From 86ea4bd3f853aab5e3b024562f9c63362ede8dbd Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Mon, 4 Sep 2023 11:06:47 +0000 Subject: [PATCH 01/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libxml2.spec b/libxml2.spec index e893720..bd33f89 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 16%{anolis_release}%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -58,6 +58,10 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2185994 +Patch21: libxml2-2.9.7-CVE-2023-28484.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2185984 +Patch22: libxml2-2.9.7-CVE-2023-29469.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -233,6 +237,10 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 +- Fix CVE-2023-28484 (#2185994) +- Fix CVE-2023-29469 (#2185984) + * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 - Modify home page - Replace logo in html doc with anolis.gif -- Gitee From 2f808caa85a1736edec8897dc28afce517602ea3 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Mon, 4 Sep 2023 11:09:01 +0000 Subject: [PATCH 02/12] add libxml2-2.9.7-CVE-2023-28484.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-28484.patch | 73 ++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 libxml2-2.9.7-CVE-2023-28484.patch diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch new file mode 100644 index 0000000..d834f41 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -0,0 +1,73 @@ +From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:46:35 +0200 +Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType + +Fix a null pointer dereference when parsing (invalid) XML schemas. + +Thanks to Robby Simpson for the report! + +Fixes #491. +--- + result/schemas/issue491_0_0.err | 1 + + test/schemas/issue491_0.xml | 1 + + test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ + xmlschemas.c | 2 +- + 4 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 result/schemas/issue491_0_0.err + create mode 100644 test/schemas/issue491_0.xml + create mode 100644 test/schemas/issue491_0.xsd + +diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err +new file mode 100644 +index 000000000..9b2bb9691 +--- /dev/null ++++ b/result/schemas/issue491_0_0.err +@@ -0,0 +1 @@ ++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. +diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml +new file mode 100644 +index 000000000..e2b2fc2e3 +--- /dev/null ++++ b/test/schemas/issue491_0.xml +@@ -0,0 +1 @@ ++5 +diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd +new file mode 100644 +index 000000000..817026498 +--- /dev/null ++++ b/test/schemas/issue491_0.xsd +@@ -0,0 +1,18 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/xmlschemas.c b/xmlschemas.c +index 152b7c3f5..eec24a95f 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, + "allowed to appear inside other model groups", + NULL, NULL); + +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* +-- +GitLab \ No newline at end of file -- Gitee From 26bb9ecd3e327770202794d917fc28aeb6ca8eb1 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Mon, 4 Sep 2023 11:09:51 +0000 Subject: [PATCH 03/12] add libxml2-2.9.7-CVE-2023-29469.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch new file mode 100644 index 0000000..1fd2ef1 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-29469.patch @@ -0,0 +1,36 @@ +From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index c29d2af77..12ba94fd5 100644 +--- a/dict.c ++++ b/dict.c +@@ -453,7 +453,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value += *name; + value <<= 5; + if (namelen > 10) { +-- +GitLab \ No newline at end of file -- Gitee From 766658c4aa2f58613a43edae74d08bd9725beade Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Mon, 4 Sep 2023 11:29:19 +0000 Subject: [PATCH 04/12] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20li?= =?UTF-8?q?bxml2-2.9.7-CVE-2023-29469.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ------------------------------ 1 file changed, 36 deletions(-) delete mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch deleted file mode 100644 index 1fd2ef1..0000000 --- a/libxml2-2.9.7-CVE-2023-29469.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Fri, 7 Apr 2023 11:49:27 +0200 -Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't - deterministic - -When hashing empty strings which aren't null-terminated, -xmlDictComputeFastKey could produce inconsistent results. This could -lead to various logic or memory errors, including double frees. - -For consistency the seed is also taken into account, but this shouldn't -have an impact on security. - -Found by OSS-Fuzz. - -Fixes #510. ---- - dict.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/dict.c b/dict.c -index c29d2af77..12ba94fd5 100644 ---- a/dict.c -+++ b/dict.c -@@ -453,7 +453,8 @@ static unsigned long - xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { - unsigned long value = seed; - -- if (name == NULL) return(0); -+ if ((name == NULL) || (namelen <= 0)) -+ return(value); - value += *name; - value <<= 5; - if (namelen > 10) { --- -GitLab \ No newline at end of file -- Gitee From de3d9e11e1fd7afa602eeb4226c0413d6481f23a Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Mon, 4 Sep 2023 11:30:13 +0000 Subject: [PATCH 05/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index bd33f89..b61a321 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -60,8 +60,6 @@ Patch19: libxml2-2.9.7-CVE-2022-40303.patch Patch20: libxml2-2.9.7-CVE-2022-40304.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2185994 Patch21: libxml2-2.9.7-CVE-2023-28484.