diff --git a/backport-CVE-2024-25062.patch b/backport-CVE-2024-25062.patch deleted file mode 100644 index 88e3e35..0000000 --- a/backport-CVE-2024-25062.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sat, 14 Oct 2023 22:45:54 +0200 -Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when - backtracking - -Fixes a use-after-free if XML Reader if used with DTD validation and -XInclude expansion. - -Fixes #604. ---- - xmlreader.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/xmlreader.c b/xmlreader.c -index 979385a13..fefd68e0b 100644 ---- a/xmlreader.c -+++ b/xmlreader.c -@@ -1443,6 +1443,7 @@ node_found: - * Handle XInclude if asked for - */ - if ((reader->xinclude) && (reader->in_xinclude == 0) && -+ (reader->state != XML_TEXTREADER_BACKTRACK) && - (reader->node != NULL) && - (reader->node->type == XML_ELEMENT_NODE) && - (reader->node->ns != NULL) && --- -GitLab - diff --git a/backport-CVE-2024-34459.patch b/backport-CVE-2024-34459.patch deleted file mode 100644 index bed5dcd..0000000 --- a/backport-CVE-2024-34459.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Fri, 17 May 2024 08:50:50 +0800 -Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` - -Add a missing bounds check. ---- - xmllint.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xmllint.c b/xmllint.c -index 398670b..3f4bfb2 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { - len = strlen(buffer); - snprintf(&buffer[len], sizeof(buffer) - len, "\n"); - cur = input->cur; -- while ((*cur == '\n') || (*cur == '\r')) -+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) - cur--; - n = 0; - while ((cur != base) && (n++ < 80)) { --- -2.33.0 - diff --git a/backport-CVE-2024-40896.patch b/backport-CVE-2024-40896.patch deleted file mode 100644 index 9fddd1e..0000000 --- a/backport-CVE-2024-40896.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Sat, 6 Jul 2024 01:03:46 +0200 -Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code - -Some users set an entity's children manually in the getEntity SAX -callback to restrict entity expansion. This stopped working after -renaming the "checked" member of xmlEntity, making at least one -downstream project and its dependants susceptible to XXE attacks. - -See #761. ---- - parser.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/parser.c b/parser.c -index 4feb21a28..8fe0a064d 100644 ---- a/parser.c -+++ b/parser.c -@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - return; - } - -+ /* -+ * Some users try to parse entities on their own and used to set -+ * the renamed "checked" member. Fix the flags to cover this -+ * case. -+ */ -+ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL)) -+ ent->flags |= XML_ENT_PARSED; -+ - /* - * The first reference to the entity trigger a parsing phase - * where the ent->children is filled with the result from --- -GitLab - diff --git a/libxml2-2.11.5.tar.xz b/libxml2-2.11.5.tar.xz deleted file mode 100644 index 578d7a0..0000000 Binary files a/libxml2-2.11.5.tar.xz and /dev/null differ diff --git a/libxml2-2.11.9.tar.xz b/libxml2-2.11.9.tar.xz new file mode 100644 index 0000000..669db75 Binary files /dev/null and b/libxml2-2.11.9.tar.xz differ diff --git a/libxml2.spec b/libxml2.spec index 4937c27..eb33712 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 -Version: 2.11.5 -Release: 4 +Version: 2.11.9 +Release: 1 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz @@ -10,11 +10,7 @@ Patch0: libxml2-multilib.patch Patch1: backport-CVE-2023-45322.patch Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch -Patch4: backport-CVE-2024-25062.patch -Patch5: backport-CVE-2024-34459.patch -Patch6: backport-CVE-2024-40896.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel BuildRequires: zlib-devel BuildRequires: pkgconfig @@ -106,21 +102,12 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libxml2-python-%{version}/* gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %check -make runtests +%make_build runtests (cd doc/examples ; make clean ; rm -rf .deps Makefile) -%clean -rm -fr %{buildroot} - - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig %files -%defattr(-, root, root) - %doc %{_datadir}/doc/libxml2 %{_libdir}/lib*.so.* @@ -128,8 +115,6 @@ rm -fr %{buildroot} %{_bindir}/xmlcatalog %files devel -%defattr(-, root, root) - %doc NEWS README.md Copyright %doc doc/tutorial doc/libxml2-api.xml.gz %doc doc/examples @@ -149,8 +134,6 @@ rm -fr %{buildroot} %{_libdir}/*.a %files -n python3-%{name} -%defattr(-, root, root) - %{python3_sitearch}/libxml2mod.so %{python3_sitelib}/*.py %{python3_sitelib}/__pycache__/*.pyc @@ -164,6 +147,9 @@ rm -fr %{buildroot} %changelog +* Tue Jul 30 2024 Funda Wang - 2.11.9-1 +- update to 2.11.9 + * Mon Jul 29 2024 Funda Wang - 2.11.5-4 - Type:CVE - CVE:CVE-2024-40896