[freeplane] 01/01: add patch for CVE-2018-1000069 [jessie]

Fri Apr 6 19:21:23 UTC 2018

This is an automated email from the git hooks/post-receive script.

fnatter-guest pushed a commit to branch jessie-CVE-2018-1000069
in repository freeplane.

commit 02ec050446fd9765c5e9d374121c7e546e94fb34
Author: Felix Natter <fnatter at gmx.net>
Date:   Fri Apr 6 15:18:08 2018 -0400

    add patch for CVE-2018-1000069 [jessie]
---
 debian/changelog                             |   9 +
 debian/patches/97_fix_CVE-2018-1000069.patch | 265 +++++++++++++++++++++++++++
 debian/patches/series                        |   1 +
 3 files changed, 275 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 7601a2b..baf093c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+freeplane (1.3.12-1+deb8u1) jessie-security; urgency=high
+
+  * Fix CVE-2018-1000069: Wojciech Reguła discovered that FreePlane was
+    affected by a XML External Entity (XXE) vulnerability in its mindmap
+    loader that could compromise a user's machine by opening a specially
+    crafted mind map file. (Closes: #893663)
+
+ -- Felix Natter <fnatter at gmx.net>  Fri, 06 Apr 2018 14:20:40 -0400
+
 freeplane (1.3.12-1) unstable; urgency=medium
 
