search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
openjdk-23: use OpenJDK 23 as the boot JDK
[oi-userland.git] / components / library / raptor / patches / raptor-02-cve-2012-037.patch
blob864d6ddced44e2a95246473f778412515c6e16d9
1 --- raptor-1.4.21.orig/src/raptor.h 2010-01-29 15:54:42.000000000 -0800
2 +++ raptor-1.4.21/src/raptor.h 2012-02-04 12:22:29.000000000 -0800
3 @@ -407,6 +407,7 @@
4 * @RAPTOR_FEATURE_RSS_TRIPLES: Atom/RSS serializer writes extra RDF triples it finds (none, rdf-xml, atom-triples)
5 * @RAPTOR_FEATURE_ATOM_ENTRY_URI: Atom entry URI. If given, generate an Atom Entry Document with the item having the given URI, otherwise generate an Atom Feed Document with any items found.
6 * @RAPTOR_FEATURE_PREFIX_ELEMENTS: Integer. If set, generate Atom/RSS1.0 documents with prefixed elements, otherwise unprefixed.
7 + * @RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES: When reading XML, load external entities.
8 * @RAPTOR_FEATURE_LAST: Internal
9 *
10 * Raptor parser, serializer or XML writer features.
11 @@ -448,7 +449,8 @@
12 RAPTOR_FEATURE_RSS_TRIPLES,
13 RAPTOR_FEATURE_ATOM_ENTRY_URI,
14 RAPTOR_FEATURE_PREFIX_ELEMENTS,
15 - RAPTOR_FEATURE_LAST = RAPTOR_FEATURE_PREFIX_ELEMENTS
16 + RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES,
17 + RAPTOR_FEATURE_LAST = RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES
18 } raptor_feature;
19
20
21 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_feature.c raptor-1.4.21/src/raptor_feature.c
22 --- raptor-1.4.21.orig/src/raptor_feature.c 2010-01-29 15:54:42.000000000 -0800
23 +++ raptor-1.4.21/src/raptor_feature.c 2012-02-04 12:22:39.000000000 -0800
24 @@ -93,7 +93,8 @@
25 { RAPTOR_FEATURE_JSON_EXTRA_DATA , 6, "jsonExtraData", "JSON serializer extra data" },
26 { RAPTOR_FEATURE_RSS_TRIPLES , 6, "rssTriples", "Atom/RSS serializer writes extra RDF triples" },
27 { RAPTOR_FEATURE_ATOM_ENTRY_URI , 6, "atomEntryUri", "Atom serializer Entry URI" },
28 - { RAPTOR_FEATURE_PREFIX_ELEMENTS , 2, "prefixElements", "Atom/RSS serializers write namespace-prefixed elements" }
29 + { RAPTOR_FEATURE_PREFIX_ELEMENTS , 2, "prefixElements", "Atom/RSS serializers write namespace-prefixed elements" },
30 + { RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES, 1, "loadExternalEntities", "Load external XML entities." }
31 };
32
33
34 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_internal.h raptor-1.4.21/src/raptor_internal.h
35 --- raptor-1.4.21.orig/src/raptor_internal.h 2010-01-29 15:54:42.000000000 -0800
36 +++ raptor-1.4.21/src/raptor_internal.h 2012-02-04 12:23:45.000000000 -0800
37 @@ -1060,6 +1060,14 @@
38
39 /* sax2 init failed - do not try to do anything with it */
40 int failed;
41 +
42 + /* call SAX2 handlers if non-0 */
43 + int enabled;
44 +
45 + /* FEATURE:
46 + * non 0 if XML entities should be loaded
47 + */
48 + int feature_load_external_entities;
49 };
50
51 int raptor_sax2_init(raptor_world* world);
52 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_libxml.c raptor-1.4.21/src/raptor_libxml.c
53 --- raptor-1.4.21.orig/src/raptor_libxml.c 2010-01-29 15:54:42.000000000 -0800
54 +++ raptor-1.4.21/src/raptor_libxml.c 2012-02-04 12:23:38.000000000 -0800
55 @@ -142,18 +142,115 @@
56
57 static xmlParserInputPtr
58 raptor_libxml_resolveEntity(void* user_data,
59 - const xmlChar *publicId, const xmlChar *systemId) {
60 - raptor_sax2* sax2=(raptor_sax2*)user_data;
61 - return libxml2_resolveEntity(sax2->xc, publicId, systemId);
62 + const xmlChar *publicId, const xmlChar *systemId)
63 +{
64 + raptor_sax2* sax2 = (raptor_sax2*)user_data;
65 + xmlParserCtxtPtr ctxt = sax2->xc;
66 + const unsigned char *uri_string = NULL;
67 + xmlParserInputPtr entity_input;
68 + int load_entity = 0;
69 +
70 + if(ctxt->input)
71 + uri_string = (const unsigned char *)ctxt->input->filename;
72 +
73 + if(!uri_string)
74 + uri_string = (const unsigned char *)ctxt->directory;
75 +
76 + load_entity = sax2->feature_load_external_entities;
77 +
78 + if(load_entity) {
79 + entity_input = xmlLoadExternalEntity((const char*)uri_string,
80 + (const char*)publicId,
81 + ctxt);
82 + } else {
83 + RAPTOR_DEBUG4("Not loading entity URI %s by policy for publicId '%s' systemId '%s'\n", uri_string, publicId, systemId);
84 + }
85 +
86 + return entity_input;
87 }
88
89
90 static xmlEntityPtr
91 -raptor_libxml_getEntity(void* user_data, const xmlChar *name) {
92 - raptor_sax2* sax2=(raptor_sax2*)user_data;
93 - return libxml2_getEntity(sax2->xc, name);
94 -}
95 +raptor_libxml_getEntity(void* user_data, const xmlChar *name)
96 +{
97 + raptor_sax2* sax2 = (raptor_sax2*)user_data;
98 + xmlParserCtxtPtr xc = sax2->xc;
99 + xmlEntityPtr ret = NULL;
100 +
101 + if(!xc)
102 + return NULL;
103 +
104 + if(!xc->inSubset) {
105 + /* looks for hardcoded set of entity names - lt, gt etc. */
106 + ret = xmlGetPredefinedEntity(name);
107 + if(ret) {
108 + RAPTOR_DEBUG2("Entity '%s' found in predefined set\n", name);
109 + return ret;
110 + }
111 + }
112 +
113 + /* This section uses xmlGetDocEntity which looks for entities in
114 + * memory only, never from a file or URI
115 + */
116 + if(xc->myDoc && (xc->myDoc->standalone == 1)) {
117 + RAPTOR_DEBUG2("Entity '%s' document is standalone\n", name);
118 + /* Document is standalone: no entities are required to interpret doc */
119 + if(xc->inSubset == 2) {
120 + xc->myDoc->standalone = 0;
121 + ret = xmlGetDocEntity(xc->myDoc, name);
122 + xc->myDoc->standalone = 1;
123 + } else {
124 + ret = xmlGetDocEntity(xc->myDoc, name);
125 + if(!ret) {
126 + xc->myDoc->standalone = 0;
127 + ret = xmlGetDocEntity(xc->myDoc, name);
128 + xc->myDoc->standalone = 1;
129 + }
130 + }
131 + } else {
132 + ret = xmlGetDocEntity(xc->myDoc, name);
133 + }
134
135 + if(ret && !ret->children &&
136 + (ret->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY)) {
137 + /* Entity is an external general parsed entity. It may be in a
138 + * catalog file, user file or user URI
139 + */
140 + int val = 0;
141 + xmlNodePtr children;
142 + int load_entity = 0;
143 +
144 + load_entity = sax2->feature_load_external_entities;
145 +
146 + if(!load_entity) {
147 + RAPTOR_DEBUG2("Not getting entity URI %s by policy\n", ret->URI);
148 + children = xmlNewText((const xmlChar*)"");
149 + } else {
150 + /* Disable SAX2 handlers so that the SAX2 events do not all get
151 + * sent to callbacks during dealing with the entity parsing.
