From de53413db06c23b72c55403055777a4b0b385ad3 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 07:21:47 +0000 Subject: [PATCH 01/10] add libxml2-2.9.7-CVE-2023-29469.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch new file mode 100644 index 0000000..986c178 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-29469.patch @@ -0,0 +1,36 @@ +From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index c29d2af77..12ba94fd5 100644 +--- a/dict.c ++++ b/dict.c +@@ -453,7 +453,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value += *name; + value <<= 5; + if (namelen > 10) { +-- +GitLab -- Gitee From d71ec75e5af34a01e14c90f3d8c12e6d740c6578 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 07:28:40 +0000 Subject: [PATCH 02/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libxml2.spec b/libxml2.spec index 711a162..8e09d41 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -60,6 +60,8 @@ Patch19: libxml2-2.9.7-CVE-2022-40303.patch Patch20: libxml2-2.9.7-CVE-2022-40304.patch # https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f Patch21: libxml2-2.9.7-CVE-2023-28484.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64.patch +Patch22: libxml2-2.9.7-CVE-2023.29469.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -241,6 +243,7 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) +- Fix CVE-2023-29469 (#2185984) * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) -- Gitee From 74c484fcf5e6938c4f4ca42ad47752696e986650 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 07:55:23 +0000 Subject: [PATCH 03/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 8e09d41..7218b74 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{anolis_release}%{?dist} +Release: 18%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -237,13 +237,15 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 +* Wed May 24 2023 Mahailiang - 2.9.7-18.0.1 - Modify home page - Replace logo in html doc with anolis.gif +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-18 +- Fix CVE-2023-29469 (#2185984) + * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) -- Fix CVE-2023-29469 (#2185984) * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) -- Gitee From 24280fec842e2cc854764b8137e768fcd23f667e Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 08:08:22 +0000 Subject: [PATCH 04/10] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20li?= =?UTF-8?q?bxml2-2.9.7-CVE-2023-29469.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ------------------------------ 1 file changed, 36 deletions(-) delete mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch deleted file mode 100644 index 986c178..0000000 --- a/libxml2-2.9.7-CVE-2023-29469.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer -Date: Fri, 7 Apr 2023 11:49:27 +0200 -Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't - deterministic - -When hashing empty strings which aren't null-terminated, -xmlDictComputeFastKey could produce inconsistent results. This could -lead to various logic or memory errors, including double frees. - -For consistency the seed is also taken into account, but this shouldn't -have an impact on security. - -Found by OSS-Fuzz. - -Fixes #510. ---- - dict.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/dict.c b/dict.c -index c29d2af77..12ba94fd5 100644 ---- a/dict.c -+++ b/dict.c -@@ -453,7 +453,8 @@ static unsigned long - xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { - unsigned long value = seed; - -- if (name == NULL) return(0); -+ if ((name == NULL) || (namelen <= 0)) -+ return(value); - value += *name; - value <<= 5; - if (namelen > 10) { --- -GitLab -- Gitee From 794abea6cc599819923d403a6b2cdd006fdc69e3 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 08:08:38 +0000 Subject: [PATCH 05/10] add libxml2-2.9.7-CVE-2023-29469.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch new file mode 100644 index 0000000..1fd2ef1 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-29469.patch @@ -0,0 +1,36 @@ +From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index c29d2af77..12ba94fd5 100644 +--- a/dict.c ++++ b/dict.c +@@ -453,7 +453,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value += *name; + value <<= 5; + if (namelen > 10) { +-- +GitLab \ No newline at end of file -- Gitee From 6e45bab877b93867caf919e45d2c0fcb1ec7ef26 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 08:26:08 +0000 Subject: [PATCH 06/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 7218b74..48cfaf0 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 %if 0%{?rhel} > 7 # Disable python2 build by default @@ -61,7 +61,7 @@ Patch20: libxml2-2.9.7-CVE-2022-40304.patch # https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f Patch21: libxml2-2.9.7-CVE-2023-28484.patch # https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64.patch -Patch22: libxml2-2.9.7-CVE-2023.29469.patch +Patch22: libxml2-2.9.7-CVE-2023-29469.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -237,11 +237,11 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed May 24 2023 Mahailiang - 2.9.7-18.0.1 +* Wed May 24 2023 Mahailiang - 2.9.7-18.0.2 - Modify home page - Replace logo in html doc with anolis.gif -* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-18 +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-18.0.1 - Fix CVE-2023-29469 (#2185984) * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 -- Gitee From 447ca726c17e6fb73fa35582f982bdd78d451d22 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 08:34:02 +0000 Subject: [PATCH 07/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 48cfaf0..8c3f0d8 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 18%{anolis_release}%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -237,11 +237,11 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed May 24 2023 Mahailiang - 2.9.7-18.0.2 +* Wed May 24 2023 Mahailiang - 2.9.7-17.0.2 - Modify home page - Replace logo in html doc with anolis.gif -* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-18.0.1 +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17.0.1 - Fix CVE-2023-29469 (#2185984) * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 -- Gitee From 0fa170af01e3643432ea39de85ea31b9af5fe23c Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 08:42:14 +0000 Subject: [PATCH 08/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 8c3f0d8..52e2486 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.2 +%define anolis_release .0.1 %if 0%{?rhel} > 7 # Disable python2 build by default @@ -237,15 +237,13 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed May 24 2023 Mahailiang - 2.9.7-17.0.2 +* Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 - Modify home page - Replace logo in html doc with anolis.gif -* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17.0.1 -- Fix CVE-2023-29469 (#2185984) - * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) +- Fix CVE-2023-29469 (#2185984) * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) -- Gitee From 62775691121b89521fd0ee31a7d8f3a34d25b7cd Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 09:07:19 +0000 Subject: [PATCH 09/10] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index 52e2486..d1b4b57 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{anolis_release}%{?dist} +Release: 18%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -237,13 +237,15 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Wed Sep 06 2023 chengshengyu - 2.9.7-18.0.1 +- Fix CVE-2023-29469 (#2185984) + * Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 - Modify home page - Replace logo in html doc with anolis.gif * Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 - Fix CVE-2023-28484 (#2185994) -- Fix CVE-2023-29469 (#2185984) * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) -- Gitee From 5a0f39eeea92b0676882d4cb67f873fdc4f88c5b Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Wed, 6 Sep 2023 09:26:23 +0000 Subject: [PATCH 10/10] update libxml2-2.9.7-CVE-2023-29469.patch. Signed-off-by: VictorCheng --- libxml2-2.9.7-CVE-2023-29469.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch index 1fd2ef1..f5a6d58 100644 --- a/libxml2-2.9.7-CVE-2023-29469.patch +++ b/libxml2-2.9.7-CVE-2023-29469.patch @@ -29,7 +29,7 @@ index c29d2af77..12ba94fd5 100644 - if (name == NULL) return(0); + if ((name == NULL) || (namelen <= 0)) + return(value); - value += *name; + value = *name; value <<= 5; if (namelen > 10) { -- -- Gitee