diff --git a/Bugfix-for-CVE-2024-25062.patch b/Bugfix-for-CVE-2024-25062.patch new file mode 100644 index 0000000000000000000000000000000000000000..e9584574d6766e6c3ab4f4132e2a4d866b5cd20a --- /dev/null +++ b/Bugfix-for-CVE-2024-25062.patch @@ -0,0 +1,24 @@ +From 47b329242d4a56a3a35a63e969c2ca02d13d3d9c Mon Sep 17 00:00:00 2001 +From: root +Date: Mon, 12 Aug 2024 16:09:10 +0800 +Subject: [PATCH] Bugfix for CVE-2024-25062 + +--- + xmlreader.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/xmlreader.c b/xmlreader.c +index 979385a..fefd68e 100644 +--- a/xmlreader.c ++++ b/xmlreader.c +@@ -1443,6 +1443,7 @@ node_found: + * Handle XInclude if asked for + */ + if ((reader->xinclude) && (reader->in_xinclude == 0) && ++ (reader->state != XML_TEXTREADER_BACKTRACK) && + (reader->node != NULL) && + (reader->node->type == XML_ELEMENT_NODE) && + (reader->node->ns != NULL) && +-- +2.27.0 + diff --git a/libxml2.spec b/libxml2.spec index d37f62dc32746c3d118758188e90ba18f8d92c9f..58f11047e648fbdbb7c50d7f9180cc0c9c62f86d 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release 3 +%define anolis_release 4 Name: libxml2 Version: 2.11.5 Release: %{anolis_release}%{?dist} @@ -18,6 +18,10 @@ Patch2: fix-CVE-2023-45322.patch # Upstream fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 Patch3: Bugfix-for-CVE-2024-34459.patch +# CVE-2024-25062 +# Upstream fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 +Patch4: Bugfix-for-CVE-2024-25062.patch + BuildRequires: cmake-rpm-macros BuildRequires: gcc BuildRequires: make @@ -162,6 +166,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %doc NEWS README.md %changelog +* Mon Aug 12 2024 lidongyue 2.11.5-4 +- Fix CVE-2024-25062 + * Fri Jul 12 2024 lidongyue 2.11.5-3 - Fix CVE-2024-34459