   * New upstream version (bugfix release).
diff --git a/debian/patches/97_fix_CVE-2018-1000069.patch b/debian/patches/97_fix_CVE-2018-1000069.patch
new file mode 100644
index 0000000..88a2c3c
--- /dev/null
+++ b/debian/patches/97_fix_CVE-2018-1000069.patch
@@ -0,0 +1,265 @@
+From a5dce7f9f4d29675fb256053aee3858bf8d76001 Mon Sep 17 00:00:00 2001
+From: Dimitry Polivaev <dpolivaev at gmx.de>
+Date: Sun, 5 Mar 2017 21:28:14 +0100
+Subject: [PATCH] Do not reference external entities in freeplane xml parser
+
+---
+ .../org/freeplane/core/io/xml/LocalEntityResolver.java    | 15 +++++++++++++++
+ .../org/freeplane/core/io/xml/XMLLocalParserFactory.java  | 12 ++++++++++++
+ .../main/java/org/freeplane/core/io/xml/XMLParser.java    |  5 +++++
+ .../core/resources/WindowConfigurationStorage.java        |  5 +++--
+ .../features/export/mindmapmode/ExportController.java     |  4 ++--
+ .../org/freeplane/features/filter/FilterController.java   |  4 ++--
+ .../org/freeplane/features/format/FormatController.java   |  4 ++--
+ .../org/freeplane/features/format/ScannerController.java  |  4 ++--
+ .../java/org/freeplane/main/addons/AddOnsController.java  |  4 ++--
+ .../java/org/freeplane/n3/nanoxml/XMLEntityResolver.java  |  2 +-
+ .../freeplane/plugin/script/ScriptingRegistration.java    |  4 ++--
+ 11 files changed, 48 insertions(+), 15 deletions(-)
+ create mode 100644 freeplane/src/org/freeplane/core/io/xml/LocalEntityResolver.java
+ create mode 100644 freeplane/src/org/freeplane/core/io/xml/XMLLocalParserFactory.java
+
+--- /dev/null
++++ b/freeplane/src/org/freeplane/core/io/xml/LocalEntityResolver.java
+@@ -0,0 +1,15 @@
++package org.freeplane.core.io.xml;
++
++import java.io.Reader;
++
++import org.freeplane.n3.nanoxml.IXMLReader;
++import org.freeplane.n3.nanoxml.XMLEntityResolver;
++import org.freeplane.n3.nanoxml.XMLParseException;
++
++final class LocalEntityResolver extends XMLEntityResolver {
++	@Override
++	protected Reader openExternalEntity(IXMLReader xmlReader, String publicID, String systemID)
++	        throws XMLParseException {
++		throw new XMLParseException("External entities are not allowed");
++	}
++}
+\ No newline at end of file
+--- /dev/null
++++ b/freeplane/src/org/freeplane/core/io/xml/XMLLocalParserFactory.java
+@@ -0,0 +1,12 @@
++package org.freeplane.core.io.xml;
++
++import org.freeplane.n3.nanoxml.IXMLParser;
++
++public class XMLLocalParserFactory {
++
++	public static IXMLParser createLocalXMLParser() {
++		IXMLParser parser = org.freeplane.n3.nanoxml.XMLParserFactory.createDefaultXMLParser();
++		parser.setResolver(new LocalEntityResolver());
++		return parser;
++	}
++}
+--- a/freeplane/src/org/freeplane/core/io/xml/XMLParser.java
++++ b/freeplane/src/org/freeplane/core/io/xml/XMLParser.java
+@@ -30,6 +30,11 @@
+ class XMLParser extends StdXMLParser implements IXMLParser {
+ 	private boolean skipNextElementContent = false;
+ 
++	public XMLParser() {
++		super();
++		setResolver(new LocalEntityResolver());
++	}
++
+ 	void notParseNextElementContent() {
+ 		skipNextElementContent = true;
+ 	}
+--- a/freeplane/src/org/freeplane/core/resources/WindowConfigurationStorage.java
++++ b/freeplane/src/org/freeplane/core/resources/WindowConfigurationStorage.java
+@@ -16,8 +16,8 @@
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+ import org.freeplane.n3.nanoxml.XMLException;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ import org.freeplane.n3.nanoxml.XMLWriter;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ 
+ public class WindowConfigurationStorage {
+ 	protected int height;
+@@ -107,7 +107,7 @@
+ 	}
+ 	protected XMLElement unmarschall(final String marshalled, final JDialog dialog) {
+ 		if (marshalled != null) {
+-			final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++			final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 			final IXMLReader xmlReader = new StdXMLReader(new StringReader(marshalled));
+ 			parser.setReader(xmlReader);
+ 			try {
+--- a/freeplane/src/org/freeplane/features/export/mindmapmode/ExportController.java
++++ b/freeplane/src/org/freeplane/features/export/mindmapmode/ExportController.java
+@@ -13,6 +13,7 @@
+ import javax.swing.filechooser.FileFilter;
+ 
+ import org.freeplane.core.extension.IExtension;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.ui.components.UITools;
+ import org.freeplane.core.util.FileUtils;
+@@ -25,7 +26,6 @@
+ import org.freeplane.n3.nanoxml.IXMLReader;
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ 
+ /**
+  * A registry of all XSLT scripts that are available to transform a .mm file into another format.
+@@ -75,7 +75,7 @@
+ 	private void createXSLTExportActions( final String xmlDescriptorFile) {
+ 		InputStream xmlDescriptorStream = null;
+ 		try {
+-			final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++			final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 			final URL resource = ResourceController.getResourceController().getResource(xmlDescriptorFile);
+ 			xmlDescriptorStream = resource.openStream();
+ 			final IXMLReader reader = new StdXMLReader(xmlDescriptorStream);
+--- a/freeplane/src/org/freeplane/features/filter/FilterController.java
++++ b/freeplane/src/org/freeplane/features/filter/FilterController.java
+@@ -50,6 +50,7 @@
+ import javax.swing.event.ListDataListener;
+ 
+ import org.freeplane.core.extension.IExtension;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.ui.AFreeplaneAction;
