import libxml2-2.9.7-8.el8
This commit is contained in:
parent
7280c109a3
commit
99eafa2082
33
SOURCES/libxml2-2.9.7-CVE-2019-20388.patch
Normal file
33
SOURCES/libxml2-2.9.7-CVE-2019-20388.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
Date: Tue, 20 Aug 2019 16:33:06 +0800
|
||||||
|
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
|
||||||
|
|
||||||
|
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
|
||||||
|
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
|
||||||
|
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
|
||||||
|
vctxt->xsiAssemble to 0 again which cause the alloced schema
|
||||||
|
can not be freed anymore.
|
||||||
|
|
||||||
|
Found with libFuzzer.
|
||||||
|
|
||||||
|
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
---
|
||||||
|
xmlschemas.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/xmlschemas.c b/xmlschemas.c
|
||||||
|
index 301c8449..39d92182 100644
|
||||||
|
--- a/xmlschemas.c
|
||||||
|
+++ b/xmlschemas.c
|
||||||
|
@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
|
||||||
|
vctxt->nberrors = 0;
|
||||||
|
vctxt->depth = -1;
|
||||||
|
vctxt->skipDepth = -1;
|
||||||
|
- vctxt->xsiAssemble = 0;
|
||||||
|
vctxt->hasKeyrefs = 0;
|
||||||
|
#ifdef ENABLE_IDC_NODE_TABLES_TEST
|
||||||
|
vctxt->createIDCNodeTables = 1;
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
32
SOURCES/libxml2-2.9.7-CVE-2020-7595.patch
Normal file
32
SOURCES/libxml2-2.9.7-CVE-2020-7595.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
Date: Thu, 12 Dec 2019 17:30:55 +0800
|
||||||
|
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
|
||||||
|
|
||||||
|
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
|
||||||
|
return NULL which cause a infinite loop in xmlStringLenDecodeEntities
|
||||||
|
|
||||||
|
Found with libFuzzer.
|
||||||
|
|
||||||
|
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
---
|
||||||
|
parser.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/parser.c b/parser.c
|
||||||
|
index d1c31963..a34bb6cd 100644
|
||||||
|
--- a/parser.c
|
||||||
|
+++ b/parser.c
|
||||||
|
@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
|
||||||
|
else
|
||||||
|
c = 0;
|
||||||
|
while ((c != 0) && (c != end) && /* non input consuming loop */
|
||||||
|
- (c != end2) && (c != end3)) {
|
||||||
|
+ (c != end2) && (c != end3) &&
|
||||||
|
+ (ctxt->instate != XML_PARSER_EOF)) {
|
||||||
|
|
||||||
|
if (c == 0) break;
|
||||||
|
if ((c == '&') && (str[1] == '#')) {
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
33
SOURCES/libxml2-CVE-2019-19956.patch
Normal file
33
SOURCES/libxml2-CVE-2019-19956.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zhipeng Xie <xiezhipeng1@huawei.com>
|
||||||
|
Date: Wed, 7 Aug 2019 17:39:17 +0800
|
||||||
|
Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
|
||||||
|
|
||||||
|
When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
|
||||||
|
is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
|
||||||
|
NULL and free newDoc will cause a memory leak.
|
||||||
|
|
||||||
|
Found with libFuzzer.
|
||||||
|
|
||||||
|
Closes #82.
|
||||||
|
---
|
||||||
|
parser.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/parser.c b/parser.c
|
||||||
|
index 1ce1ccf1..26d9f4e3 100644
|
||||||
|
--- a/parser.c
|
||||||
|
+++ b/parser.c
|
||||||
|
@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
newDoc->intSubset = NULL;
|
||||||
|
newDoc->extSubset = NULL;
|
||||||
|
- newDoc->oldNs = NULL;
|
||||||
|
+ if(doc != NULL)
|
||||||
|
+ newDoc->oldNs = NULL;
|
||||||
|
xmlFreeDoc(newDoc);
|
||||||
|
|
||||||
|
return(ret);
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
Name: libxml2
|
Name: libxml2
|
||||||
Version: 2.9.7
|
Version: 2.9.7
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: Library providing XML and HTML support
|
Summary: Library providing XML and HTML support
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -28,6 +28,12 @@ Patch4: libxml2-python3-unicode-errors.patch
|
|||||||
Patch5: libxml2-CVE-2018-9251.patch
|
Patch5: libxml2-CVE-2018-9251.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1595989
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1595989
|
||||||
Patch6: libxml2-CVE-2018-14404.patch
|
Patch6: libxml2-CVE-2018-14404.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1793001
|
||||||
|
Patch7: libxml2-CVE-2019-19956.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1799786
|
||||||
|
Patch8: libxml2-2.9.7-CVE-2020-7595.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1810058
|
||||||
|
Patch9: libxml2-2.9.7-CVE-2019-20388.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: cmake-rpm-macros
|
BuildRequires: cmake-rpm-macros
|
||||||
@ -199,6 +205,11 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
|
|||||||
%{python3_sitearch}/libxml2mod.so
|
%{python3_sitearch}/libxml2mod.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 20 2020 David King <dking@redhat.com> - 2.9.7-8
|
||||||
|
- Fix CVE-2019-19956 (#1793001)
|
||||||
|
- Fix CVE-2020-7595 (#1799786)
|
||||||
|
- Fix CVE-2019-20388 (#1810058)
|
||||||
|
|
||||||
* Thu Oct 24 2019 David King <dking@redhat.com> - 2.9.7-7
|
* Thu Oct 24 2019 David King <dking@redhat.com> - 2.9.7-7
|
||||||
- Fix CVE-2018-14404 (#1595989)
|
- Fix CVE-2018-14404 (#1595989)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user