diff --git a/libxml2-2.7.7-xpath-double-free.patch b/libxml2-2.7.7-xpath-double-free.patch new file mode 100644 index 0000000..c5dbbee --- /dev/null +++ b/libxml2-2.7.7-xpath-double-free.patch @@ -0,0 +1,22 @@ +--- a/xpath.c ++++ a/xpath.c +@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { + xmlXPathObjectPtr tmp; +- /* pop the result */ ++ /* pop the result if any */ + tmp = valuePop(ctxt); +- xmlXPathReleaseObject(xpctxt, tmp); +- /* then pop off contextObj, which will be freed later */ +- valuePop(ctxt); ++ if (tmp != contextObj) { ++ /* ++ * Free up the result ++ * then pop off contextObj, which will be freed later ++ */ ++ xmlXPathReleaseObject(xpctxt, tmp); ++ valuePop(ctxt); ++ } + goto evaluation_error; + } diff --git a/libxml2.spec b/libxml2.spec index 48d1c13..03b8a84 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.7.8 -Release: 5%{?dist}%{?extra_release} +Release: 6%{?dist}%{?extra_release} License: MIT Group: Development/Libraries Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz @@ -10,6 +10,7 @@ BuildRequires: python python-devel zlib-devel pkgconfig URL: http://xmlsoft.org/ Patch0: libxml2-multilib.patch Patch1: libxml2-2.7.8-reactivate-versionning-script.patch +Patch2: libxml2-2.7.7-xpath-double-free.patch %description This library allows to manipulate XML files. It includes support @@ -69,6 +70,7 @@ at parse time or later once the document has been modified. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure @@ -143,6 +145,9 @@ rm -fr %{buildroot} %doc doc/python.html %changelog +* Fri Mar 4 2011 Daniel Veillard - 2.7.8-6 +- fix a double free in XPath CVE-2010-4494 bug 665965 + * Tue Feb 08 2011 Fedora Release Engineering - 2.7.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild