packages/libxml2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

2.11.9

Browse Source
This commit is contained in:
Funda Wang 2024-07-30 15:45:08 +08:00
parent 4508765510
commit 4d4420d07a
6 changed files with 6 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2024-25062.patch
View File

@ -1,29 +0,0 @@
From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 14 Oct 2023 22:45:54 +0200
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
backtracking
Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.
Fixes #604.
---
xmlreader.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xmlreader.c b/xmlreader.c
index 979385a13..fefd68e0b 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1443,6 +1443,7 @@ node_found:
* Handle XInclude if asked for
*/
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
(reader->node != NULL) &&
(reader->node->type == XML_ELEMENT_NODE) &&
(reader->node->ns != NULL) &&
--
GitLab

26
backport-CVE-2024-34459.patch
View File

@ -1,26 +0,0 @@
From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 17 May 2024 08:50:50 +0800
Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
Add a missing bounds check.
---
xmllint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xmllint.c b/xmllint.c
index 398670b..3f4bfb2 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
len = strlen(buffer);
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
cur = input->cur;
- while ((*cur == '\n') || (*cur == '\r'))
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
cur--;
n = 0;
while ((cur != base) && (n++ < 80)) {
--
2.33.0

37
backport-CVE-2024-40896.patch
View File

@ -1,37 +0,0 @@
From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 6 Jul 2024 01:03:46 +0200
Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code
Some users set an entity's children manually in the getEntity SAX
callback to restrict entity expansion. This stopped working after
renaming the "checked" member of xmlEntity, making at least one
downstream project and its dependants susceptible to XXE attacks.
See #761.
---
parser.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/parser.c b/parser.c
index 4feb21a28..8fe0a064d 100644
--- a/parser.c
+++ b/parser.c
@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
return;
}
+ /*
+ * Some users try to parse entities on their own and used to set
+ * the renamed "checked" member. Fix the flags to cover this
+ * case.
+ */
+ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL))
+ ent->flags |= XML_ENT_PARSED;
+
/*
* The first reference to the entity trigger a parsing phase
* where the ent->children is filled with the result from
--
GitLab

BIN
libxml2-2.11.5.tar.xz
View File

Binary file not shown.

BIN
libxml2-2.11.9.tar.xz Normal file
View File

Binary file not shown.

26
libxml2.spec
View File

@ -1,7 +1,7 @@
Summary: Library providing XML and HTML support Summary: Library providing XML and HTML support
Name: libxml2 Name: libxml2
Version: 2.11.5 Version: 2.11.9
Release: 4 Release: 1
License: MIT License: MIT
Group: Development/Libraries Group: Development/Libraries
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
@ -10,11 +10,7 @@ Patch0: libxml2-multilib.patch
Patch1: backport-CVE-2023-45322.patch Patch1: backport-CVE-2023-45322.patch
Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch
Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch
Patch4: backport-CVE-2024-25062.patch
Patch5: backport-CVE-2024-34459.patch
Patch6: backport-CVE-2024-40896.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -106,21 +102,12 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libxml2-python-%{version}/*
gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
%check %check
make runtests %make_build runtests
(cd doc/examples ; make clean ; rm -rf .deps Makefile) (cd doc/examples ; make clean ; rm -rf .deps Makefile)
%clean
rm -fr %{buildroot}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files %files
%defattr(-, root, root)
%doc %{_datadir}/doc/libxml2 %doc %{_datadir}/doc/libxml2
%{_libdir}/lib*.so.* %{_libdir}/lib*.so.*
@ -128,8 +115,6 @@ rm -fr %{buildroot}
%{_bindir}/xmlcatalog %{_bindir}/xmlcatalog
%files devel %files devel
%defattr(-, root, root)
%doc NEWS README.md Copyright %doc NEWS README.md Copyright
%doc doc/tutorial doc/libxml2-api.xml.gz %doc doc/tutorial doc/libxml2-api.xml.gz
%doc doc/examples %doc doc/examples
@ -149,8 +134,6 @@ rm -fr %{buildroot}
%{_libdir}/*.a %{_libdir}/*.a
%files -n python3-%{name} %files -n python3-%{name}
%defattr(-, root, root)
%{python3_sitearch}/libxml2mod.so %{python3_sitearch}/libxml2mod.so
%{python3_sitelib}/*.py %{python3_sitelib}/*.py
%{python3_sitelib}/__pycache__/*.pyc %{python3_sitelib}/__pycache__/*.pyc
@ -164,6 +147,9 @@ rm -fr %{buildroot}
%changelog %changelog
* Tue Jul 30 2024 Funda Wang <fundawang@yeah.net> - 2.11.9-1
- update to 2.11.9
* Mon Jul 29 2024 Funda Wang <fundawang@yeah.net> - 2.11.5-4 * Mon Jul 29 2024 Funda Wang <fundawang@yeah.net> - 2.11.5-4
- Type:CVE - Type:CVE
- CVE:CVE-2024-40896 - CVE:CVE-2024-40896