152 + */
153 + sax2->enabled = 0;
154 + val = xmlParseCtxtExternalEntity(xc, ret->URI, ret->ExternalID, &children);
155 + sax2->enabled = 1;
156 + }
157 +
158 + if(!val) {
159 + xmlAddChildList((xmlNodePtr)ret, children);
160 + } else {
161 + xc->validate = 0;
162 + return NULL;
163 + }
164 +
165 + ret->owner = 1;
166 +
167 + /* Mark this entity as having been checked - never do this again */
168 + if(!ret->checked)
169 + ret->checked = 1;
170 + }
171 +
172 + return ret;
173 +}
174 +
175
176 static xmlEntityPtr
177 raptor_libxml_getParameterEntity(void* user_data, const xmlChar *name) {
178 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_parse.c raptor-1.4.21/src/raptor_parse.c
179 --- raptor-1.4.21.orig/src/raptor_parse.c 2010-01-29 15:54:42.000000000 -0800
180 +++ raptor-1.4.21/src/raptor_parse.c 2012-02-04 12:22:46.000000000 -0800
181 @@ -1443,6 +1443,7 @@
182 case RAPTOR_FEATURE_MICROFORMATS:
183 case RAPTOR_FEATURE_HTML_LINK:
184 case RAPTOR_FEATURE_WWW_TIMEOUT:
185 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
186 parser->features[(int)feature]=value;
187 break;
188
189 @@ -1564,6 +1565,7 @@
190 case RAPTOR_FEATURE_MICROFORMATS:
191 case RAPTOR_FEATURE_HTML_LINK:
192 case RAPTOR_FEATURE_WWW_TIMEOUT:
193 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
194 result = parser->features[(int)feature];
195 break;
196
197 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rdfxml.c raptor-1.4.21/src/raptor_rdfxml.c
198 --- raptor-1.4.21.orig/src/raptor_rdfxml.c 2010-01-29 15:54:42.000000000 -0800
199 +++ raptor-1.4.21/src/raptor_rdfxml.c 2012-02-04 12:22:50.000000000 -0800
200 @@ -1130,6 +1130,9 @@
201 raptor_sax2_set_feature(rdf_xml_parser->sax2,
202 RAPTOR_FEATURE_NO_NET,
203 rdf_parser->features[RAPTOR_FEATURE_NO_NET]);
204 + raptor_sax2_set_feature(rdf_xml_parser->sax2,
205 + RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES,
206 + rdf_parser->features[RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES]);
207
208 raptor_sax2_parse_start(rdf_xml_parser->sax2, uri);
209
210 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_rss.c raptor-1.4.21/src/raptor_rss.c
211 --- raptor-1.4.21.orig/src/raptor_rss.c 2010-01-29 15:54:42.000000000 -0800
212 +++ raptor-1.4.21/src/raptor_rss.c 2012-02-04 12:22:54.000000000 -0800
213 @@ -247,6 +247,9 @@
214 raptor_sax2_set_feature(rss_parser->sax2,
215 RAPTOR_FEATURE_NO_NET,
216 rdf_parser->features[RAPTOR_FEATURE_NO_NET]);
217 + raptor_sax2_set_feature(rss_parser->sax2,
218 + RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES,
219 + rdf_parser->features[RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES]);
220
221 raptor_sax2_parse_start(rss_parser->sax2, uri);
222
223 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_sax2.c raptor-1.4.21/src/raptor_sax2.c
224 --- raptor-1.4.21.orig/src/raptor_sax2.c 2010-01-29 15:54:42.000000000 -0800
225 +++ raptor-1.4.21/src/raptor_sax2.c 2012-02-04 15:04:23.000000000 -0800
226 @@ -106,6 +106,8 @@
227
228 sax2->user_data=user_data;
229
230 + sax2->enabled = 1;
231 +
232 sax2->locator=error_handlers->locator;
233
234 sax2->error_handlers=error_handlers;
235 @@ -721,6 +723,10 @@
236 sax2->feature_no_net=value;
237 break;
238
239 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
240 + sax2->feature_load_external_entities=value;
241 + break;
242 +
243 case RAPTOR_FEATURE_SCANNING:
244 case RAPTOR_FEATURE_ASSUME_IS_RDF:
245 case RAPTOR_FEATURE_ALLOW_NON_NS_ATTRIBUTES:
246 @@ -802,7 +808,7 @@
247 unsigned char *xml_language=NULL;
248 raptor_uri *xml_base=NULL;
249
250 - if(sax2->failed)
251 + if(sax2->failed || !sax2->enabled)
252 return;
253
254 #ifdef RAPTOR_XML_EXPAT
255 @@ -1031,7 +1037,7 @@
256 raptor_sax2* sax2=(raptor_sax2*)user_data;
257 raptor_xml_element* xml_element;
258
259 - if(sax2->failed)
260 + if(sax2->failed || !sax2->enabled)
261 return;
262
263 #ifdef RAPTOR_XML_EXPAT
264 @@ -1069,7 +1075,11 @@
265 raptor_sax2_characters(void* user_data, const unsigned char *s, int len)
266 {
267 raptor_sax2* sax2=(raptor_sax2*)user_data;
268 - if(!sax2->failed && sax2->characters_handler)
269 +
