Bug#689818: unblock: xml-light/2.2-15

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#689818: unblock: xml-light/2.2-15
From: Mehdi Dogguy <mehdi@debian.org>
Date: Sat, 06 Oct 2012 18:50:54 +0200
Message-id: <[🔎] 20121006165054.5120.52879.reportbug@potassium>
Reply-to: Mehdi Dogguy <mehdi@debian.org>, 689818@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package xml-light.

xml-light/2.2-15 fixes a security issue (namely CVE-2012-3514). It
changed an internal datastructure from a Hash table to a Map to avoid
hash collision attacks.

This upload required the rebuild of its reverse dependencies because
ABI changed. AFAIK, all r-deps were rebuilt sucessfully.

Debdiff between -14 and -15 is attached for your convenience.

unblock xml-light/2.2-15

Regards,

-- 
Mehdi

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru xml-light-2.2/debian/changelog xml-light-2.2/debian/changelog
--- xml-light-2.2/debian/changelog	2012-06-07 13:55:42.000000000 +0200
+++ xml-light-2.2/debian/changelog	2012-10-05 15:31:52.000000000 +0200
@@ -1,3 +1,14 @@
+xml-light (2.2-15) unstable; urgency=low
+
+  [ Sylvain Le Gall ]
+  * Remove Sylvain Le Gall from uploaders
+
+  [ Mehdi Dogguy ]
+  * Fix CVE-2012-3514 (Closes: #685584).
+    - add 06_CVE-2012-3514.diff
+
+ -- Mehdi Dogguy <mehdi@debian.org>  Fri, 05 Oct 2012 15:31:52 +0200
+
 xml-light (2.2-14) unstable; urgency=low
 
