Fix CVE-2017-10672
This commit is contained in:
Petr Písař
parent
57c60f31f6
commit
8874c00a80
77
XML-LibXML-2.0129-CVE-2017-10672.patch
Normal file
77
XML-LibXML-2.0129-CVE-2017-10672.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
diff -urN XML-LibXML-2.0129.orig/LibXML.xs XML-LibXML-2.0129/LibXML.xs
|
||||||
|
--- XML-LibXML-2.0129.orig/LibXML.xs 2016-06-24 18:01:53.000000000 +0200
|
||||||
|
+++ XML-LibXML-2.0129/LibXML.xs 2017-07-13 12:41:48.000000000 +0200
|
||||||
|
@@ -4829,38 +4829,42 @@
|
||||||
|
PREINIT:
|
||||||
|
xmlNodePtr ret = NULL;
|
||||||
|
CODE:
|
||||||
|
- if ( self->type == XML_DOCUMENT_NODE ) {
|
||||||
|
- switch ( nNode->type ) {
|
||||||
|
- case XML_ELEMENT_NODE:
|
||||||
|
- warn("replaceChild with an element on a document node not supported yet!");
|
||||||
|
- XSRETURN_UNDEF;
|
||||||
|
- break;
|
||||||
|
- case XML_DOCUMENT_FRAG_NODE:
|
||||||
|
- warn("replaceChild with a document fragment node on a document node not supported yet!");
|
||||||
|
- XSRETURN_UNDEF;
|
||||||
|
- break;
|
||||||
|
- case XML_TEXT_NODE:
|
||||||
|
- case XML_CDATA_SECTION_NODE:
|
||||||
|
- warn("replaceChild with a text node not supported on a document node!");
|
||||||
|
- XSRETURN_UNDEF;
|
||||||
|
- break;
|
||||||
|
- default:
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- ret = domReplaceChild( self, nNode, oNode );
|
||||||
|
- if (ret == NULL) {
|
||||||
|
- XSRETURN_UNDEF;
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- LibXML_reparent_removed_node(ret);
|
||||||
|
- RETVAL = PmmNodeToSv(ret, PmmOWNERPO(PmmPROXYNODE(ret)));
|
||||||
|
- if (nNode->type == XML_DTD_NODE) {
|
||||||
|
- LibXML_set_int_subset(nNode->doc, nNode);
|
||||||
|
+ if( nNode == oNode ) {
|
||||||
|
+ RETVAL = nNode;
|
||||||
|
+ }else{
|
||||||
|
+ if ( self->type == XML_DOCUMENT_NODE ) {
|
||||||
|
+ switch ( nNode->type ) {
|
||||||
|
+ case XML_ELEMENT_NODE:
|
||||||
|
+ warn("replaceChild with an element on a document node not supported yet!");
|
||||||
|
+ XSRETURN_UNDEF;
|
||||||
|
+ break;
|
||||||
|
+ case XML_DOCUMENT_FRAG_NODE:
|
||||||
|
+ warn("replaceChild with a document fragment node on a document node not supported yet!");
|
||||||
|
+ XSRETURN_UNDEF;
|
||||||
|
+ break;
|
||||||
|
+ case XML_TEXT_NODE:
|
||||||
|
+ case XML_CDATA_SECTION_NODE:
|
||||||
|
+ warn("replaceChild with a text node not supported on a document node!");
|
||||||
|
+ XSRETURN_UNDEF;
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
- if ( nNode->_private != NULL ) {
|
||||||
|
- PmmFixOwner( PmmPROXYNODE(nNode),
|
||||||
|
- PmmOWNERPO(PmmPROXYNODE(self)) );
|
||||||
|
+ ret = domReplaceChild( self, nNode, oNode );
|
||||||
|
+ if (ret == NULL) {
|
||||||
|
+ XSRETURN_UNDEF;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ LibXML_reparent_removed_node(ret);
|
||||||
|
+ RETVAL = PmmNodeToSv(ret, PmmOWNERPO(PmmPROXYNODE(ret)));
|
||||||
|
+ if (nNode->type == XML_DTD_NODE) {
|
||||||
|
+ LibXML_set_int_subset(nNode->doc, nNode);
|
||||||
|
+ }
|
||||||
|
+ if ( nNode->_private != NULL ) {
|
||||||
|
+ PmmFixOwner( PmmPROXYNODE(nNode),
|
||||||
|
+ PmmOWNERPO(PmmPROXYNODE(self)) );
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
OUTPUT:
|
||||||
@ -8,13 +8,16 @@ Name: perl-XML-LibXML
|
|||||||
# it might not be needed anymore
|
# it might not be needed anymore
|
||||||
# this module is maintained, the other is not
|
# this module is maintained, the other is not
|
||||||
Version: 2.0129
|
Version: 2.0129
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: Perl interface to the libxml2 library
|
Summary: Perl interface to the libxml2 library
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
License: (GPL+ or Artistic) and MIT
|
License: (GPL+ or Artistic) and MIT
|
||||||
URL: http://search.cpan.org/dist/XML-LibXML/
|
URL: http://search.cpan.org/dist/XML-LibXML/
|
||||||
Source0: http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-%{version}.tar.gz
|
Source0: http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-%{version}.tar.gz
|
||||||
|
# Fix CVE-2017-10672 (use-after-free by controlling the arguments to
|
||||||
|
# a replaceChild call), bug #1470205
|
||||||
|
Patch0: XML-LibXML-2.0129-CVE-2017-10672.patch
|
||||||
BuildRequires: coreutils
|
BuildRequires: coreutils
|
||||||
BuildRequires: findutils
|
BuildRequires: findutils
|
||||||
BuildRequires: glibc-common
|
BuildRequires: glibc-common
|
||||||
@ -93,6 +96,7 @@ validating XML parser and the high performance DOM implementation.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n XML-LibXML-%{version}
|
%setup -q -n XML-LibXML-%{version}
|
||||||
|
%patch0 -p1
|
||||||
chmod -x *.c
|
chmod -x *.c
|
||||||
for i in Changes; do
|
for i in Changes; do
|
||||||
/usr/bin/iconv -f iso8859-1 -t utf-8 $i > $i.conv && /bin/mv -f $i.conv $i
|
/usr/bin/iconv -f iso8859-1 -t utf-8 $i > $i.conv && /bin/mv -f $i.conv $i
|
||||||
@ -136,6 +140,10 @@ fi
|
|||||||
%{_mandir}/man3/*.3*
|
%{_mandir}/man3/*.3*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 17 2017 Petr Pisar <ppisar@redhat.com> - 1:2.0129-5
|
||||||
|
- Fix CVE-2017-10672 (use-after-free by controlling the arguments to
|
||||||
|
a replaceChild call) (bug #1470205)
|
||||||
|
|
||||||
* Fri Jul 14 2017 Petr Pisar <ppisar@redhat.com> - 1:2.0129-4
|
* Fri Jul 14 2017 Petr Pisar <ppisar@redhat.com> - 1:2.0129-4
|
||||||
- Rename perl dependency in scriptlets
|
- Rename perl dependency in scriptlets
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user