import libxml2-2.9.7-8.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:45:16 -05:00 committed by Andrew Lukoshko
parent 7280c109a3
commit 99eafa2082
4 changed files with 110 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 20 Aug 2019 16:33:06 +0800
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.
Found with libFuzzer.
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
xmlschemas.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/xmlschemas.c b/xmlschemas.c
index 301c8449..39d92182 100644
--- a/xmlschemas.c
+++ b/xmlschemas.c
@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
vctxt->nberrors = 0;
vctxt->depth = -1;
vctxt->skipDepth = -1;
- vctxt->xsiAssemble = 0;
vctxt->hasKeyrefs = 0;
#ifdef ENABLE_IDC_NODE_TABLES_TEST
vctxt->createIDCNodeTables = 1;
--
2.24.1

View File

@ -0,0 +1,32 @@
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
return NULL which cause a infinite loop in xmlStringLenDecodeEntities
Found with libFuzzer.
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
parser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index d1c31963..a34bb6cd 100644
--- a/parser.c
+++ b/parser.c
@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
else
c = 0;
while ((c != 0) && (c != end) && /* non input consuming loop */
- (c != end2) && (c != end3)) {
+ (c != end2) && (c != end3) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
if (c == 0) break;
if ((c == '&') && (str[1] == '#')) {
--
2.24.1

View File

@ -0,0 +1,33 @@
From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Wed, 7 Aug 2019 17:39:17 +0800
Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
NULL and free newDoc will cause a memory leak.
Found with libFuzzer.
Closes #82.
---
parser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index 1ce1ccf1..26d9f4e3 100644
--- a/parser.c
+++ b/parser.c
@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
xmlFreeParserCtxt(ctxt);
newDoc->intSubset = NULL;
newDoc->extSubset = NULL;
- newDoc->oldNs = NULL;
+ if(doc != NULL)
+ newDoc->oldNs = NULL;
xmlFreeDoc(newDoc);
return(ret);
--
2.24.1

View File

@ -7,7 +7,7 @@
Name: libxml2 Name: libxml2
Version: 2.9.7 Version: 2.9.7
Release: 7%{?dist} Release: 8%{?dist}
Summary: Library providing XML and HTML support Summary: Library providing XML and HTML support
License: MIT License: MIT
@ -28,6 +28,12 @@ Patch4: libxml2-python3-unicode-errors.patch
Patch5: libxml2-CVE-2018-9251.patch Patch5: libxml2-CVE-2018-9251.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1595989 # https://bugzilla.redhat.com/show_bug.cgi?id=1595989
Patch6: libxml2-CVE-2018-14404.patch Patch6: libxml2-CVE-2018-14404.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1793001
Patch7: libxml2-CVE-2019-19956.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1799786
Patch8: libxml2-2.9.7-CVE-2020-7595.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1810058
Patch9: libxml2-2.9.7-CVE-2019-20388.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: cmake-rpm-macros BuildRequires: cmake-rpm-macros
@ -199,6 +205,11 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
%{python3_sitearch}/libxml2mod.so %{python3_sitearch}/libxml2mod.so
%changelog %changelog
* Mon Jan 20 2020 David King <dking@redhat.com> - 2.9.7-8
- Fix CVE-2019-19956 (#1793001)
- Fix CVE-2020-7595 (#1799786)
- Fix CVE-2019-20388 (#1810058)
* Thu Oct 24 2019 David King <dking@redhat.com> - 2.9.7-7 * Thu Oct 24 2019 David King <dking@redhat.com> - 2.9.7-7
- Fix CVE-2018-14404 (#1595989) - Fix CVE-2018-14404 (#1595989)