diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.7-CVE-2023-28484.patch new file mode 100644 index 0000000000000000000000000000000000000000..c5c4d9cfe8c7d6e4a3c57a09d7e36bdb583cfa37 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-28484.patch @@ -0,0 +1,73 @@ +From 647e072ea0a2f12687fa05c172f4c4713fdb0c4f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:46:35 +0200 +Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType + +Fix a null pointer dereference when parsing (invalid) XML schemas. + +Thanks to Robby Simpson for the report! + +Fixes #491. +--- + result/schemas/issue491_0_0.err | 1 + + test/schemas/issue491_0.xml | 1 + + test/schemas/issue491_0.xsd | 18 ++++++++++++++++++ + xmlschemas.c | 2 +- + 4 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 result/schemas/issue491_0_0.err + create mode 100644 test/schemas/issue491_0.xml + create mode 100644 test/schemas/issue491_0.xsd + +diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err +new file mode 100644 +index 000000000..9b2bb9691 +--- /dev/null ++++ b/result/schemas/issue491_0_0.err +@@ -0,0 +1 @@ ++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'. +diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml +new file mode 100644 +index 000000000..e2b2fc2e3 +--- /dev/null ++++ b/test/schemas/issue491_0.xml +@@ -0,0 +1 @@ ++5 +diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd +new file mode 100644 +index 000000000..817026498 +--- /dev/null ++++ b/test/schemas/issue491_0.xsd +@@ -0,0 +1,18 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/xmlschemas.c b/xmlschemas.c +index 152b7c3f5..eec24a95f 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt, + "allowed to appear inside other model groups", + NULL, NULL); + +- } else if (! dummySequence) { ++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) { + xmlSchemaTreeItemPtr effectiveContent = + (xmlSchemaTreeItemPtr) type->subtypes; + /* +-- +GitLab diff --git a/libxml2.spec b/libxml2.spec index e893720b4a06b436f48219d43b332d3142305e9d..711a1627873dcc0086687eb0cd699b3b71596bc1 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 16%{anolis_release}%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -58,6 +58,8 @@ Patch18: libxml2-2.9.7-CVE-2016-3709.patch Patch19: libxml2-2.9.7-CVE-2022-40303.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2136568 Patch20: libxml2-2.9.7-CVE-2022-40304.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f +Patch21: libxml2-2.9.7-CVE-2023-28484.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -233,10 +235,13 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed May 24 2023 Mahailiang - 2.9.7-16.0.1 +* Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 - Modify home page - Replace logo in html doc with anolis.gif +* Fri Apr 07 2023 Nick Wellnhofer - 2.9.7-17 +- Fix CVE-2023-28484 (#2185994) + * Wed Nov 02 2022 David King - 2.9.7-16 - Fix CVE-2022-40303 (#2136563) - Fix CVE-2022-40304 (#2136568)