import UBI libxml2-2.9.7-19.el8_10
This commit is contained in:
		
							parent
							
								
									0a50a74e1a
								
							
						
					
					
						commit
						c0b384b0f9
					
				
							
								
								
									
										41
									
								
								SOURCES/libxml2-2.9.13-CVE-2024-56171.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								SOURCES/libxml2-2.9.13-CVE-2024-56171.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,41 @@ | |||||||
|  | From 245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||||||
|  | Date: Tue, 10 Dec 2024 16:52:05 +0100 | ||||||
|  | Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after | ||||||
|  |  xmlSchemaItemListAdd | ||||||
|  | 
 | ||||||
|  | xmlSchemaItemListAdd can reallocate the items array. Update local | ||||||
|  | variables after adding item in | ||||||
|  | 
 | ||||||
|  | - xmlSchemaIDCFillNodeTables
 | ||||||
|  | - xmlSchemaBubbleIDCNodeTables
 | ||||||
|  | 
 | ||||||
|  | Fixes #828. | ||||||
|  | ---
 | ||||||
|  |  xmlschemas.c | 3 +++ | ||||||
|  |  1 file changed, 3 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/xmlschemas.c b/xmlschemas.c
 | ||||||
|  | index d276faf10..28b14bd44 100644
 | ||||||
|  | --- a/xmlschemas.c
 | ||||||
|  | +++ b/xmlschemas.c
 | ||||||
|  | @@ -23388,6 +23388,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
 | ||||||
|  |  			} | ||||||
|  |  			if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1) | ||||||
|  |  			    goto internal_error; | ||||||
|  | +                        dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
 | ||||||
|  |  			/* | ||||||
|  |  			* Remove the duplicate entry from the IDC node-table. | ||||||
|  |  			*/ | ||||||
|  | @@ -23604,6 +23605,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt)
 | ||||||
|  |  				goto internal_error; | ||||||
|  |  			} | ||||||
|  |  			xmlSchemaItemListAdd(parBind->dupls, parNode); | ||||||
|  | +		        dupls = (xmlSchemaPSVIIDCNodePtr *)
 | ||||||
|  | +                            parBind->dupls->items;
 | ||||||
|  |  		    } else { | ||||||
|  |  			/* | ||||||
|  |  			* Add the node-table entry (node and key-sequence) of | ||||||
|  | -- 
 | ||||||
|  | GitLab | ||||||
|  | 
 | ||||||
							
								
								
