Compare commits
No commits in common. "c6543ec3d24b8b47ffe502c0b6558f2e7a638ef8" and "a5b4b3b3550eda36736f7de64140768b8a481ca6" have entirely different histories.
c6543ec3d2
...
a5b4b3b355
@ -1,25 +0,0 @@
|
||||
From 5930fe01963136ab92125feec0c6204d9c9225dc Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Mon, 18 Jul 2022 20:59:45 +0200
|
||||
Subject: [PATCH] Reset nsNr in xmlCtxtReset
|
||||
|
||||
---
|
||||
parser.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index d278638d..e660b0a7 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
|
||||
ctxt->nameNr = 0;
|
||||
ctxt->name = NULL;
|
||||
|
||||
+ ctxt->nsNr = 0;
|
||||
+
|
||||
DICT_FREE(ctxt->version);
|
||||
ctxt->version = NULL;
|
||||
DICT_FREE(ctxt->encoding);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
From 5a19e21605398cef6a8b1452477a8705cb41562b Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Wed, 2 Nov 2022 16:13:27 +0100
|
||||
Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode
|
||||
|
||||
Found with libFuzzer, see #344.
|
||||
---
|
||||
xinclude.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xinclude.c b/xinclude.c
|
||||
index b9a79d7..67926ec 100644
|
||||
--- a/xinclude.c
|
||||
+++ b/xinclude.c
|
||||
@@ -614,14 +614,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) {
|
||||
}
|
||||
URL = xmlSaveUri(uri);
|
||||
xmlFreeURI(uri);
|
||||
- xmlFree(URI);
|
||||
if (URL == NULL) {
|
||||
xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI,
|
||||
"invalid value URI %s\n", URI);
|
||||
if (fragment != NULL)
|
||||
xmlFree(fragment);
|
||||
+ xmlFree(URI);
|
||||
return(-1);
|
||||
}
|
||||
+ xmlFree(URI);
|
||||
|
||||
/*
|
||||
* If local and xml then we need a fragment
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Sat, 14 Oct 2023 22:45:54 +0200
|
||||
Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
|
||||
backtracking
|
||||
|
||||
Fixes a use-after-free if XML Reader if used with DTD validation and
|
||||
XInclude expansion.
|
||||
|
||||
Fixes #604.
|
||||
---
|
||||
xmlreader.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/xmlreader.c b/xmlreader.c
|
||||
index 979385a13..fefd68e0b 100644
|
||||
--- a/xmlreader.c
|
||||
+++ b/xmlreader.c
|
||||
@@ -1443,6 +1443,7 @@ node_found:
|
||||
* Handle XInclude if asked for
|
||||
*/
|
||||
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
|
||||
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
|
||||
(reader->node != NULL) &&
|
||||
(reader->node->type == XML_ELEMENT_NODE) &&
|
||||
(reader->node->ns != NULL) &&
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Tue, 14 May 2024 08:50:50 +0800
|
||||
Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
|
||||
|
||||
Add a missing bounds check.
|
||||
---
|
||||
xmllint.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xmllint.c b/xmllint.c
|
||||
index 72839b5..739ac47 100644
|
||||
--- a/xmllint.c
|
||||
+++ b/xmllint.c
|
||||
@@ -595,7 +595,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
|
||||
len = strlen(buffer);
|
||||
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
|
||||
cur = input->cur;
|
||||
- while ((*cur == '\n') || (*cur == '\r'))
|
||||
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
|
||||
cur--;
|
||||
n = 0;
|
||||
while ((cur != base) && (n++ < 80)) {
|
||||
--
|
||||
2.33.0
|
||||
|
||||
32
libxml2.spec
32
libxml2.spec
@ -1,7 +1,7 @@
|
||||
Summary: Library providing XML and HTML support
|
||||
Name: libxml2
|
||||
Version: 2.9.10
|
||||
Release: 42
|
||||
Release: 38
|
||||
License: MIT
|
||||
Group: Development/Libraries
|
||||
Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
|
||||
@ -134,10 +134,6 @@ Patch121:backport-Fix-old-SAX1-parser-with-custom-callbacks.patch
|
||||
Patch122:backport-Always-initialize-SAX1-element-handlers.patch
|
||||
Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch
|
||||
Patch124:backport-CVE-2023-45322.patch
|
||||
Patch125:backport-CVE-2024-25062.patch
|
||||
Patch126:backport-CVE-2022-2309.patch
|
||||
Patch127:backport-CVE-2024-34459.patch
|
||||
Patch128:backport-CVE-2022-49043-malloc-fail-Fix-use-after-free-in-xmlXIncludeAddNode.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires: python2-devel
|
||||
@ -329,31 +325,7 @@ rm -fr %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Feb 11 2025 Linux_zhang <zhangruifang@h-partners.com> - 2.9.10-42
|
||||
- Type:CVE
|
||||
- CVE:CVE-2022-49043
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-49043
|
||||
|
||||
* Tue May 14 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.9.10-41
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-34459
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-34459
|
||||
|
||||
* Tue Mar 26 2024 zhuofeng <zhuofeng2@huawei.com> - 2.9.10-40
|
||||
- Type:CVE
|
||||
- CVE:CVE-2022-2309
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-2309
|
||||
|
||||
* Mon Feb 19 2024 hehuazhen <hehuazhen@huawei.com> - 2.9.10-39
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-25062
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-25062
|
||||
|
||||
* Mon Oct 16 2023 hehuazhen <hehuazhen@huawei.com> - 2.9.10-38
|
||||
* Mon Oct 16 hehuazhen <hehuazhen@huawei.com> - 2.9.10-38
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-45322
|
||||
- SUG:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user