diff --git a/CHANGELOG.md b/CHANGELOG.md index dc982b455d9..6bafc34c243 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ This release ends support for: * JRuby 1.7, for which [official support ended on 2017-11-21](https://github.com/jruby/jruby/issues/4112) [#1741] +### Dependencies + +* [MRI] libxml2 is updated from 2.9.8 to 2.9.9 +* [MRI] libxslt is updated from 1.1.32 to 1.1.33 + + ## 1.9.1 / 2018-12-17 ### Bug fixes diff --git a/Manifest.txt b/Manifest.txt index 92408ccc879..8dd19b9223b 100644 --- a/Manifest.txt +++ b/Manifest.txt @@ -234,5 +234,3 @@ lib/xercesImpl.jar lib/xml-apis.jar lib/xsd/xmlparser/nokogiri.rb patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch -patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch -patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch diff --git a/dependencies.yml b/dependencies.yml index fbf5e249d5c..533bfd26315 100644 --- a/dependencies.yml +++ b/dependencies.yml @@ -1,56 +1,59 @@ libxml2: - version: "2.9.8" - sha256: "0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732" - # manually verified checksum: + version: "2.9.9" + sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871" + # manually verified checksum: # - # $ gpg --verify libxml2-2.9.8.tar.gz.asc ./ports/archives/libxml2-2.9.8.tar.gz - # gpg: Signature made Mon 05 Mar 2018 11:07:45 AM EST using RSA key ID 596BEA5D - # gpg: Good signature from "Daniel Veillard (Red Hat work email) " - # gpg: aka "Daniel Veillard " - # gpg: WARNING: This key is not certified with a trusted signature! - # gpg: There is no indication that the signature belongs to the owner. - # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F - # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D + # $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz + # gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST + # gpg: using RSA key 15588B26596BEA5D + # gpg: Good signature from "Daniel Veillard (Red Hat work email) " [unknown] + # gpg: aka "Daniel Veillard " [unknown] + # gpg: WARNING: This key is not certified with a trusted signature! + # gpg: There is no indication that the signature belongs to the owner. + # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F + # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D # - # using this pgp signature: - # -----BEGIN PGP SIGNATURE----- + # using this pgp signature: # - # iQEcBAABAgAGBQJanWtRAAoJEBVYiyZZa+pdV7oIAJWdFahwt+reN/Zt2RPmjjcr - # eSsY7UV1RXjScnNjTzJT1h2hJ7SnUjCkqjR6VdtKDUIzpuX+S2U83joafJH6mxUb - # yw2nO4RfjYTPxpz5JkvqT7jmgEIaD81BuwcMehqpMpIfiKa2NgO1DSfZxgs8a9E2 - # +ehc/kZWuI5gmNGrd84EEWUqpYW/Xx7jy02osioJuU5IMPjzZKNR3maXp9oAKeBc - # S2QNa1ID/pUk3K3M/5nlwNgAtQ7lxQrqhrSma2dsKt/IpL6VXomxuD4Bh1r2MZhX - # uZ456X/xJN8UmPewLZWGBU1MK9wqu3Zx5Qwz64H6UdlYIzXZ2jXj2YWZa6xkxPA= - # =69xn - # -----END PGP SIGNATURE----- + # -----BEGIN PGP SIGNATURE----- + # + # iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/ + # YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU + # Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z + # 9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn + # hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2 + # sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw== + # =4qWg + # -----END PGP SIGNATURE----- # libxslt: - version: "1.1.32" - sha256: "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460" - # manually verified checksum: + version: "1.1.33" + sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8" + # manually verified checksum: # - # $ gpg --verify libxslt-1.1.32.tar.gz.asc libxslt-1.1.32.tar.gz - # gpg: Signature made Thu 02 Nov 2017 04:35:04 PM EDT using RSA key ID 596BEA5D - # gpg: Good signature from "Daniel Veillard (Red Hat work email) " - # gpg: aka "Daniel Veillard " - # gpg: WARNING: This key is not certified with a trusted signature! - # gpg: There is no indication that the signature belongs to the owner. - # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F - # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D + # $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz + # gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST + # gpg: using RSA key 15588B26596BEA5D + # gpg: Good signature from "Daniel Veillard (Red Hat work email) " [unknown] + # gpg: aka "Daniel Veillard " [unknown] + # gpg: WARNING: This key is not certified with a trusted signature! + # gpg: There is no indication that