From 11fb02a84874b050acce4875ab7c7e5f4086eb3e Mon Sep 17 00:00:00 2001
From: yangjinlin01 <yangjinlin01@inspur.com>
Date: Mon, 12 May 2025 13:37:16 +0800
Subject: [PATCH] [CVE] FIX CVE-2024-56171

to #19326
add patch to fix CVE-2024-56171
Project: TC2024080204
Signed-off-by: yangjinlin01 <yangjinlin01@inspur.com>
---
 Bugfix-for-CVE-2024-56171.patch | 41 +++++++++++++++++++++++++++++++++
 libxml2.spec                    |  8 ++++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 Bugfix-for-CVE-2024-56171.patch

diff --git a/Bugfix-for-CVE-2024-56171.patch b/Bugfix-for-CVE-2024-56171.patch
new file mode 100644
index 0000000..1734067
--- /dev/null
+++ b/Bugfix-for-CVE-2024-56171.patch
@@ -0,0 +1,41 @@
+From 5880a9a6bd97c0f9ac8fc4f30110fe023f484746 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 10 Dec 2024 16:52:05 +0100
+Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after
+ xmlSchemaItemListAdd
+
+xmlSchemaItemListAdd can reallocate the items array. Update local
+variables after adding item in
+
+- xmlSchemaIDCFillNodeTables
+- xmlSchemaBubbleIDCNodeTables
+
+Fixes #828.
+---
+ xmlschemas.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 1b3c524f..95be97c9 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -23374,6 +23374,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 			}
+ 			if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1)
+ 			    goto internal_error;
++                        dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
+ 			/*
+ 			* Remove the duplicate entry from the IDC node-table.
+ 			*/
+@@ -23590,6 +23591,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt)
+ 				goto internal_error;
+ 			}
+ 			xmlSchemaItemListAdd(parBind->dupls, parNode);
++		        dupls = (xmlSchemaPSVIIDCNodePtr *)
++                            parBind->dupls->items;
+ 		    } else {
+ 			/*
+ 			* Add the node-table entry (node and key-sequence) of
+-- 
+2.39.3
+
diff --git a/libxml2.spec b/libxml2.spec
index 0a2ccf0..0135e8d 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 7
+%define anolis_release 8
 Name:           libxml2
 Version:        2.11.5
 Release:        %{anolis_release}%{?dist}
@@ -33,6 +33,9 @@ Patch6:         bugfix-for-cve-2025-32414.patch
 # CVE-2025-32415
 # Upstream fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84
 Patch7:        Bugfix-for-CVE-2025-32415.patch
+#Upstream fix:  https://gitlab.gnome.org/GNOME/libxml2/-/commit/5880a9a6bd97c0f9ac8fc4f30110fe023f484746
+Patch8:        Bugfix-for-CVE-2024-56171.patch
+
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
 BuildRequires:  make
@@ -177,6 +180,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %doc NEWS README.md
 
 %changelog
+* Mon May 12 2025 yangjinlin01 <yangjinlin01@inspur.com> - 2.11.5-8
+- Fix CVE-2024-56171
+
 * Sat May 10 2025 yangjinlin01 <yangjinlin01@inspur.com> - 2.11.5-7
 - Fix CVE-2025-32415
 
-- 
Gitee