From 3723f25d6121d189608934465471b417ecc59179 Mon Sep 17 00:00:00 2001
From: root <root@hebei.10.60.in-addr.arpa>
Date: Fri, 12 Jul 2024 11:35:06 +0800
Subject: [PATCH] Bugfix for CVE-2024-34459

---
 Bugfix-for-CVE-2024-34459.patch | 25 +++++++++++++++++++++++++
 libxml2.spec                    | 10 +++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 Bugfix-for-CVE-2024-34459.patch

diff --git a/Bugfix-for-CVE-2024-34459.patch b/Bugfix-for-CVE-2024-34459.patch
new file mode 100644
index 0000000..973eddf
--- /dev/null
+++ b/Bugfix-for-CVE-2024-34459.patch
@@ -0,0 +1,25 @@
+From b4896c4539c8bf37cddf05cf63ad1e6bd5b84bff Mon Sep 17 00:00:00 2001
+From: root <root@hebei.10.60.in-addr.arpa>
+Date: Fri, 12 Jul 2024 11:29:56 +0800
+Subject: [PATCH] Bugfix for CVE-2024-34459
+
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmllint.c b/xmllint.c
+index 398670b..3f4bfb2 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
+     len = strlen(buffer);
+     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
+     cur = input->cur;
+-    while ((*cur == '\n') || (*cur == '\r'))
++    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
+ 	cur--;
+     n = 0;
+     while ((cur != base) && (n++ < 80)) {
+-- 
+2.27.0
+
diff --git a/libxml2.spec b/libxml2.spec
index 12e2c75..d37f62d 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 Name:           libxml2
 Version:        2.11.5
 Release:        %{anolis_release}%{?dist}
@@ -13,6 +13,11 @@ Patch0:         libxml2-multilib.patch
 Patch1:         libxml2-2.11.1-python3-unicode-errors.patch
 Patch2:         fix-CVE-2023-45322.patch
 
+# CVE-2024-34459
+# Tracking bug: https://security-tracker.debian.org/tracker/CVE-2024-34459
+# Upstream fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145
+Patch3:         Bugfix-for-CVE-2024-34459.patch
+
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
 BuildRequires:  make
@@ -157,6 +162,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %doc NEWS README.md
 
 %changelog
+* Fri Jul 12 2024 lidongyue <dongyue@nfschina.com> 2.11.5-3
+- Fix CVE-2024-34459
+
 * Tue Mar 12 2024 Bo Ren <rb01097748@alibaba-inc.com> - 2.11.5-2
 - Rebuild with python3.11
 
-- 
Gitee