270 + if(sax2->failed || !sax2->enabled)
271 + return;
272 +
273 + if(sax2->characters_handler)
274 sax2->characters_handler(sax2->user_data, sax2->current_element, s, len);
275 }
276
277 @@ -1085,7 +1095,10 @@
278 #endif
279 #endif
280
281 - if(!sax2->failed && sax2->cdata_handler)
282 + if(sax2->failed || !sax2->enabled)
283 + return;
284 +
285 + if(sax2->cdata_handler)
286 sax2->cdata_handler(sax2->user_data, sax2->current_element, s, len);
287 }
288
289 @@ -1095,7 +1108,11 @@
290 raptor_sax2_comment(void* user_data, const unsigned char *s)
291 {
292 raptor_sax2* sax2=(raptor_sax2*)user_data;
293 - if(!sax2->failed && sax2->comment_handler)
294 +
295 + if(sax2->failed || !sax2->enabled)
296 + return;
297 +
298 + if(sax2->comment_handler)
299 sax2->comment_handler(sax2->user_data, sax2->current_element, s);
300 }
301
302 @@ -1110,7 +1127,11 @@
303 const unsigned char* notationName)
304 {
305 raptor_sax2* sax2=(raptor_sax2*)user_data;
306 - if(!sax2->failed && sax2->unparsed_entity_decl_handler)
307 +
308 + if(sax2->failed || !sax2->enabled)
309 + return;
310 +
311 + if(sax2->unparsed_entity_decl_handler)
312 sax2->unparsed_entity_decl_handler(sax2->user_data,
313 entityName, base, systemId,
314 publicId, notationName);
315 @@ -1127,7 +1148,7 @@
316 {
317 raptor_sax2* sax2=(raptor_sax2*)user_data;
318
319 - if(sax2->failed)
320 + if(sax2->failed || !sax2->enabled)
321 return 0;
322
323 if(sax2->external_entity_ref_handler)
324 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_serialize.c raptor-1.4.21/src/raptor_serialize.c
325 --- raptor-1.4.21.orig/src/raptor_serialize.c 2010-01-29 15:54:42.000000000 -0800
326 +++ raptor-1.4.21/src/raptor_serialize.c 2012-02-04 12:23:05.000000000 -0800
327 @@ -974,6 +974,7 @@
328
329 /* Shared */
330 case RAPTOR_FEATURE_NO_NET:
331 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
332
333 /* XML writer features */
334 case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
335 @@ -1081,6 +1082,7 @@
336
337 /* Shared */
338 case RAPTOR_FEATURE_NO_NET:
339 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
340
341 /* XML writer features */
342 case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
343 @@ -1222,6 +1224,7 @@
344
345 /* Shared */
346 case RAPTOR_FEATURE_NO_NET:
347 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
348
349 /* XML writer features */
350 case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
351 @@ -1324,6 +1327,7 @@
352
353 /* Shared */
354 case RAPTOR_FEATURE_NO_NET:
355 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
356
357 /* XML writer features */
358 case RAPTOR_FEATURE_WRITER_AUTO_INDENT:
359 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_turtle_writer.c raptor-1.4.21/src/raptor_turtle_writer.c
360 --- raptor-1.4.21.orig/src/raptor_turtle_writer.c 2010-01-29 15:54:42.000000000 -0800
361 +++ raptor-1.4.21/src/raptor_turtle_writer.c 2012-02-04 12:23:10.000000000 -0800
362 @@ -740,6 +740,7 @@
363
364 /* Shared */
365 case RAPTOR_FEATURE_NO_NET:
366 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
367
368 /* XML writer features */
369 case RAPTOR_FEATURE_RELATIVE_URIS:
370 @@ -854,6 +855,7 @@
371
372 /* Shared */
373 case RAPTOR_FEATURE_NO_NET:
374 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
375
376 /* XML writer features */
377 case RAPTOR_FEATURE_RELATIVE_URIS:
378 diff -urN -X /Users/dajobe/dev/dontdiff -x raptor.rdf -x file1.txt -x xmlent1.rdf -x rapper -x rdfdiff raptor-1.4.21.orig/src/raptor_xml_writer.c raptor-1.4.21/src/raptor_xml_writer.c
379 --- raptor-1.4.21.orig/src/raptor_xml_writer.c 2010-01-29 15:54:42.000000000 -0800
380 +++ raptor-1.4.21/src/raptor_xml_writer.c 2012-02-04 12:23:24.000000000 -0800
381 @@ -973,6 +973,7 @@
382
383 /* Shared */
384 case RAPTOR_FEATURE_NO_NET:
385 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
386
387 /* XML writer features */
388 case RAPTOR_FEATURE_RELATIVE_URIS:
389 @@ -1094,6 +1095,7 @@
390
391 /* Shared */
392 case RAPTOR_FEATURE_NO_NET:
393 + case RAPTOR_FEATURE_LOAD_EXTERNAL_ENTITIES:
394
395 /* XML writer features */
396 case RAPTOR_FEATURE_RELATIVE_URIS: