Bug#928227: unblock: golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package golang-golang-x-net-dev
Upstream has provided patches addressing security issues
CVE-2018-17846 / CVE-2018-17847 / CVE-2018-17848
(Debian bug #911795).
This upload applies those patches.
$ debdiff golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-2.dsc golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-3.dsc
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog 2018-12-14 21:56:28.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog 2019-04-30 16:42:08.000000000 +0800
@@ -1,3 +1,13 @@
+golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-3) unstable; urgency=medium
+
+ * Team upload.
+ * Apply security patches (upstream commits). Closes: #911795.
+ - CVE-2018-17846: commit d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
+ - CVE-2018-17847, CVE-2018-17848:
+ commit 4b62a64f59f73840b9ab79204c94fee61cd1ba2c
+
+ -- Drew Parsons <dparsons@debian.org> Tue, 30 Apr 2019 16:42:08 +0800
+
golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-2) unstable; urgency=medium
* Remove obsolete patch for s390. Closes: #916236.
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch 1970-01-01 08:00:00.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch 2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,108 @@
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001
+From: Kunpei Sakai <namusyaka@gmail.com>
+Date: Tue, 25 Sep 2018 22:55:50 +0900
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest
+ spec
+
+Fixes golang/go#27842
+
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc
+Reviewed-on: https://go-review.googlesource.com/c/137275
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Nigel Tao <nigeltao@golang.org>
+---
+ html/parse.go | 28 ++++++++++++++++++++++------
+ html/parse_test.go | 3 ++-
+ html/testdata/go/select.dat | 12 ++++++++++++
+ 3 files changed, 36 insertions(+), 7 deletions(-)
+ create mode 100644 html/testdata/go/select.dat
+
+diff --git a/html/parse.go b/html/parse.go
+index 64a57937..488e8d3c 100644
+--- a/html/parse.go
++++ b/html/parse.go
+@@ -1719,8 +1719,12 @@ func inSelectIM(p *parser) bool {
+ }
+ p.addElement()
+ case a.Select:
+- p.tok.Type = EndTagToken
+- return false
++ if p.popUntil(selectScope, a.Select) {
++ p.resetInsertionMode()
++ } else {
++ // Ignore the token.
++ return true
++ }
+ case a.Input, a.Keygen, a.Textarea:
+ if p.elementInScope(selectScope, a.Select) {
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())
+@@ -1750,6 +1754,9 @@ func inSelectIM(p *parser) bool {
+ case a.Select:
+ if p.popUntil(selectScope, a.Select) {
+ p.resetInsertionMode()
++ } else {
++ // Ignore the token.
++ return true
+ }
+ case a.Template:
+ return inHeadIM(p)
+@@ -1775,13 +1782,22 @@ func inSelectInTableIM(p *parser) bool {
+ case StartTagToken, EndTagToken:
+ switch p.tok.DataAtom {
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())
+- return false
+- } else {
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {
+ // Ignore the token.
+ return true
+ }
++ // This is like p.popUntil(selectScope, a.Select), but it also
++ // matches <math select>, not just <select>. Matching the MathML
++ // tag is arguably incorrect (conceptually), but it mimics what
++ // Chromium does.
++ for i := len(p.oe) - 1; i >= 0; i-- {
++ if n := p.oe[i]; n.DataAtom == a.Select {
++ p.oe = p.oe[:i]
++ break
++ }
++ }
++ p.resetInsertionMode()
++ return false
+ }
+ }
+ return inSelectIM(p)
+diff --git a/html/parse_test.go b/html/parse_test.go
+index 1c232c71..9bba918c 100644
+--- a/html/parse_test.go
++++ b/html/parse_test.go
+@@ -367,7 +367,8 @@ var renderTestBlacklist = map[string]bool{
+ `<script><!--<script </s`: true,
+ // Reconstructing the active formatting elements results in a <plaintext>
+ // element that contains an <a> element.
+- `<!doctype html><p><a><plaintext>b`: true,
++ `<!doctype html><p><a><plaintext>b`: true,
++ `<table><math><select><mi><select></table>`: true,
+ }
+
+ func TestNodeConsistency(t *testing.T) {
+diff --git a/html/testdata/go/select.dat b/html/testdata/go/select.dat
+new file mode 100644
+index 00000000..684554c8
+--- /dev/null
++++ b/html/testdata/go/select.dat
+@@ -0,0 +1,12 @@
++#data
++<table><math><select><mi><select></table>
++#errors
++#document
++| <html>
++| <head>
++| <body>
++| <math math>
++| <math select>
++| <math mi>
++| <select>
++| <table>
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch 1970-01-01 08:00:00.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch 2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,67 @@
+From 4b62a64f59f73840b9ab79204c94fee61cd1ba2c Mon Sep 17 00:00:00 2001
+From: Kunpei Sakai <namusyaka@gmail.com>
+Date: Fri, 25 Jan 2019 02:28:59 +0900
+Subject: [PATCH] html: make (*nodeStack)contains distinguish namespace
+
+By proceeding without distinguishing namespace, inconsistency will
+occur.
+This commit makes the method distinguish the HTML namespace.
+
+Fixes golang/go#27846
+
+Change-Id: I8269f670240c0fe31162a16fbe1ac23acacec00f
+Reviewed-on: https://go-review.googlesource.com/c/159397
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Nigel Tao <nigeltao@golang.org>
+---
+ html/node.go | 2 +-
+ html/testdata/go/template.dat | 25 +++++++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/html/node.go b/html/node.go
+index 2c1cade6..633ee15d 100644
+--- a/html/node.go
++++ b/html/node.go
+@@ -177,7 +177,7 @@ func (s *nodeStack) index(n *Node) int {
+ // contains returns whether a is within s.
+ func (s *nodeStack) contains(a atom.Atom) bool {
+ for _, n := range *s {
+- if n.DataAtom == a {
++ if n.DataAtom == a && n.Namespace == "" {
+ return true
+ }
+ }
+diff --git a/html/testdata/go/template.dat b/html/testdata/go/template.dat
+index 98481b9e..ceaf0229 100644
+--- a/html/testdata/go/template.dat
++++ b/html/testdata/go/template.dat
+@@ -35,3 +35,28 @@
+ | <math mo>
+ | <template>
+ | content
++
++#data
++<svg><template><desc><t><svg></template>
++#errors
++#document
++| <html>
++| <head>
++| <body>
++| <svg svg>
++| <svg template>
++| <svg desc>
++| <t>
++| <svg svg>
++
++#data
++<math><template><mn><b></template>
++#errors
++#document
++| <html>
++| <head>
++| <body>
++| <math math>
++| <math template>
++| <math mn>
++| <b>
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series 1970-01-01 08:00:00.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series 2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,2 @@
+CVE-2018-17846_d26f9f9.patch
+CVE-2018-17847_CVE-2018-17848_4b62a64.patch
unblock golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3
-- System Information:
Debian Release: 10.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: