untrusted comment: verify with openbsd-75-base.pub
RWRGj1pRpprAfqoyYxBWo8dRSTUNMBPLW/kL6q39+70VUtFbrHPU03TGh4SLB+ntXGOzrhlAXHV6daJ0NAmt/rwHJhdMLoxjwwc=
OpenBSD 7.5 errata 021, April 1, 2025:
In libexpat fix regression of behavior introduced by previous errata.
Apply by doing:
signify -Vep /etc/signify/openbsd-75-base.pub -x 021_expat.patch.sig \
-m - | (cd /usr/src && patch -p0)
And then rebuild and install libexpat:
cd /usr/src/lib/libexpat
make obj
make
make install
Index: lib/libexpat/Changes
===================================================================
RCS file: /cvs/src/lib/libexpat/Changes,v
diff -u -p -r1.24.4.3 Changes
--- lib/libexpat/Changes 16 Mar 2025 21:28:30 -0000 1.24.4.3
+++ lib/libexpat/Changes 29 Mar 2025 21:36:33 -0000
@@ -2,6 +2,19 @@ NOTE: We are looking for help with a few
https://github.com/libexpat/libexpat/labels/help%20wanted
If you can help, please get in touch. Thanks!
+ Bug fixes:
+ #980 #989 Restore event pointer behavior from Expat 2.6.4
+ (that the fix to CVE-2024-8176 changed in 2.7.0);
+ affected API functions are:
+ - XML_GetCurrentByteCount
+ - XML_GetCurrentByteIndex
+ - XML_GetCurrentColumnNumber
+ - XML_GetCurrentLineNumber
+ - XML_GetInputContext
+
+ Other changes:
+ #986 Address compiler warnings
+
Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
Index: lib/libexpat/lib/xmlparse.c
===================================================================
RCS file: /cvs/src/lib/libexpat/lib/xmlparse.c,v
diff -u -p -r1.37.2.3 xmlparse.c
--- lib/libexpat/lib/xmlparse.c 16 Mar 2025 21:28:30 -0000 1.37.2.3
+++ lib/libexpat/lib/xmlparse.c 29 Mar 2025 21:36:33 -0000
@@ -1,4 +1,4 @@
-/* 7d6840a33c250b74adb0ba295d6ec818dccebebaffc8c3ed27d0b29c28adbeb3 (2.7.0+)
+/* d19ae032c224863c1527ba44d228cc34b99192c3a4c5a27af1f4e054d45ee031 (2.7.1+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -3391,12 +3391,13 @@ doContent(XML_Parser parser, int startTa
break;
/* LCOV_EXCL_STOP */
}
- *eventPP = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ *eventPP = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ *eventPP = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -3405,6 +3406,7 @@ doContent(XML_Parser parser, int startTa
}
/* Fall through */
default:;
+ *eventPP = s = next;
}
}
/* not reached */
@@ -4321,12 +4323,13 @@ doCdataSection(XML_Parser parser, const
/* LCOV_EXCL_STOP */
}
- *eventPP = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ *eventPP = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ *eventPP = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -4334,6 +4337,7 @@ doCdataSection(XML_Parser parser, const
}
/* Fall through */
default:;
+ *eventPP = s = next;
}
}
/* not reached */
@@ -5940,12 +5944,13 @@ epilogProcessor(XML_Parser parser, const
default:
return XML_ERROR_JUNK_AFTER_DOC_ELEMENT;
}
- parser->m_eventPtr = s = next;
switch (parser->m_parsingStatus.parsing) {
case XML_SUSPENDED:
+ parser->m_eventPtr = next;
*nextPtr = next;
return XML_ERROR_NONE;
case XML_FINISHED:
+ parser->m_eventPtr = next;
return XML_ERROR_ABORTED;
case XML_PARSING:
if (parser->m_reenter) {
@@ -5953,6 +5958,7 @@ epilogProcessor(XML_Parser parser, const
}
/* Fall through */
default:;
+ parser->m_eventPtr = s = next;
}
}
}
@@ -8237,7 +8243,7 @@ entityTrackingReportStats(XML_Parser roo
(void *)rootParser, rootParser->m_entity_stats.countEverOpened,
rootParser->m_entity_stats.currentDepth,
rootParser->m_entity_stats.maximumDepthSeen,
- (rootParser->m_entity_stats.currentDepth - 1) * 2, "",
+ ((int)rootParser->m_entity_stats.currentDepth - 1) * 2, "",
entity->is_param ? "%" : "&", entityName, action, entity->textLen,
sourceLine);
}