the signature belongs to the owner. + # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F + # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D # - # using this pgp signature: + # using this pgp signature: # - # -----BEGIN PGP SIGNATURE----- + # -----BEGIN PGP SIGNATURE----- # - # iQEcBAABAgAGBQJZ+4F4AAoJEBVYiyZZa+pdy1IIAMX1DpzYGdnv6GCPSKeZ0woD - # sHmSkygJep0/sUQD1cYunNsNZnGDgWhnsLAvHOn3opJgsiaZhmhJ8Uo7QNlT+ni1 - # AvRFgQoSXLWSF5kkun4u7RvnpDI6jYfCuYSwb9SO4EAYFAQQJXQaKCeFq71gad+p - # XGHJFAy2TqUVLNZ5I1mQz/oBeDsJ7RzHpYqaBxsLDqrCzRQ9ai23q+dFGS3jvLBr - # 0gXw0MK73ceOwW12L5aLj4erNbATWmMFMDYZZwftysv3bgx2YfiOoZUTzufrB/Bc - # MG8hP76aYBwIKNbhiDFGa2qdHGZGF7YQ4mi1/ZDX1K1G2tKKeEYxscM13JwiGb8= - # =NuQO - # -----END PGP SIGNATURE----- + # iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8 + # 407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf + # mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4 + # BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL + # QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs + # sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w= + # =iAm8 + # -----END PGP SIGNATURE----- # zlib: diff --git a/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch b/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch deleted file mode 100644 index 1345c0c8ce9..00000000000 --- a/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch +++ /dev/null @@ -1,54 +0,0 @@ -From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Mon, 30 Jul 2018 12:54:38 +0200 -Subject: [PATCH] Fix nullptr deref with XPath logic ops - -If the XPath stack is corrupted, for example by a misbehaving extension -function, the "and" and "or" XPath operators could dereference NULL -pointers. Check that the XPath stack isn't empty and optimize the -logic operators slightly. - -Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5 - -Also see -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 -https://bugzilla.redhat.com/show_bug.cgi?id=1595985 - -This is CVE-2018-14404. - -Thanks to Guy Inbar for the report. ---- - xpath.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/xpath.c b/xpath.c -index 3fae0bf..5e3bb9f 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - return(0); - } - xmlXPathBooleanFunction(ctxt, 1); -- arg1 = valuePop(ctxt); -- arg1->boolval &= arg2->boolval; -- valuePush(ctxt, arg1); -+ if (ctxt->value != NULL) -+ ctxt->value->boolval &= arg2->boolval; - xmlXPathReleaseObject(ctxt->context, arg2); - return (total); - case XPATH_OP_OR: -@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - return(0); - } - xmlXPathBooleanFunction(ctxt, 1); -- arg1 = valuePop(ctxt); -- arg1->boolval |= arg2->boolval; -- valuePush(ctxt, arg1); -+ if (ctxt->value != NULL) -+ ctxt->value->boolval |= arg2->boolval; - xmlXPathReleaseObject(ctxt->context, arg2); - return (total); - case XPATH_OP_EQUAL: --- -2.17.1 - diff --git a/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch b/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch deleted file mode 100644 index e5a4ce8b7ea..00000000000 --- a/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Mon, 30 Jul 2018 13:14:11 +0200 -Subject: [PATCH] Fix infinite loop in LZMA decompression -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Check the liblzma error code more thoroughly to avoid infinite loops. - -Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 -Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 - -This is CVE-2018-9251 and CVE-2018-14567. - -Thanks to Dongliang Mu and Simon Wörner for the reports. ---- - xzlib.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/xzlib.c b/xzlib.c -index a839169..0ba88cf 100644 ---- a/xzlib.c -+++ b/xzlib.c -@@ -562,6 +562,10 @@ xz_decomp(xz_statep state) - "internal error: inflate stream corrupt"); - return -1; - } -+ /* -+ * FIXME: Remapping a couple of error codes and falling through -+ * to the LZMA error handling looks fragile. -+ */ - if (ret == Z_MEM_ERROR) - ret = LZMA_MEM_ERROR; - if (ret == Z_DATA_ERROR) -@@ -587,6 +591,11 @@ xz_decomp(xz_statep state) - xz_error(state, LZMA_PROG_ERROR, "compression error"); - return -1; - } -+ if ((state->how != GZIP) && -+ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) { -+ xz_error(state, ret, "lzma error"); -+ return -1; -+ } - } while (strm->avail_out && ret != LZMA_STREAM_END); - - /* update available output and crc check value */ --- -2.17.1 -