[packages/libxml2] up to 2.9.12 (fixes CVE-2021-3541)

atler atler at pld-linux.org
Fri May 14 19:00:10 CEST 2021


commit cae1140f1085b0baf508a1986c60dd5a5d76d86e
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri May 14 18:58:09 2021 +0200

    up to 2.9.12 (fixes CVE-2021-3541)

 libxml2-CVE-2019-20388.patch                       | 33 --------
 libxml2-CVE-2020-7595.patch                        | 32 --------
 ...-fix-relaxed-approach-to-nested-documents.patch | 33 --------
 libxml2-parenthesize-type-checks.patch             | 92 ----------------------
 libxml2.spec                                       | 18 +----
 5 files changed, 3 insertions(+), 205 deletions(-)
---
diff --git a/libxml2.spec b/libxml2.spec
index 60880d4..19c562c 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -15,13 +15,13 @@ Summary(es.UTF-8):	Biblioteca libXML version 2
 Summary(pl.UTF-8):	Biblioteka libXML wersja 2
 Summary(pt_BR.UTF-8):	Biblioteca libXML versão 2
 Name:		libxml2
-Version:	2.9.10
-Release:	3
+Version:	2.9.12
+Release:	1
 Epoch:		1
 License:	MIT
 Group:		Libraries
 Source0:	ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
-# Source0-md5:	10942a1dc23137a8aa07f0639cbfece5
+# Source0-md5:	f433a39be087a9f0b197eb2307ad9f75
 Patch0:		%{name}-man_fixes.patch
 Patch1:		%{name}-open.gz.patch
 Patch2:		%{name}-largefile.patch
@@ -29,14 +29,6 @@ Patch3:		%{name}-libx32.patch
 # Fedora patches
 # https://bugzilla.gnome.org/show_bug.cgi?id=789714
 Patch11:	%{name}-python3-unicode-errors.patch
-# https://gitlab.gnome.org/GNOME/libxml2/commit/0815302dee2b78139832c2080348086a0564836b.patch
-Patch12:	%{name}-fix-relaxed-approach-to-nested-documents.patch
-# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
-Patch13:	libxml2-CVE-2019-20388.patch
-# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/63
-Patch14:	libxml2-CVE-2020-7595.patch
-# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/71
-Patch15:	libxml2-parenthesize-type-checks.patch
 URL:		http://xmlsoft.org/
 BuildRequires:	autoconf >= 2.68
 BuildRequires:	automake >= 1.4
@@ -184,10 +176,6 @@ do biblioteki libxml2.
 %patch2 -p1
 %patch3 -p1
 %patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
 
