Bug#928227: unblock: golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3

Tue, 30 Apr 2019 03:06:30 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package golang-golang-x-net-dev

Upstream has provided patches addressing security issues 
CVE-2018-17846 / CVE-2018-17847 / CVE-2018-17848
(Debian bug #911795).

This upload applies those patches.


$ debdiff  golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-2.dsc  
golang-golang-x-net-dev_0.0+git20181201.351d144+dfsg-3.dsc
diff -Nru golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog       
2018-12-14 21:56:28.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/changelog       
2019-04-30 16:42:08.000000000 +0800
@@ -1,3 +1,13 @@
+golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-3) unstable; 
urgency=medium
+
+  * Team upload.
+  * Apply security patches (upstream commits). Closes: #911795.
+    - CVE-2018-17846: commit d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
+    - CVE-2018-17847, CVE-2018-17848:
+      commit 4b62a64f59f73840b9ab79204c94fee61cd1ba2c
+
+ -- Drew Parsons <dpars...@debian.org>  Tue, 30 Apr 2019 16:42:08 +0800
+
 golang-golang-x-net-dev (1:0.0+git20181201.351d144+dfsg-2) unstable; 
urgency=medium
 
   * Remove obsolete patch for s390. Closes: #916236.
diff -Nru 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
--- 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
    1970-01-01 08:00:00.000000000 +0800
+++ 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17846_d26f9f9.patch
    2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,108 @@
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001
+From: Kunpei Sakai <namusy...@gmail.com>
+Date: Tue, 25 Sep 2018 22:55:50 +0900
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest
+ spec
+
+Fixes golang/go#27842
+
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc
+Reviewed-on: https://go-review.googlesource.com/c/137275
+Run-TryBot: Kunpei Sakai <namusy...@gmail.com>
+TryBot-Result: Gobot Gobot <go...@golang.org>
+Reviewed-by: Nigel Tao <nigel...@golang.org>
+---
+ html/parse.go               | 28 ++++++++++++++++++++++------
+ html/parse_test.go          |  3 ++-
+ html/testdata/go/select.dat | 12 ++++++++++++
+ 3 files changed, 36 insertions(+), 7 deletions(-)
+ create mode 100644 html/testdata/go/select.dat
+
+diff --git a/html/parse.go b/html/parse.go
+index 64a57937..488e8d3c 100644
+--- a/html/parse.go
++++ b/html/parse.go
+@@ -1719,8 +1719,12 @@ func inSelectIM(p *parser) bool {
+                       }
+                       p.addElement()
+               case a.Select:
+-                      p.tok.Type = EndTagToken
+-                      return false
++                      if p.popUntil(selectScope, a.Select) {
++                              p.resetInsertionMode()
++                      } else {
++                              // Ignore the token.
++                              return true
++                      }
+               case a.Input, a.Keygen, a.Textarea:
+                       if p.elementInScope(selectScope, a.Select) {
+                               p.parseImpliedToken(EndTagToken, a.Select, 
a.Select.String())
+@@ -1750,6 +1754,9 @@ func inSelectIM(p *parser) bool {
+               case a.Select:
+                       if p.popUntil(selectScope, a.Select) {
+                               p.resetInsertionMode()
++                      } else {
++                              // Ignore the token.
++                              return true
+                       }
+               case a.Template:
+                       return inHeadIM(p)
+@@ -1775,13 +1782,22 @@ func inSelectInTableIM(p *parser) bool {
+       case StartTagToken, EndTagToken:
+               switch p.tok.DataAtom {
+               case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, 
a.Th:
+-                      if p.tok.Type == StartTagToken || 
p.elementInScope(tableScope, p.tok.DataAtom) {
+-                              p.parseImpliedToken(EndTagToken, a.Select, 
a.Select.String())
+-                              return false
+-                      } else {
++                      if p.tok.Type == EndTagToken && 
!p.elementInScope(tableScope, p.tok.DataAtom) {
+                               // Ignore the token.
+                               return true
+                       }
++                      // This is like p.popUntil(selectScope, a.Select), but 
it also
++                      // matches <math select>, not just <select>. Matching 
the MathML
++                      // tag is arguably incorrect (conceptually), but it 
mimics what
++                      // Chromium does.
++                      for i := len(p.oe) - 1; i >= 0; i-- {
++                              if n := p.oe[i]; n.DataAtom == a.Select {
++                                      p.oe = p.oe[:i]
++                                      break
++                              }
++                      }
++                      p.resetInsertionMode()
++                      return false
+               }
+       }
+       return inSelectIM(p)
+diff --git a/html/parse_test.go b/html/parse_test.go
+index 1c232c71..9bba918c 100644
+--- a/html/parse_test.go
++++ b/html/parse_test.go
+@@ -367,7 +367,8 @@ var renderTestBlacklist = map[string]bool{
+       `<script><!--<script </s`:                      true,
+       // Reconstructing the active formatting elements results in a 
<plaintext>
+       // element that contains an <a> element.
+-      `<!doctype html><p><a><plaintext>b`: true,
++      `<!doctype html><p><a><plaintext>b`:         true,
++      `<table><math><select><mi><select></table>`: true,
+ }
+ 
+ func TestNodeConsistency(t *testing.T) {
+diff --git a/html/testdata/go/select.dat b/html/testdata/go/select.dat
+new file mode 100644
+index 00000000..684554c8
+--- /dev/null
++++ b/html/testdata/go/select.dat
+@@ -0,0 +1,12 @@
++#data
++<table><math><select><mi><select></table>
++#errors
++#document
++| <html>
++|   <head>
++|   <body>
++|     <math math>
++|       <math select>
++|         <math mi>
++|           <select>
++|     <table>
diff -Nru 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch
 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch
--- 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch
     1970-01-01 08:00:00.000000000 +0800
+++ 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/CVE-2018-17847_CVE-2018-17848_4b62a64.patch
     2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,67 @@
+From 4b62a64f59f73840b9ab79204c94fee61cd1ba2c Mon Sep 17 00:00:00 2001
+From: Kunpei Sakai <namusy...@gmail.com>
+Date: Fri, 25 Jan 2019 02:28:59 +0900
+Subject: [PATCH] html: make (*nodeStack)contains distinguish namespace
+
+By proceeding without distinguishing namespace, inconsistency will
+occur.
+This commit makes the method distinguish the HTML namespace.
+
+Fixes golang/go#27846
+
+Change-Id: I8269f670240c0fe31162a16fbe1ac23acacec00f
+Reviewed-on: https://go-review.googlesource.com/c/159397
+Run-TryBot: Kunpei Sakai <namusy...@gmail.com>
+TryBot-Result: Gobot Gobot <go...@golang.org>
+Reviewed-by: Nigel Tao <nigel...@golang.org>
+---
+ html/node.go                  |  2 +-
+ html/testdata/go/template.dat | 25 +++++++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/html/node.go b/html/node.go
+index 2c1cade6..633ee15d 100644
+--- a/html/node.go
++++ b/html/node.go
+@@ -177,7 +177,7 @@ func (s *nodeStack) index(n *Node) int {
+ // contains returns whether a is within s.
+ func (s *nodeStack) contains(a atom.Atom) bool {
+       for _, n := range *s {
+-              if n.DataAtom == a {
++              if n.DataAtom == a && n.Namespace == "" {
+                       return true
+               }
+       }
+diff --git a/html/testdata/go/template.dat b/html/testdata/go/template.dat
+index 98481b9e..ceaf0229 100644
+--- a/html/testdata/go/template.dat
++++ b/html/testdata/go/template.dat
+@@ -35,3 +35,28 @@
+ |         <math mo>
+ |           <template>
+ |             content
++
++#data
++<svg><template><desc><t><svg></template>
++#errors
++#document
++| <html>
++|   <head>
++|   <body>
++|     <svg svg>
++|       <svg template>
++|         <svg desc>
++|           <t>
++|             <svg svg>
++
++#data
++<math><template><mn><b></template>
++#errors
++#document
++| <html>
++|   <head>
++|   <body>
++|     <math math>
++|       <math template>
++|         <math mn>
++|           <b>
diff -Nru 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series 
golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series
--- golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series  
1970-01-01 08:00:00.000000000 +0800
+++ golang-golang-x-net-dev-0.0+git20181201.351d144+dfsg/debian/patches/series  
2019-04-30 16:42:08.000000000 +0800
@@ -0,0 +1,2 @@
+CVE-2018-17846_d26f9f9.patch
+CVE-2018-17847_CVE-2018-17848_4b62a64.patch



unblock golang-golang-x-net-dev/1:0.0+git20181201.351d144+dfsg-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply via email to