									
										57
									
								
								SOURCES/libxml2-2.9.13-CVE-2025-24928.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								SOURCES/libxml2-2.9.13-CVE-2025-24928.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,57 @@ | |||||||
|  | From 858ca26c0689161a6b903a6682cc8a1cc10a0ea8 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||||||
|  | Date: Tue, 11 Feb 2025 17:30:40 +0100 | ||||||
|  | Subject: [PATCH] [CVE-2025-24928] Fix stack-buffer-overflow in | ||||||
|  |  xmlSnprintfElements | ||||||
|  | 
 | ||||||
|  | Fixes #847. | ||||||
|  | ---
 | ||||||
|  |  valid.c | 25 +++++++++++++------------ | ||||||
|  |  1 file changed, 13 insertions(+), 12 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/valid.c b/valid.c
 | ||||||
|  | index 76d657d62..abefdc50a 100644
 | ||||||
|  | --- a/valid.c
 | ||||||
|  | +++ b/valid.c
 | ||||||
|  | @@ -5057,25 +5057,26 @@ xmlSnprintfElements(char *buf, int size, xmlNodePtr node, int glob) {
 | ||||||
|  |  	    return; | ||||||
|  |  	} | ||||||
|  |          switch (cur->type) { | ||||||
|  | -            case XML_ELEMENT_NODE:
 | ||||||
|  | +            case XML_ELEMENT_NODE: {
 | ||||||
|  | +                int qnameLen = xmlStrlen(cur->name);
 | ||||||
|  | +
 | ||||||
|  | +                if ((cur->ns != NULL) && (cur->ns->prefix != NULL))
 | ||||||
|  | +                    qnameLen += xmlStrlen(cur->ns->prefix) + 1;
 | ||||||
|  | +                if (size - len < qnameLen + 10) {
 | ||||||
|  | +                    if ((size - len > 4) && (buf[len - 1] != '.'))
 | ||||||
|  | +                        strcat(buf, " ...");
 | ||||||
|  | +                    return;
 | ||||||
|  | +                }
 | ||||||
|  |  		if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) { | ||||||
|  | -		    if (size - len < xmlStrlen(cur->ns->prefix) + 10) {
 | ||||||
|  | -			if ((size - len > 4) && (buf[len - 1] != '.'))
 | ||||||
|  | -			    strcat(buf, " ...");
 | ||||||
|  | -			return;
 | ||||||
|  | -		    }
 | ||||||
|  |  		    strcat(buf, (char *) cur->ns->prefix); | ||||||
|  |  		    strcat(buf, ":"); | ||||||
|  |  		} | ||||||
|  | -                if (size - len < xmlStrlen(cur->name) + 10) {
 | ||||||
|  | -		    if ((size - len > 4) && (buf[len - 1] != '.'))
 | ||||||
|  | -			strcat(buf, " ...");
 | ||||||
|  | -		    return;
 | ||||||
|  | -		}
 | ||||||
|  | -	        strcat(buf, (char *) cur->name);
 | ||||||
|  | +                if (cur->name != NULL)
 | ||||||
|  | +	            strcat(buf, (char *) cur->name);
 | ||||||
|  |  		if (cur->next != NULL) | ||||||
|  |  		    strcat(buf, " "); | ||||||
|  |  		break; | ||||||
|  | +            }
 | ||||||
|  |              case XML_TEXT_NODE: | ||||||
|  |  		if (xmlIsBlankNode(cur)) | ||||||
|  |  		    break; | ||||||
|  | -- 
 | ||||||
|  | GitLab | ||||||
|  | 
 | ||||||
| @ -7,7 +7,7 @@ | |||||||
| 
 | 
 | ||||||
| Name:           libxml2 | Name:           libxml2 | ||||||
| Version:        2.9.7 | Version:        2.9.7 | ||||||
| Release:        18%{?dist}.2 | Release:        19%{?dist} | ||||||
| Summary:        Library providing XML and HTML support | Summary:        Library providing XML and HTML support | ||||||
| 
 | 
 | ||||||
| License:        MIT | License:        MIT | ||||||
| @ -66,6 +66,10 @@ Patch24:         libxml2-2.11.0-fix-CVE-2023-39615.patch | |||||||
| Patch25:         libxml2-2.9.7-CVE-2024-25062.patch | Patch25:         libxml2-2.9.7-CVE-2024-25062.patch | ||||||
| # https://issues.redhat.com/browse/RHEL-76289 | # https://issues.redhat.com/browse/RHEL-76289 | ||||||
| Patch26:         libxml2-2.9.13-CVE-2022-49043.patch | Patch26:         libxml2-2.9.13-CVE-2022-49043.patch | ||||||
|  | # https://issues.redhat.com/browse/RHEL-80122 | ||||||
|  | Patch27:        libxml2-2.9.13-CVE-2024-56171.patch | ||||||
|  | # https://issues.redhat.com/browse/RHEL-80137 | ||||||
|  | Patch28:        libxml2-2.9.13-CVE-2025-24928.patch | ||||||
| 
 | 
 | ||||||
| BuildRequires:  gcc | BuildRequires:  gcc | ||||||
| BuildRequires:  cmake-rpm-macros | BuildRequires:  cmake-rpm-macros | ||||||
| @ -237,6 +241,10 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz | |||||||
| %{python3_sitearch}/libxml2mod.so | %{python3_sitearch}/libxml2mod.so | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Tue Mar 11 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.9.7-19 | ||||||
|  | - Fix CVE-2024-56171 (RHEL-80122) | ||||||
|  | - Fix CVE-2025-24928 (RHEL-80137) | ||||||
|  | 
 | ||||||
| * Tue Feb 11 2025 David King <dking@redhat.com> - 2.9.7.18.2 | * Tue Feb 11 2025 David King <dking@redhat.com> - 2.9.7.18.2 | ||||||
| - Fix CVE-2022-49043 (RHEL-76289) | - Fix CVE-2022-49043 (RHEL-76289) | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user