 %build
 %{__libtoolize}
diff --git a/libxml2-CVE-2019-20388.patch b/libxml2-CVE-2019-20388.patch
deleted file mode 100644
index 3763354..0000000
--- a/libxml2-CVE-2019-20388.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1 at huawei.com>
-Date: Tue, 20 Aug 2019 16:33:06 +0800
-Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
-
-When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
-alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
-to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
-vctxt->xsiAssemble to 0 again which cause the alloced schema
-can not be freed anymore.
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1 at huawei.com>
----
- xmlschemas.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/xmlschemas.c b/xmlschemas.c
-index 301c8449..39d92182 100644
---- a/xmlschemas.c
-+++ b/xmlschemas.c
-@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
-     vctxt->nberrors = 0;
-     vctxt->depth = -1;
-     vctxt->skipDepth = -1;
--    vctxt->xsiAssemble = 0;
-     vctxt->hasKeyrefs = 0;
- #ifdef ENABLE_IDC_NODE_TABLES_TEST
-     vctxt->createIDCNodeTables = 1;
--- 
-2.24.1
-
diff --git a/libxml2-CVE-2020-7595.patch b/libxml2-CVE-2020-7595.patch
deleted file mode 100644
index 3dd6774..0000000
--- a/libxml2-CVE-2020-7595.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
-From: Zhipeng Xie <xiezhipeng1 at huawei.com>
-Date: Thu, 12 Dec 2019 17:30:55 +0800
-Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
-
-When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
-return NULL which cause a infinite loop in xmlStringLenDecodeEntities
-
-Found with libFuzzer.
-
-Signed-off-by: Zhipeng Xie <xiezhipeng1 at huawei.com>
----
- parser.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/parser.c b/parser.c
-index d1c31963..a34bb6cd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
-     else
-         c = 0;
-     while ((c != 0) && (c != end) && /* non input consuming loop */
--	   (c != end2) && (c != end3)) {
-+           (c != end2) && (c != end3) &&
-+           (ctxt->instate != XML_PARSER_EOF)) {
- 
- 	if (c == 0) break;
-         if ((c == '&') && (str[1] == '#')) {
--- 
-2.24.1
-
diff --git a/libxml2-fix-relaxed-approach-to-nested-documents.patch b/libxml2-fix-relaxed-approach-to-nested-documents.patch
deleted file mode 100644
index 0a63636..0000000
--- a/libxml2-fix-relaxed-approach-to-nested-documents.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0815302dee2b78139832c2080348086a0564836b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer at aevum.de>
-Date: Fri, 6 Dec 2019 12:27:29 +0100
-Subject: [PATCH] Fix freeing of nested documents
-
-Apparently, some libxslt RVTs can contain nested document nodes, see
-issue #132. I'm not sure how this happens exactly but it can cause a
-segfault in xmlFreeNodeList after the changes in commit 0762c9b6.
-
-Make sure not to touch the (nonexistent) `content` member of xmlDocs.
----
- tree.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/tree.c b/tree.c
-index 070670f1..0d7fc98c 100644
---- a/tree.c
-+++ b/tree.c
-@@ -3708,6 +3708,11 @@ xmlFreeNodeList(xmlNodePtr cur) {
- 		(cur->type != XML_XINCLUDE_START) &&
- 		(cur->type != XML_XINCLUDE_END) &&
- 		(cur->type != XML_ENTITY_REF_NODE) &&
-+		(cur->type != XML_DOCUMENT_NODE) &&
-+#ifdef LIBXML_DOCB_ENABLED
-+		(cur->type != XML_DOCB_DOCUMENT_NODE) &&
-+#endif
-+		(cur->type != XML_HTML_DOCUMENT_NODE) &&
- 		(cur->content != (xmlChar *) &(cur->properties))) {
- 		DICT_FREE(cur->content)
- 	    }
--- 
-2.22.0
-
diff --git a/libxml2-parenthesize-type-checks.patch b/libxml2-parenthesize-type-checks.patch
deleted file mode 100644
index 14f5332..0000000
--- a/libxml2-parenthesize-type-checks.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From edc7b6abb0c125eeb888748c334897f60aab0854 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro at hroncok.cz>
-Date: Fri, 28 Feb 2020 12:48:14 +0100
-Subject: [PATCH] Parenthesize Py<type>_Check() in ifs
-
-In C, if expressions should be parenthesized.
-PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized
-expression before, but that's not API to rely on.
-
-Since Python 3.9.0a4 it needs to be parenthesized explicitly.
-
-Fixes https://gitlab.gnome.org/GNOME/libxml2/issues/149
----
- python/libxml.c |  4 ++--
- python/types.c  | 12 ++++++------
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/python/libxml.c b/python/libxml.c
-index bc676c4e..81e709f3 100644
---- a/python/libxml.c
-+++ b/python/libxml.c
-@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
- 	lenread = PyBytes_Size(ret);
- 	data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (ret) {
-+    } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
-         Py_ssize_t size;
- 	const char *tmp;
-@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
- 	lenread = PyBytes_Size(ret);
- 	data = PyBytes_AsString(ret);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (ret) {
-+    } else if (PyUnicode_Check (ret)) {
- #if PY_VERSION_HEX >= 0x03030000
-         Py_ssize_t size;
- 	const char *tmp;
-diff --git a/python/types.c b/python/types.c
-index c2bafeb1..ed284ec7 100644
---- a/python/types.c
-+++ b/python/types.c
-@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
-     if (obj == NULL) {
-         return (NULL);
-     }
--    if PyFloat_Check (obj) {
-+    if (PyFloat_Check (obj)) {
-         ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj));
--    } else if PyLong_Check(obj) {
-+    } else if (PyLong_Check(obj)) {
- #ifdef PyLong_AS_LONG
-         ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj));
- #else
-         ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj));
- #endif
- #ifdef PyBool_Check
--    } else if PyBool_Check (obj) {
-+    } else if (PyBool_Check (obj)) {
- 
-         if (obj == Py_True) {
-           ret = xmlXPathNewBoolean(1);
-@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
-           ret = xmlXPathNewBoolean(0);
-         }
- #endif
--    } else if PyBytes_Check (obj) {
-+    } else if (PyBytes_Check (obj)) {
-         xmlChar *str;
- 
-         str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj),
-                          PyBytes_GET_SIZE(obj));
-         ret = xmlXPathWrapString(str);
- #ifdef PyUnicode_Check
--    } else if PyUnicode_Check (obj) {
-+    } else if (PyUnicode_Check (obj)) {
- #if PY_VERSION_HEX >= 0x03030000
-         xmlChar *str;
- 	const char *tmp;
-@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
- 	ret = xmlXPathWrapString(str);
- #endif
- #endif
--    } else if PyList_Check (obj) {
-+    } else if (PyList_Check (obj)) {
-         int i;
-         PyObject *node;
-         xmlNodePtr cur;
--- 
-2.24.1
-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libxml2.git/commitdiff/cae1140f1085b0baf508a1986c60dd5a5d76d86e



More information about the pld-cvs-commit mailing list