From 874930c9c332213e7702c5a5f4aacbbfc09f95ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A8=8B=E8=83=9C=E5=AE=8710345842?= Date: Thu, 7 Sep 2023 14:40:00 +0800 Subject: [PATCH 1/2] CVE-2023-29469 --- libxml2-2.9.7-CVE-2023-29469.patch | 36 ++++++++++++++++++++++++++++++ libxml2.spec | 7 +++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 libxml2-2.9.7-CVE-2023-29469.patch diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch new file mode 100644 index 0000000..bcd9fe0 --- /dev/null +++ b/libxml2-2.9.7-CVE-2023-29469.patch @@ -0,0 +1,36 @@ +From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Apr 2023 11:49:27 +0200 +Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't + deterministic + +When hashing empty strings which aren't null-terminated, +xmlDictComputeFastKey could produce inconsistent results. This could +lead to various logic or memory errors, including double frees. + +For consistency the seed is also taken into account, but this shouldn't +have an impact on security. + +Found by OSS-Fuzz. + +Fixes #510. +--- + dict.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dict.c b/dict.c +index c29d2af77..12ba94fd5 100644 +--- a/dict.c ++++ b/dict.c +@@ -453,7 +453,8 @@ static unsigned long + xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) { + unsigned long value = seed; + +- if (name == NULL) return(0); ++ if ((name == NULL) || (namelen <= 0)) ++ return(value); + value = *name; + value <<= 5; + if (namelen > 10) { +-- +GitLab diff --git a/libxml2.spec b/libxml2.spec index 711a162..d1b4b57 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 17%{anolis_release}%{?dist} +Release: 18%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -60,6 +60,8 @@ Patch19: libxml2-2.9.7-CVE-2022-40303.patch Patch20: libxml2-2.9.7-CVE-2022-40304.patch # https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f Patch21: libxml2-2.9.7-CVE-2023-28484.patch +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64.patch +Patch22: libxml2-2.9.7-CVE-2023-29469.patch # Add by Anolis Patch1000: 0001-modify-home-page.patch @@ -235,6 +237,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Wed Sep 06 2023 chengshengyu - 2.9.7-18.0.1 +- Fix CVE-2023-29469 (#2185984) + * Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 - Modify home page - Replace logo in html doc with anolis.gif -- Gitee From 7075d901f5dbf5ff2b00dd7692e69cefbc9eb544 Mon Sep 17 00:00:00 2001 From: VictorCheng Date: Thu, 7 Sep 2023 07:30:27 +0000 Subject: [PATCH 2/2] update libxml2.spec. Signed-off-by: VictorCheng --- libxml2.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libxml2.spec b/libxml2.spec index d1b4b57..0a7a9cd 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 %if 0%{?rhel} > 7 # Disable python2 build by default @@ -9,7 +9,7 @@ Name: libxml2 Version: 2.9.7 -Release: 18%{anolis_release}%{?dist} +Release: 17%{anolis_release}%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -237,7 +237,7 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog -* Wed Sep 06 2023 chengshengyu - 2.9.7-18.0.1 +* Wed Sep 06 2023 chengshengyu - 2.9.7-17.0.2 - Fix CVE-2023-29469 (#2185984) * Wed May 24 2023 Mahailiang - 2.9.7-17.0.1 -- Gitee