   * Do not try to install the .cmxs plugin on architectures where
diff -Nru xml-light-2.2/debian/control xml-light-2.2/debian/control
--- xml-light-2.2/debian/control	2012-06-05 16:38:56.000000000 +0200
+++ xml-light-2.2/debian/control	2012-10-01 14:40:35.000000000 +0200
@@ -3,7 +3,6 @@
 Priority: optional
 Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
 Uploaders:
- Sylvain Le Gall <gildor@debian.org>,
  Mehdi Dogguy <mehdi@debian.org>
 Build-Depends:
  cdbs (>= 0.4.23-1.1),
diff -Nru xml-light-2.2/debian/patches/06_CVE-2012-3514.diff xml-light-2.2/debian/patches/06_CVE-2012-3514.diff
--- xml-light-2.2/debian/patches/06_CVE-2012-3514.diff	1970-01-01 01:00:00.000000000 +0100
+++ xml-light-2.2/debian/patches/06_CVE-2012-3514.diff	2012-10-01 15:40:17.000000000 +0200
@@ -0,0 +1,153 @@
+--- a/dtd.ml
++++ b/dtd.ml
+@@ -93,16 +93,18 @@
+ 
+ type dtd = dtd_item list
+ 
+-type ('a,'b) hash = ('a,'b) Hashtbl.t
++module StringMap = Map.Make(String)
++
++type 'a map = 'a StringMap.t ref
+ 
+ type checked = {
+-	c_elements : (string,dtd_element_type) hash;
+-	c_attribs : (string,(string,(dtd_attr_type * dtd_attr_default)) hash) hash;
++	c_elements : dtd_element_type map;
++	c_attribs : (dtd_attr_type * dtd_attr_default) map map;
+ }
+ 
+ type dtd_state = {
+-	elements : (string,dtd_element_type) hash;
+-	attribs : (string,(string,(dtd_attr_type * dtd_attr_default)) hash) hash;
++	elements : dtd_element_type map;
++	attribs : (dtd_attr_type * dtd_attr_default) map map;
+ 	mutable current : dtd_element_type;
+ 	mutable curtag : string;
+ 	state : (string * dtd_element_type) Stack.t;
+@@ -113,7 +115,21 @@
+ let _raises e =
+ 	file_not_found := e
+ 
+-let empty_hash = Hashtbl.create 0
++let create_map() = ref StringMap.empty
++
++let empty_map = create_map()
++
++let find_map m k = StringMap.find k (!m)
++
++let set_map m k v = m := StringMap.add k v (!m)
++
++let unset_map m k = m := StringMap.remove k (!m)
++
++let iter_map f m = StringMap.iter f (!m)
++
++let fold_map f m = StringMap.fold f (!m)
++
++let mem_map m k = StringMap.mem k (!m)
+ 
+ let pos source =
+ 	let line, lstart, min, max = Xml_lexer.pos source in
+@@ -158,45 +174,45 @@
+ 			raise e
+ 
+ let check dtd =
+-	let attribs = Hashtbl.create 0 in
+-	let hdone = Hashtbl.create 0 in
+-	let htodo = Hashtbl.create 0 in
++	let attribs = create_map () in
++	let hdone = create_map () in
++	let htodo = create_map () in
+ 	let ftodo tag from =
+ 		try
+-			ignore(Hashtbl.find hdone tag);
++			ignore(find_map hdone tag);
+ 		with
+ 			Not_found ->
+ 				try
+-					match Hashtbl.find htodo tag with
+-					| None -> Hashtbl.replace htodo tag from
++					match find_map htodo tag with
++					| None -> set_map htodo tag from
+ 					| Some _ -> ()
+ 				with
+ 					Not_found ->
+-						Hashtbl.add htodo tag from
++						set_map htodo tag from
+ 	in
+ 	let fdone tag edata =
+ 		try 
+-			ignore(Hashtbl.find hdone tag);
++			ignore(find_map hdone tag);
+ 			raise (Check_error (ElementDefinedTwice tag));
+ 		with
+ 			Not_found ->
+-				Hashtbl.remove htodo tag;
+-				Hashtbl.add hdone tag edata
++				unset_map htodo tag;
++				set_map hdone tag edata
+ 	in
+ 	let fattrib tag aname adata =
+ 		let h = (try
+-				Hashtbl.find attribs tag
++				find_map attribs tag
+ 			with
+ 				Not_found ->
+-					let h = Hashtbl.create 1 in
+-					Hashtbl.add attribs tag h;
++					let h = create_map () in
++					set_map attribs tag h;
+ 					h) in
+ 		try
+-			ignore(Hashtbl.find h aname);
++			ignore(find_map h aname);
+ 			raise (Check_error (AttributeDefinedTwice (tag,aname)));
+ 		with
+ 			Not_found ->
+-				Hashtbl.add h aname adata
++				set_map h aname adata
+ 	in
+ 	let check_item = function
+ 		| DTDAttribute (tag,aname,atype,adef) ->
+@@ -229,7 +245,7 @@
+ 			check_type etype
+ 	in
+ 	List.iter check_item dtd;
+-	Hashtbl.iter (fun t from ->
++	iter_map (fun t from ->
+ 		match from with
+ 		| None -> raise (Check_error (ElementNotDeclared t))
+ 		| Some tag -> raise (Check_error (ElementReferenced (t,tag)))
+@@ -248,7 +264,7 @@
+ 		curtag = "_root";
+ 	} in
+ 	try
+-		ignore(Hashtbl.find d.elements (String.uppercase root));
++		ignore(find_map d.elements (String.uppercase root));
+ 		d
+ 	with
+ 		Not_found -> raise (Check_error (ElementNotDeclared root))
+@@ -365,7 +381,7 @@
+ 
+ let check_attrib ahash (aname,_) =
+ 	try
+-		ignore(Hashtbl.find ahash aname);
++		ignore(find_map ahash aname);
+ 	with
+ 		Not_found -> raise (Prove_error (UnexpectedAttribute aname))
+ 
+@@ -378,12 +394,12 @@
+ 		let uattr = List.map (fun (aname,aval) -> String.uppercase aname , aval) attr in
+ 		prove_child dtd (Some utag);
+ 		Stack.push (dtd.curtag,dtd.current) dtd.state;
+-		let elt = (try Hashtbl.find dtd.elements utag with Not_found -> raise (Prove_error (UnexpectedTag tag))) in
+-		let ahash = (try Hashtbl.find dtd.attribs utag with Not_found -> empty_hash) in
++		let elt = (try find_map dtd.elements utag with Not_found -> raise (Prove_error (UnexpectedTag tag))) in
++		let ahash = (try find_map dtd.attribs utag with Not_found -> empty_map) in
+ 		dtd.curtag <- tag;
+ 		dtd.current <- elt;
+ 		List.iter (check_attrib ahash) uattr;
+-		let attr = Hashtbl.fold (prove_attrib dtd uattr) ahash [] in
++		let attr = fold_map (prove_attrib dtd uattr) ahash [] in
+ 		let childs = ref (List.map (do_prove dtd) childs) in
+ 		(match dtd.current with
+ 		| DTDAny
diff -Nru xml-light-2.2/debian/patches/series xml-light-2.2/debian/patches/series
--- xml-light-2.2/debian/patches/series	2012-06-05 16:38:56.000000000 +0200
+++ xml-light-2.2/debian/patches/series	2012-10-01 14:41:10.000000000 +0200
@@ -3,3 +3,4 @@
 03_cflags.diff
 04_dtd_trace.diff
 05_cmxs_plugin.diff
+06_CVE-2012-3514.diff

Reply to:

Follow-Ups:
- Bug#689818: marked as done (unblock: xml-light/2.2-15)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#689814: unblock: gnuradio/3.6.1-1
Next by Date: Re: Freeze exception for csound
Previous by thread: Bug#689814: unblock: gnuradio/3.6.1-1
Next by thread: Bug#689818: marked as done (unblock: xml-light/2.2-15)
Index(es):
- Date
- Thread