diff --git a/SPECS/libxml2/CVE-2023-45322.patch b/SPECS/libxml2/CVE-2023-45322.patch new file mode 100644 index 00000000000..ff8eed6d070 --- /dev/null +++ b/SPECS/libxml2/CVE-2023-45322.patch @@ -0,0 +1,74 @@ +From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 23 Aug 2023 20:24:24 +0200 +Subject: [PATCH] tree: Fix copying of DTDs + +- Don't create multiple DTD nodes. +- Fix UAF if malloc fails. +- Skip DTD nodes if tree module is disabled. + +Fixes #583. +--- + tree.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/tree.c b/tree.c +index 6c8a875b9..02c1b5791 100644 +--- a/tree.c ++++ b/tree.c +@@ -4471,29 +4471,28 @@ xmlNodePtr + xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + xmlNodePtr ret = NULL; + xmlNodePtr p = NULL,q; ++ xmlDtdPtr newSubset = NULL; + + while (node != NULL) { +-#ifdef LIBXML_TREE_ENABLED + if (node->type == XML_DTD_NODE ) { +- if (doc == NULL) { ++#ifdef LIBXML_TREE_ENABLED ++ if ((doc == NULL) || (doc->intSubset != NULL)) { + node = node->next; + continue; + } +- if (doc->intSubset == NULL) { +- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); +- if (q == NULL) goto error; +- q->doc = doc; +- q->parent = parent; +- doc->intSubset = (xmlDtdPtr) q; +- xmlAddChild(parent, q); +- } else { +- q = (xmlNodePtr) doc->intSubset; +- xmlAddChild(parent, q); +- } +- } else ++ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); ++ if (q == NULL) goto error; ++ q->doc = doc; ++ q->parent = parent; ++ newSubset = (xmlDtdPtr) q; ++#else ++ node = node->next; ++ continue; + #endif /* LIBXML_TREE_ENABLED */ ++ } else { + q = xmlStaticCopyNode(node, doc, parent, 1); +- if (q == NULL) goto error; ++ if (q == NULL) goto error; ++ } + if (ret == NULL) { + q->prev = NULL; + ret = p = q; +@@ -4505,6 +4504,8 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + } + node = node->next; + } ++ if (newSubset != NULL) ++ doc->intSubset = newSubset; + return(ret); + error: + xmlFreeNodeList(ret); +-- +GitLab + diff --git a/SPECS/libxml2/CVE-2024-34459.patch b/SPECS/libxml2/CVE-2024-34459.patch new file mode 100644 index 00000000000..456bee10e0d --- /dev/null +++ b/SPECS/libxml2/CVE-2024-34459.patch @@ -0,0 +1,26 @@ +From 8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 8 May 2024 11:49:31 +0200 +Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +Add a missing bounds check. +--- + xmllint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index 0e433b721..62f6b0273 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { + len = strlen(buffer); + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); + cur = input->cur; +- while ((*cur == '\n') || (*cur == '\r')) ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) + cur--; + n = 0; + while ((cur != base) && (n++ < 80)) { +-- +GitLab + diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec index 5e0ca582c4d..f565376601a 100644 --- a/SPECS/libxml2/libxml2.spec +++ b/SPECS/libxml2/libxml2.spec @@ -1,7 +1,7 @@ Summary: Libxml2 Name: libxml2 Version: 2.11.5 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -9,6 +9,8 @@ Group: System Environment/General Libraries URL: https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home Source0: https://gitlab.gnome.org/GNOME/%{name}/-/archive/v%{version}/%{name}-v%{version}.tar.gz Patch0: CVE-2024-40896.patch +Patch1: CVE-2023-45322.patch +Patch2: CVE-2024-34459.patch BuildRequires: python3-devel BuildRequires: python3-xml Provides: %{name}-tools = %{version}-%{release} @@ -79,6 +81,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/cmake/libxml2/libxml2-config.cmake %changelog +* Fri Jan 24 2025 Kavya Sree Kaitepalli -2.11.5-3 +- Fix CVE-2023-45322 & CVE-2024-34459 + * Thu Dec 26 2024 Muhammad Falak - 2.11.5-2 - Patch CVE-2024-40896 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index dbaf7ec8d27..61f2dbebb14 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -199,8 +199,8 @@ curl-8.8.0-3.azl3.aarch64.rpm curl-devel-8.8.0-3.azl3.aarch64.rpm curl-libs-8.8.0-3.azl3.aarch64.rpm createrepo_c-1.0.3-1.azl3.aarch64.rpm -libxml2-2.11.5-2.azl3.aarch64.rpm -libxml2-devel-2.11.5-2.azl3.aarch64.rpm +libxml2-2.11.5-3.azl3.aarch64.rpm +libxml2-devel-2.11.5-3.azl3.aarch64.rpm docbook-dtd-xml-4.5-11.azl3.noarch.rpm docbook-style-xsl-1.79.1-14.azl3.noarch.rpm libsepol-3.6-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index b795ae7d50f..c49d9d2ee01 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -199,8 +199,8 @@ curl-8.8.0-3.azl3.x86_64.rpm curl-devel-8.8.0-3.azl3.x86_64.rpm curl-libs-8.8.0-3.azl3.x86_64.rpm createrepo_c-1.0.3-1.azl3.x86_64.rpm -libxml2-2.11.5-2.azl3.x86_64.rpm -libxml2-devel-2.11.5-2.azl3.x86_64.rpm +libxml2-2.11.5-3.azl3.x86_64.rpm +libxml2-devel-2.11.5-3.azl3.x86_64.rpm docbook-dtd-xml-4.5-11.azl3.noarch.rpm docbook-style-xsl-1.79.1-14.azl3.noarch.rpm libsepol-3.6-1.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 365890717c9..f95e7edeaed 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -240,9 +240,9 @@ libtool-debuginfo-2.4.7-1.azl3.aarch64.rpm libxcrypt-4.4.36-2.azl3.aarch64.rpm libxcrypt-debuginfo-4.4.36-2.azl3.aarch64.rpm libxcrypt-devel-4.4.36-2.azl3.aarch64.rpm -libxml2-2.11.5-2.azl3.aarch64.rpm -libxml2-debuginfo-2.11.5-2.azl3.aarch64.rpm -libxml2-devel-2.11.5-2.azl3.aarch64.rpm +libxml2-2.11.5-3.azl3.aarch64.rpm +libxml2-debuginfo-2.11.5-3.azl3.aarch64.rpm +libxml2-devel-2.11.5-3.azl3.aarch64.rpm libxslt-1.1.39-1.azl3.aarch64.rpm libxslt-debuginfo-1.1.39-1.azl3.aarch64.rpm libxslt-devel-1.1.39-1.azl3.aarch64.rpm @@ -541,7 +541,7 @@ python3-gpg-1.23.2-2.azl3.aarch64.rpm python3-jinja2-3.1.2-2.azl3.noarch.rpm python3-libcap-ng-0.8.4-1.azl3.aarch64.rpm python3-libs-3.12.3-5.azl3.aarch64.rpm -python3-libxml2-2.11.5-2.azl3.aarch64.rpm +python3-libxml2-2.11.5-3.azl3.aarch64.rpm python3-lxml-4.9.3-1.azl3.aarch64.rpm python3-magic-5.45-1.azl3.noarch.rpm python3-markupsafe-2.1.3-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 31d124251da..e0dd3f453c5 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -245,9 +245,9 @@ libtasn1-debuginfo-4.19.0-1.azl3.x86_64.rpm libtasn1-devel-4.19.0-1.azl3.x86_64.rpm libtool-2.4.7-1.azl3.x86_64.rpm libtool-debuginfo-2.4.7-1.azl3.x86_64.rpm -libxml2-2.11.5-2.azl3.x86_64.rpm -libxml2-debuginfo-2.11.5-2.azl3.x86_64.rpm -libxml2-devel-2.11.5-2.azl3.x86_64.rpm +libxml2-2.11.5-3.azl3.x86_64.rpm +libxml2-debuginfo-2.11.5-3.azl3.x86_64.rpm +libxml2-devel-2.11.5-3.azl3.x86_64.rpm libxcrypt-4.4.36-2.azl3.x86_64.rpm libxcrypt-debuginfo-4.4.36-2.azl3.x86_64.rpm libxcrypt-devel-4.4.36-2.azl3.x86_64.rpm @@ -549,7 +549,7 @@ python3-gpg-1.23.2-2.azl3.x86_64.rpm python3-jinja2-3.1.2-2.azl3.noarch.rpm python3-libcap-ng-0.8.4-1.azl3.x86_64.rpm python3-libs-3.12.3-5.azl3.x86_64.rpm -python3-libxml2-2.11.5-2.azl3.x86_64.rpm +python3-libxml2-2.11.5-3.azl3.x86_64.rpm python3-lxml-4.9.3-1.azl3.x86_64.rpm python3-magic-5.45-1.azl3.noarch.rpm python3-markupsafe-2.1.3-1.azl3.x86_64.rpm