+ import org.freeplane.core.ui.IMenuContributor;
+@@ -80,7 +81,6 @@
+ import org.freeplane.n3.nanoxml.IXMLReader;
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ import org.freeplane.n3.nanoxml.XMLWriter;
+ 
+ /**
+@@ -471,7 +471,7 @@
+ 			final boolean showPopupOnError)
+ 	        throws IOException {
+ 		try {
+-			final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++			final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 			File filterFile = new File(pathToFilterFile);
+ 			final IXMLReader reader = new StdXMLReader(new BufferedInputStream(new FileInputStream(filterFile)));
+ 			parser.setReader(reader);
+--- a/freeplane/src/org/freeplane/features/format/FormatController.java
++++ b/freeplane/src/org/freeplane/features/format/FormatController.java
+@@ -40,6 +40,7 @@
+ 
+ import org.apache.commons.lang.StringUtils;
+ import org.freeplane.core.extension.IExtension;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.IFreeplanePropertyListener;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.resources.components.IValidator;
+@@ -52,7 +53,6 @@
+ import org.freeplane.n3.nanoxml.IXMLReader;
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ import org.freeplane.n3.nanoxml.XMLWriter;
+ 
+ /**
+@@ -194,7 +194,7 @@
+ 			return;
+ 		}
+ 		try {
+-			final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++			final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 			inputStream = new BufferedInputStream(new FileInputStream(configXml));
+ 			final IXMLReader reader = new StdXMLReader(inputStream);
+ 			parser.setReader(reader);
+--- a/freeplane/src/org/freeplane/features/format/ScannerController.java
++++ b/freeplane/src/org/freeplane/features/format/ScannerController.java
+@@ -35,6 +35,7 @@
+ 
+ import org.apache.commons.lang.StringUtils;
+ import org.freeplane.core.extension.IExtension;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.IFreeplanePropertyListener;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.ui.components.UITools;
+@@ -45,7 +46,6 @@
+ import org.freeplane.n3.nanoxml.IXMLReader;
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ import org.freeplane.n3.nanoxml.XMLWriter;
+ 
+ /**
+@@ -259,7 +259,7 @@
+ 			return;
+ 		}
+ 		try {
+-			final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++			final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 			final IXMLReader reader = new StdXMLReader(new BufferedInputStream(new FileInputStream(configXml)));
+ 			parser.setReader(reader);
+ 			final XMLElement loader = (XMLElement) parser.parse();
+--- a/freeplane/src/org/freeplane/main/addons/AddOnsController.java
++++ b/freeplane/src/org/freeplane/main/addons/AddOnsController.java
+@@ -18,6 +18,7 @@
+ import javax.swing.JOptionPane;
+ 
+ import org.apache.commons.lang.StringEscapeUtils;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.ui.components.UITools;
+ import org.freeplane.core.util.FileUtils;
+@@ -32,7 +33,6 @@
+ import org.freeplane.n3.nanoxml.IXMLReader;
+ import org.freeplane.n3.nanoxml.StdXMLReader;
+ import org.freeplane.n3.nanoxml.XMLElement;
+-import org.freeplane.n3.nanoxml.XMLParserFactory;
+ 
+ public class AddOnsController {
+ 	private static final String ADDONS_DIR = "addons";
+@@ -66,7 +66,7 @@
+ 				return name.endsWith(".plugin.xml");
+ 			}
+ 		});
+-		final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++		final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 		for (File file : addonXmlFiles) {
+ 			BufferedInputStream inputStream = null;
+ 			try {
+--- a/freeplane/src/org/freeplane/n3/nanoxml/XMLEntityResolver.java
++++ b/freeplane/src/org/freeplane/n3/nanoxml/XMLEntityResolver.java
+@@ -26,7 +26,7 @@
+  * @author Marc De Scheemaecker
+  * @version $Name: RELEASE_2_2_1 $, $Revision: 1.4 $
+  */
+-class XMLEntityResolver implements IXMLEntityResolver {
++public class XMLEntityResolver implements IXMLEntityResolver {
+ 	/**
+ 	 * The entities.
+ 	 */
+--- a/freeplane_plugin_script/src/org/freeplane/plugin/script/ScriptingRegistration.java
++++ b/freeplane_plugin_script/src/org/freeplane/plugin/script/ScriptingRegistration.java
+@@ -38,6 +38,7 @@
+ import javax.swing.JMenuItem;
+ 
+ import org.apache.commons.lang.StringUtils;
++import org.freeplane.core.io.xml.XMLLocalParserFactory;
+ import org.freeplane.core.resources.ResourceController;
+ import org.freeplane.core.resources.components.IValidator;
+ import org.freeplane.core.ui.IMenuContributor;
+@@ -226,7 +227,7 @@
+ 				return name.endsWith(".script.xml");
+ 			}
+ 		});
+-		final IXMLParser parser = XMLParserFactory.createDefaultXMLParser();
++		final IXMLParser parser = XMLLocalParserFactory.createLocalXMLParser();
+ 		for (File file : addonXmlFiles) {
+ 			BufferedInputStream inputStream = null;
+ 			try {
+--- a/freeplane/src/org/freeplane/main/osgi/Activator.java
++++ b/freeplane/src/org/freeplane/main/osgi/Activator.java
+@@ -34,6 +34,7 @@
+ 		FreeplaneMain.checkJavaVersion();
+ 		activatorImpl = new ActivatorImpl();
+ 		activatorImpl.start(context);
++		org.freeplane.core.util.LogUtils.info("CVE-2018-1000069 fix activated");
+ 	}
+ 
+ 	public void stop(final BundleContext context) throws Exception {
diff --git a/debian/patches/series b/debian/patches/series
index 7c1cbb4..e50d53b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@
 92_fix_old_manifest.patch
 93_jgoodies1.6.patch
 95_run_jflex.patch
+97_fix_CVE-2018-1000069.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/freeplane.git

