmlChar));	\
--    if (buffer == NULL) {						\
--        xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\
--	return(NULL);							\
--    }									\
-+    xmlChar *tmp;                                                       \
-+    size_t new_size = buffer_size *= 2;                                 \
-+    if (new_size < buffer_size) goto mem_error;                         \
-+    tmp = (xmlChar *) xmlRealloc(buffer, new_size);	                \
-+    if (tmp == NULL) goto mem_error;                                    \
-+    buffer = tmp;							\
-+    buffer_size = new_size;						\
- }
- 
- 
-@@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     const xmlChar *cur = input;
-     xmlChar *buffer = NULL;
-     xmlChar *out = NULL;
--    int buffer_size = 0;
-+    size_t buffer_size = 0;
-     int html = 0;
- 
-     if (input == NULL) return(NULL);
-@@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     out = buffer;
- 
-     while (*cur != '\0') {
--        if (out - buffer > buffer_size - 100) {
--	    int indx = out - buffer;
-+        size_t indx = out - buffer;
-+        if (indx + 100 > buffer_size) {
- 
- 	    growBufferReentrant();
- 	    out = &buffer[indx];
-@@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
-     }
-     *out = 0;
-     return(buffer);
-+
-+mem_error:
-+    xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
-+    xmlFree(buffer);
-+    return(NULL);
- }
- 
- /**
-@@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     const xmlChar *cur = input;
-     xmlChar *buffer = NULL;
-     xmlChar *out = NULL;
--    int buffer_size = 0;
-+    size_t buffer_size = 0;
-     if (input == NULL) return(NULL);
- 
-     /*
-@@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     out = buffer;
- 
-     while (*cur != '\0') {
--        if (out - buffer > buffer_size - 10) {
--	    int indx = out - buffer;
-+        size_t indx = out - buffer;
-+        if (indx + 10 > buffer_size) {
- 
- 	    growBufferReentrant();
- 	    out = &buffer[indx];
-@@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
-     }
-     *out = 0;
-     return(buffer);
-+
-+mem_error:
-+    xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
-+    xmlFree(buffer);
-+    return(NULL);
- }
- 
- /**
--- 
-1.8.4.1
-