diff --git a/0001-fix-cve-CVE-2024-56171.patch b/0001-fix-cve-CVE-2024-56171.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a591b327c4a2945de2dfe4c24ad5154ab1a1ccd --- /dev/null +++ b/0001-fix-cve-CVE-2024-56171.patch @@ -0,0 +1,33 @@ +From ccfc4b15ec94efa2521293fe6fa768fc3d68fbec Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Wed, 26 Mar 2025 16:02:10 +0800 +Subject: [PATCH] fix cve CVE-2024-56171 + +--- + xmlschemas.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 1d48544..56376f3 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -23453,6 +23453,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt, + } + if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1) + goto internal_error; ++ dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items; + /* + * Remove the duplicate entry from the IDC node-table. + */ +@@ -23669,6 +23670,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt) + goto internal_error; + } + xmlSchemaItemListAdd(parBind->dupls, parNode); ++ dupls = (xmlSchemaPSVIIDCNodePtr *) ++ parBind->dupls->items; + } else { + /* + * Add the node-table entry (node and key-sequence) of +-- +2.39.3 + diff --git a/0001-fix-cve-CVE-2025-24928.patch b/0001-fix-cve-CVE-2025-24928.patch new file mode 100644 index 0000000000000000000000000000000000000000..bb2422bd41aa12661b80014443e553158b9385bd --- /dev/null +++ b/0001-fix-cve-CVE-2025-24928.patch @@ -0,0 +1,55 @@ +From ff1af11a4e89075e415ce979c1f00f3c19a25c11 Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Wed, 26 Mar 2025 20:31:43 +0800 +Subject: [PATCH] fix cve CVE-2025-24928 + +--- + valid.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/valid.c b/valid.c +index 657e3c8..e5ad3e0 100644 +--- a/valid.c ++++ b/valid.c +@@ -5154,25 +5154,26 @@ xmlSnprintfElements(char *buf, int size, xmlNodePtr node, int glob) { + return; + } + switch (cur->type) { +- case XML_ELEMENT_NODE: ++ case XML_ELEMENT_NODE: { ++ int qnameLen = xmlStrlen(cur->name); ++ ++ if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) ++ qnameLen += xmlStrlen(cur->ns->prefix) + 1; ++ if (size - len < qnameLen + 10) { ++ if ((size - len > 4) && (buf[len - 1] != '.')) ++ strcat(buf, " ..."); ++ return; ++ } + if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) { +- if (size - len < xmlStrlen(cur->ns->prefix) + 10) { +- if ((size - len > 4) && (buf[len - 1] != '.')) +- strcat(buf, " ..."); +- return; +- } + strcat(buf, (char *) cur->ns->prefix); + strcat(buf, ":"); + } +- if (size - len < xmlStrlen(cur->name) + 10) { +- if ((size - len > 4) && (buf[len - 1] != '.')) +- strcat(buf, " ..."); +- return; +- } +- strcat(buf, (char *) cur->name); ++ if (cur->name != NULL) ++ strcat(buf, (char *) cur->name); + if (cur->next != NULL) + strcat(buf, " "); + break; ++ } + case XML_TEXT_NODE: + if (xmlIsBlankNode(cur)) + break; +-- +2.39.3 + diff --git a/libxml2.spec b/libxml2.spec index d26645eaaa3ea2f541e495f8d909eac6e5a852d9..b4464a730b56a96e84678dbd64317c2113820b36 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 # for -O3 on ppc64 c.f. 1051068 %global _performance_build 1 @@ -81,7 +81,8 @@ patch150: libxml2-2.9.1-CVE-2016-4658.patch #Add by anolis Patch1000: 0001-libxml2-anolis-rebrand-for-anolis.patch #End - +Patch1001: 0001-fix-cve-CVE-2024-56171.patch +Patch1002: 0001-fix-cve-CVE-2025-24928.patch %description This library allows to manipulate XML files. It includes support @@ -196,6 +197,8 @@ at parse time or later once the document has been modified. %patch149 -p1 %patch150 -p1 %patch1000 -p1 +%patch1001 -p1 +%patch1002 -p1 %build %configure @@ -278,6 +281,9 @@ rm -fr %{buildroot} %doc doc/python.html %changelog +* Wed Mar 26 2025 zhuhongbo - 2.9.1-6.0.1.9 +- cve: fix cve CVE-2024-56171 CVE-2025-24928 + * Fri Jan 07 2022 yangxianzhao - 2.9.1-6.0.1.6 - Rebrand for Anolis OS - Cherry-pick [13ed266]