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2185984 -Patch22: libxml2-2.9.7-CVE-2023-29469.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -239,7 +237,6 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %changelog * Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) -- Fix CVE-2023-29469 (#2185984) * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 - Modify home page -- Gitee From f746aa4d33a66838f270d8c6dabe0d85927acf95 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Tue, 5 Sep 2023 13:27:59 +0000 Subject: [PATCH 06/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index b61a321..f348dd5 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -8,8 +8,8 @@ %endif Name: libxml2 -Version: 2.9.7 -Release: 17%{anolis_release}%{?dist} +Version: 2.9.7.1 +Release: 16%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT -- Gitee From 247fc0dcc9fc726632a393e29236bbf9a523cc3b Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Tue, 5 Sep 2023 13:47:39 +0000 Subject: [PATCH 07/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index f348dd5..4c6468b 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 %if 0%{?rhel} > 7 # Disable python2 build by default @@ -8,7 +8,7 @@ %endif Name: libxml2 -Version: 2.9.7.1 +Version: 2.9.7 Release: 16%{anolis_release}%{?dist} Summary: Library providing XML and HTML support -- Gitee From 7ffde6d0d0a83d0e78e5bf556f5824fedda7634b Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Tue, 5 Sep 2023 13:57:53 +0000 Subject: [PATCH 08/12] update libxml2-2.9.7-CVE-2023-28484.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-28484.patch | 48 ++---------------------------- 1 file changed, 2 insertions(+), 46 deletions(-) diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch index d834f41..f0620f3 100644 --- a/libxml2-2.9.7-CVE-2023-28484.patch +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -8,54 +8,10 @@ Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491. ---- - result/schemas/issue491_0_0.err | 1 + - test/schemas/issue491_0.xml | 1 + - test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ xmlschemas.c | 2 +- - 4 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 result/schemas/issue491_0_0.err - create mode 100644 test/schemas/issue491_0.xml - create mode 100644 test/schemas/issue491_0.xsd + 1 files changed, 1 insertions(+), 1 deletion(-) + -diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err -new file mode 100644 -index 000000000..9b2bb9691 ---- /dev/null -+++ b/result/schemas/issue491_0_0.err -@@ -0,0 +1 @@ -+./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. -diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml -new file mode 100644 -index 000000000..e2b2fc2e3 ---- /dev/null -+++ b/test/schemas/issue491_0.xml -@@ -0,0 +1 @@ -+5 -diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd -new file mode 100644 -index 000000000..817026498 ---- /dev/null -+++ b/test/schemas/issue491_0.xsd -@@ -0,0 +1,18 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ diff --git a/xmlschemas.c b/xmlschemas.c index 152b7c3f5..eec24a95f 100644 --- a/xmlschemas.c -- Gitee From 9e334a325e8fa8ce000d7550e75754751c025c2c Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Tue, 5 Sep 2023 13:59:20 +0000 Subject: [PATCH 09/12] update libxml2-2.9.7-CVE-2023-28484.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-28484.patch | 2 -- 1 file changed, 2 deletions(-) diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch index f0620f3..4f896b6 100644 --- a/libxml2-2.9.7-CVE-2023-28484.patch +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -25,5 +25,3 @@ index 152b7c3f5..eec24a95f 100644 xmlSchemaTreeItemPtr effectiveContent = (xmlSchemaTreeItemPtr) type->subtypes; /* --- -GitLab \ No newline at end of file -- Gitee From 173086bbed5b680ecb9fa0e4963f2b8d390f32a0 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 02:23:42 +0000 Subject: [PATCH 10/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 4c6468b..9865489 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.2 +%define anolis_release .0.1 %if 0%{?rhel} > 7 # Disable python2 build by default @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 16%{anolis_release}%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -235,7 +235,7 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 +* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17.0.1 - Fix CVE-2023-28484 (#2185994) * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 -- Gitee From ea4c31c64178b19ffa0c7ed6fb96f6419adbc889 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 02:37:24 +0000 Subject: [PATCH 11/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 9865489..852d738 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{anolis_release}%{?dist} +Release: 17%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -235,7 +235,7 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17.0.1 +* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 -- Gitee From 4ea75492f65cd08d7704b19475c614a61fc4710b Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 02:44:11 +0000 Subject: [PATCH 12/12] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 852d738..e893720 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{?dist} +Release: 16%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -58,8 +58,6 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2185994 -Patch21: libxml2-2.9.7-CVE-2023-28484.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -235,9 +233,6 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 -- Fix CVE-2023-28484 (#2185994) - * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 - Modify home page - Replace logo in html doc with anolis.gif -- Gitee