untrusted comment: verify with openbsd-75-base.pub
RWRGj1pRpprAfipoKgFCd+0OzLWfpp8JqOAR3LIHA4U4I8wQJcsblPv/NDpyHPB9e2fYe8YCR6f43ffhRBcPT74uUw+VLzymtwk=

OpenBSD 7.5 errata 014, November 15, 2024:

In libexpat fix crash within function XML_ResumeParser.  CVE-2024-50602

Apply by doing:
   signify -Vep /etc/signify/openbsd-75-base.pub -x 014_expat.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install libexpat:
   cd /usr/src/lib/libexpat
   make obj
   make
   make install

Index: lib/libexpat/Changes
===================================================================
RCS file: /cvs/src/lib/libexpat/Changes,v
diff -u -p -r1.24.4.1 Changes
--- lib/libexpat/Changes        9 Sep 2024 12:45:38 -0000       1.24.4.1
+++ lib/libexpat/Changes        12 Nov 2024 21:22:51 -0000
@@ -3,6 +3,15 @@ NOTE: We are looking for help with a few
      If you can help, please get in touch.  Thanks!

        Security fixes:
+            #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
+                    from a NULL pointer dereference by disallowing function
+                    XML_StopParser to (stop or) suspend an unstarted parser.
+                    // CWE-476 CWE-754
+
+        Other changes:
+            #914  Fix signedness of format strings
+
+        Security fixes:
       #887 #890  CVE-2024-45490 -- Calling function XML_ParseBuffer with
                    len < 0 without noticing and then calling XML_GetBuffer
                    will have XML_ParseBuffer fail to recognize the problem
Index: lib/libexpat/examples/element_declarations.c
===================================================================
RCS file: /cvs/src/lib/libexpat/examples/element_declarations.c,v
diff -u -p -r1.1 element_declarations.c
--- lib/libexpat/examples/element_declarations.c        11 Feb 2024 00:56:28 -0000      1.1
+++ lib/libexpat/examples/element_declarations.c        12 Nov 2024 21:22:51 -0000
@@ -15,6 +15,7 @@
   Copyright (c) 2016-2024 Sebastian Pipping <[email protected]>
   Copyright (c) 2017      Rhodri James <[email protected]>
   Copyright (c) 2019      Zhongyuan Zhou <[email protected]>
+   Copyright (c) 2024      Hanno Böck <[email protected]>
   Licensed under the MIT license:

   Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -127,15 +128,15 @@ dumpContentModelElement(const XML_Conten
  }

  // Node
-  printf("[%u] type=%s(%d), quant=%s(%d)", (unsigned)(model - root),
-         contentTypeName(model->type), model->type,
-         contentQuantName(model->quant), model->quant);
+  printf("[%u] type=%s(%u), quant=%s(%u)", (unsigned)(model - root),
+         contentTypeName(model->type), (unsigned int)model->type,
+         contentQuantName(model->quant), (unsigned int)model->quant);
  if (model->name) {
    printf(", name=\"%" XML_FMT_STR "\"", model->name);
  } else {
    printf(", name=NULL");
  }
-  printf(", numchildren=%d", model->numchildren);
+  printf(", numchildren=%u", model->numchildren);
  printf("\n");
}

Index: lib/libexpat/lib/xmlparse.c
===================================================================
RCS file: /cvs/src/lib/libexpat/lib/xmlparse.c,v
diff -u -p -r1.37.2.1 xmlparse.c
--- lib/libexpat/lib/xmlparse.c 9 Sep 2024 12:45:38 -0000       1.37.2.1
+++ lib/libexpat/lib/xmlparse.c 12 Nov 2024 21:22:52 -0000
@@ -1,4 +1,4 @@
-/* 628e24d4966bedbd4800f6ed128d06d29703765b4bce12d3b7f099f90f842fc9 (2.6.0+)
+/* c5625880f4bf417c1463deee4eb92d86ff413f802048621c57e25fe483eb59e4 (2.6.4+)
                            __  __            _
                         ___\ \/ /_ __   __ _| |_
                        / _ \\  /| '_ \ / _` | __|
@@ -39,6 +39,7 @@
   Copyright (c) 2022      Sean McBride <[email protected]>
   Copyright (c) 2023      Owain Davies <[email protected]>
   Copyright (c) 2023      Sony Corporation / Snild Dolkow <[email protected]>
+   Copyright (c) 2024      Hanno Böck <[email protected]>
   Licensed under the MIT license:

   Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -2225,6 +2226,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
  if (parser == NULL)
    return XML_STATUS_ERROR;
  switch (parser->m_parsingStatus.parsing) {
+  case XML_INITIALIZED:
+    parser->m_errorCode = XML_ERROR_FINISHED;
+    return XML_STATUS_ERROR;
  case XML_SUSPENDED:
    if (resumable) {
      parser->m_errorCode = XML_ERROR_SUSPENDED;
@@ -2235,7 +2239,7 @@ XML_StopParser(XML_Parser parser, XML_Bo
  case XML_FINISHED:
    parser->m_errorCode = XML_ERROR_FINISHED;
    return XML_STATUS_ERROR;
-  default:
+  case XML_PARSING:
    if (resumable) {
#ifdef XML_DTD
      if (parser->m_isParamEntity) {
@@ -2246,6 +2250,9 @@ XML_StopParser(XML_Parser parser, XML_Bo
      parser->m_parsingStatus.parsing = XML_SUSPENDED;
    } else
      parser->m_parsingStatus.parsing = XML_FINISHED;
+    break;
+  default:
+    assert(0);
  }
  return XML_STATUS_OK;
}
@@ -7852,7 +7859,7 @@ accountingReportDiff(XML_Parser rootPars
  assert(! rootParser->m_parentParser);

  fprintf(stderr,
-          " (+" EXPAT_FMT_PTRDIFF_T("6") " bytes %s|%d, xmlparse.c:%d) %*s\"",
+          " (+" EXPAT_FMT_PTRDIFF_T("6") " bytes %s|%u, xmlparse.c:%d) %*s\"",
          bytesMore, (account == XML_ACCOUNT_DIRECT) ? "DIR" : "EXP",
          levelsAwayFromRootParser, source_line, 10, "");

@@ -7965,7 +7972,7 @@ entityTrackingReportStats(XML_Parser roo

  fprintf(
      stderr,
-      "expat: Entities(%p): Count %9d, depth %2d/%2d %*s%s%s; %s length %d (xmlparse.c:%d)\n",
+      "expat: Entities(%p): Count %9u, depth %2u/%2u %*s%s%s; %s length %d (xmlparse.c:%d)\n",
      (void *)rootParser, rootParser->m_entity_stats.countEverOpened,
      rootParser->m_entity_stats.currentDepth,
      rootParser->m_entity_stats.maximumDepthSeen,

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.