Sisyphus repository
Last update: 21 january 2021 | SRPMs: 17776 | Visits: 20098824
en ru br
ALT Linux repos
S:0.11.6-alt2
5.0: 0.7.4-alt1

Other repositories
Upstream:0.7.3

Group :: Games/Strategy
RPM: freecol

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: CVE-2018-1000825.patch
Download


From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Feb 2020 12:33:58 +0100
Subject: CVE-2018-1000825
Bug-Debian: https://bugs.debian.org/917023
Origin: https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3
---
 src/net/sf/freecol/common/io/FreeColXMLReader.java   | 19 +++++++++++++++++--
 src/net/sf/freecol/common/model/FreeColObject.java   |  3 +++
 src/net/sf/freecol/common/networking/Connection.java |  3 +++
 src/net/sf/freecol/common/networking/DOMMessage.java |  3 +++
 src/net/sf/freecol/tools/GenerateDocumentation.java  |  3 +++
 5 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/net/sf/freecol/common/io/FreeColXMLReader.java b/src/net/sf/freecol/common/io/FreeColXMLReader.java
index dd78a40..abbaba6 100644
--- a/src/net/sf/freecol/common/io/FreeColXMLReader.java
+++ b/src/net/sf/freecol/common/io/FreeColXMLReader.java
@@ -88,7 +88,7 @@ public class FreeColXMLReader extends StreamReaderDelegate
         super();
 
         try {
-            XMLInputFactory xif = XMLInputFactory.newInstance();
+            XMLInputFactory xif = newXMLInputFactory();
             setParent(xif.createXMLStreamReader(inputStream, "UTF-8"));
         } catch (XMLStreamException e) {
             throw new IOException(e);
@@ -109,7 +109,7 @@ public class FreeColXMLReader extends StreamReaderDelegate
         super();
 
         try {
-            XMLInputFactory xif = XMLInputFactory.newInstance();
+            XMLInputFactory xif = newXMLInputFactory();
             setParent(xif.createXMLStreamReader(reader));
         } catch (XMLStreamException e) {
             throw new IOException(e);
@@ -118,6 +118,21 @@ public class FreeColXMLReader extends StreamReaderDelegate
         this.readScope = ReadScope.NORMAL;
     }
 
+    /**
+     * Create a new XMLInputFactory.
+     *
+     * Respond to CVE 2018-1000825.
+     *
+     * @return A new <code>XMLInputFactory</code>.
+     */
+    private static XMLInputFactory newXMLInputFactory() {
+        XMLInputFactory xif = XMLInputFactory.newInstance();
+        // This disables DTDs entirely for that factory
+        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); 
+        // disable external entities
+        xif.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
+        return xif;
+    }
 
     /**
      * Should reads from this stream intern their objects into the
diff --git a/src/net/sf/freecol/common/model/FreeColObject.java b/src/net/sf/freecol/common/model/FreeColObject.java
index 01c9887..d8f3754 100644
--- a/src/net/sf/freecol/common/model/FreeColObject.java
+++ b/src/net/sf/freecol/common/model/FreeColObject.java
@@ -49,6 +49,7 @@ import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
 
 import net.sf.freecol.common.ObjectWithId;
 import net.sf.freecol.common.io.FreeColXMLReader;
@@ -895,6 +896,8 @@ public abstract class FreeColObject
     public void readFromXMLElement(Element element) {
         try {
             TransformerFactory factory = TransformerFactory.newInstance();
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
             Transformer xmlTransformer = factory.newTransformer();
             StringWriter stringWriter = new StringWriter();
             xmlTransformer.transform(new DOMSource(element),
diff --git a/src/net/sf/freecol/common/networking/Connection.java b/src/net/sf/freecol/common/networking/Connection.java
index f88d2ed..48954bd 100644
--- a/src/net/sf/freecol/common/networking/Connection.java
+++ b/src/net/sf/freecol/common/networking/Connection.java
@@ -40,6 +40,7 @@ import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
 
 import net.sf.freecol.common.FreeColException;
 import net.sf.freecol.common.debug.FreeColDebugger;
@@ -101,6 +102,8 @@ public class Connection implements Closeable {
         Transformer myTransformer = null;
         try {
             TransformerFactory factory = TransformerFactory.newInstance();
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
             myTransformer = factory.newTransformer();
             myTransformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION,
                                             "yes");
diff --git a/src/net/sf/freecol/common/networking/DOMMessage.java b/src/net/sf/freecol/common/networking/DOMMessage.java
index 7181a7d..8fe7295 100644
--- a/src/net/sf/freecol/common/networking/DOMMessage.java
+++ b/src/net/sf/freecol/common/networking/DOMMessage.java
@@ -37,6 +37,7 @@ import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
+import javax.xml.XMLConstants;
 
 import net.sf.freecol.common.io.FreeColXMLWriter;
 import net.sf.freecol.common.debug.FreeColDebugger;
@@ -448,6 +449,8 @@ public class DOMMessage {
     public static String elementToString(Element element) {
         try {
             TransformerFactory factory = TransformerFactory.newInstance();
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
             Transformer xt = factory.newTransformer();
             StringWriter sw = new StringWriter();
             xt.transform(new DOMSource(element), new StreamResult(sw));
diff --git a/src/net/sf/freecol/tools/GenerateDocumentation.java b/src/net/sf/freecol/tools/GenerateDocumentation.java
index aac0f55..a52cf5b 100644
--- a/src/net/sf/freecol/tools/GenerateDocumentation.java
+++ b/src/net/sf/freecol/tools/GenerateDocumentation.java
@@ -35,6 +35,7 @@ import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
+import javax.xml.XMLConstants;
 
 import net.sf.freecol.common.i18n.Messages;
 import net.sf.freecol.common.model.StringTemplate;
@@ -192,6 +193,8 @@ public class GenerateDocumentation {
                 Messages.loadMessageBundle(Messages.getLocale(languageCode));
                 try {
                     TransformerFactory factory = TransformerFactory.newInstance();
+                    factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+                    factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
                     Source xsl = new StreamSource(new File("doc", XSL));
                     Transformer stylesheet;
                     try {
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin