2.11.9
This commit is contained in:
Funda Wang
parent
4508765510
commit
4d4420d07a
@ -1,29 +0,0 @@
|
||||
From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Sat, 14 Oct 2023 22:45:54 +0200
|
||||
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
|
||||
backtracking
|
||||
|
||||
Fixes a use-after-free if XML Reader if used with DTD validation and
|
||||
XInclude expansion.
|
||||
|
||||
Fixes #604.
|
||||
---
|
||||
xmlreader.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/xmlreader.c b/xmlreader.c
|
||||
index 979385a13..fefd68e0b 100644
|
||||
--- a/xmlreader.c
|
||||
+++ b/xmlreader.c
|
||||
@@ -1443,6 +1443,7 @@ node_found:
|
||||
* Handle XInclude if asked for
|
||||
*/
|
||||
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
|
||||
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
|
||||
(reader->node != NULL) &&
|
||||
(reader->node->type == XML_ELEMENT_NODE) &&
|
||||
(reader->node->ns != NULL) &&
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Fri, 17 May 2024 08:50:50 +0800
|
||||
Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
|
||||
|
||||
Add a missing bounds check.
|
||||
---
|
||||
xmllint.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xmllint.c b/xmllint.c
|
||||
index 398670b..3f4bfb2 100644
|
||||
--- a/xmllint.c
|
||||
+++ b/xmllint.c
|
||||
@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
|
||||
len = strlen(buffer);
|
||||
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
|
||||
cur = input->cur;
|
||||
- while ((*cur == '\n') || (*cur == '\r'))
|
||||
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
|
||||
cur--;
|
||||
n = 0;
|
||||
while ((cur != base) && (n++ < 80)) {
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Sat, 6 Jul 2024 01:03:46 +0200
|
||||
Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code
|
||||
|
||||
Some users set an entity's children manually in the getEntity SAX
|
||||
callback to restrict entity expansion. This stopped working after
|
||||
renaming the "checked" member of xmlEntity, making at least one
|
||||
downstream project and its dependants susceptible to XXE attacks.
|
||||
|
||||
See #761.
|
||||
---
|
||||
parser.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index 4feb21a28..8fe0a064d 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
||||
return;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Some users try to parse entities on their own and used to set
|
||||
+ * the renamed "checked" member. Fix the flags to cover this
|
||||
+ * case.
|
||||
+ */
|
||||
+ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL))
|
||||
+ ent->flags |= XML_ENT_PARSED;
|
||||
+
|
||||
/*
|
||||
* The first reference to the entity trigger a parsing phase
|
||||
* where the ent->children is filled with the result from
|
||||
--
|
||||
GitLab
|
||||
|
||||
Binary file not shown.
BIN
libxml2-2.11.9.tar.xz
Normal file
BIN
libxml2-2.11.9.tar.xz
Normal file
Binary file not shown.
26
libxml2.spec
26
libxml2.spec
@ -1,7 +1,7 @@
|
||||
Summary: Library providing XML and HTML support
|
||||
Name: libxml2
|
||||
Version: 2.11.5
|
||||
Release: 4
|
||||
Version: 2.11.9
|
||||
Release: 1
|
||||
License: MIT
|
||||
Group: Development/Libraries
|
||||
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
|
||||
@ -10,11 +10,7 @@ Patch0: libxml2-multilib.patch
|
||||
Patch1: backport-CVE-2023-45322.patch
|
||||
Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch
|
||||
Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch
|
||||
Patch4: backport-CVE-2024-25062.patch
|
||||
Patch5: backport-CVE-2024-34459.patch
|
||||
Patch6: backport-CVE-2024-40896.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig
|
||||
@ -106,21 +102,12 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libxml2-python-%{version}/*
|
||||
gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
|
||||
|
||||
%check
|
||||
make runtests
|
||||
%make_build runtests
|
||||
|
||||
(cd doc/examples ; make clean ; rm -rf .deps Makefile)
|
||||
|
||||
%clean
|
||||
rm -fr %{buildroot}
|
||||
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-, root, root)
|
||||
|
||||
%doc %{_datadir}/doc/libxml2
|
||||
|
||||
%{_libdir}/lib*.so.*
|
||||
@ -128,8 +115,6 @@ rm -fr %{buildroot}
|
||||
%{_bindir}/xmlcatalog
|
||||
|
||||
%files devel
|
||||
%defattr(-, root, root)
|
||||
|
||||
%doc NEWS README.md Copyright
|
||||
%doc doc/tutorial doc/libxml2-api.xml.gz
|
||||
%doc doc/examples
|
||||
@ -149,8 +134,6 @@ rm -fr %{buildroot}
|
||||
%{_libdir}/*.a
|
||||
|
||||
%files -n python3-%{name}
|
||||
%defattr(-, root, root)
|
||||
|
||||
%{python3_sitearch}/libxml2mod.so
|
||||
%{python3_sitelib}/*.py
|
||||
%{python3_sitelib}/__pycache__/*.pyc
|
||||
@ -164,6 +147,9 @@ rm -fr %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 30 2024 Funda Wang <fundawang@yeah.net> - 2.11.9-1
|
||||
- update to 2.11.9
|
||||
|
||||
* Mon Jul 29 2024 Funda Wang <fundawang@yeah.net> - 2.11.5-4
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-40896
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user