From 92c6fdabc7d647f2b9a85f2bb0645dffe7cbe4dc Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 02:42:00 +0000 Subject: [PATCH 1/7] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libxml2.spec b/libxml2.spec index e893720..852d738 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 16%{anolis_release}%{?dist} +Release: 17%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -58,6 +58,8 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2185994 +Patch21: libxml2-2.9.7-CVE-2023-28484.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -233,6 +235,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 +- Fix CVE-2023-28484 (#2185994) + * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 - Modify home page - Replace logo in html doc with anolis.gif -- Gitee From e048d377ac08e6528db9f724345a0157c6f0172e Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 02:42:40 +0000 Subject: [PATCH 2/7] add libxml2-2.9.7-CVE-2023-28484.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-28484.patch | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 libxml2-2.9.7-CVE-2023-28484.patch diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch new file mode 100644 index 0000000..4f896b6 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -0,0 +1,27 @@ +From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:46:35 +0200 +Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType + +Fix a null pointer dereference when parsing (invalid) XML schemas. + +Thanks to Robby Simpson for the report! + +Fixes #491. + xmlschemas.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletion(-) + + +diff --git a/xmlschemas.c b/xmlschemas.c +index 152b7c3f5..eec24a95f 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, + "allowed to appear inside other model groups", + NULL, NULL); + +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* -- Gitee From 6e33a80269d63b8aa0b76a3e1499c684adacf20c Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 03:03:40 +0000 Subject: [PATCH 3/7] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libxml2.spec b/libxml2.spec index 852d738..564aad7 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -235,7 +235,7 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Mon Sep 04 2023 ChengShengyu1 - 2.9.7-17 +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) * Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 -- Gitee From 7b931380e30e10f20f3a696ca410d85932f27bbb Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 03:52:13 +0000 Subject: [PATCH 4/7] update libxml2-2.9.7-CVE-2023-28484.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-28484.patch | 64 +++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 9 deletions(-) diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch index 4f896b6..e153888 100644 --- a/libxml2-2.9.7-CVE-2023-28484.patch +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -8,20 +8,66 @@ Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491. +--- + result/schemas/issue491_0_0.err | 1 + + test/schemas/issue491_0.xml | 1 + + test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ xmlschemas.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletion(-) - + 4 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 result/schemas/issue491_0_0.err + create mode 100644 test/schemas/issue491_0.xml + create mode 100644 test/schemas/issue491_0.xsd +diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err +new file mode 100644 +index 000000000..9b2bb9691 +--- /dev/null ++++ b/result/schemas/issue491_0_0.err +@@ -0,0 +1 @@ ++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. +diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml +new file mode 100644 +index 000000000..e2b2fc2e3 +--- /dev/null ++++ b/test/schemas/issue491_0.xml +@@ -0,0 +1 @@ ++5 +diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd +new file mode 100644 +index 000000000..817026498 +--- /dev/null ++++ b/test/schemas/issue491_0.xsd +@@ -0,0 +1,18 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ diff --git a/xmlschemas.c b/xmlschemas.c index 152b7c3f5..eec24a95f 100644 --- a/xmlschemas.c +++ b/xmlschemas.c @@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, - "allowed to appear inside other model groups", - NULL, NULL); + "allowed to appear inside other model groups", + NULL, NULL); -- } else if (! dummySequence) { -+ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { - xmlSchemaTreeItemPtr effectiveContent = - (xmlSchemaTreeItemPtr) type->subtypes; - /* +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* +-- +GitLab -- Gitee From a43be07904d63a86845df69f4f999364d20f450f Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 04:37:27 +0000 Subject: [PATCH 5/7] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 564aad7..7d59572 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -235,13 +235,13 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 -- Fix CVE-2023-28484 (#2185994) - -* Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 +* Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 - Modify home page - Replace logo in html doc with anolis.gif +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 +- Fix CVE-2023-28484 (#2185994) + * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) - Fix CVE-2022-40304 (#2136568) -- Gitee From fa139acbaf7a72ce836ce984122be435d1deb8ad Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 06:28:09 +0000 Subject: [PATCH 6/7] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libxml2.spec b/libxml2.spec index 7d59572..9d6e7b5 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -58,7 +58,7 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2185994 +# https://gitee.com/src-anolis-os/libxml2/blob/6e33a80269d63b8aa0b76a3e1499c684adacf20c/libxml2-2.9.7-CVE-2023-28484.patch Patch21: libxml2-2.9.7-CVE-2023-28484.patch # Add by Anolis -- Gitee From 3dcd084d7cff905fb26c9919a1f69181aaaf3030 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 06:40:26 +0000 Subject: [PATCH 7/7] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libxml2.spec b/libxml2.spec index 9d6e7b5..711a162 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -58,7 +58,7 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch -# https://gitee.com/src-anolis-os/libxml2/blob/6e33a80269d63b8aa0b76a3e1499c684adacf20c/libxml2-2.9.7-CVE-2023-28484.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f Patch21: libxml2-2.9.7-CVE-2023-28484.patch # Add by Anolis -- Gitee