From 5dd7dccdc3de81432ae34d692848532a72799f04 Mon Sep 17 00:00:00 2001
From: BruceGW <gyl93216@163.com>
Date: Sun, 18 Feb 2024 17:32:02 +0800
Subject: [PATCH] fix CVE-2024-25062

Signed-off-by: BruceGW <gyl93216@163.com>
---
 backport-CVE-2024-25062.patch | 29 +++++++++++++++++++++++++++++
 libxml2.spec                  |  8 +++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-25062.patch

diff --git a/backport-CVE-2024-25062.patch b/backport-CVE-2024-25062.patch
new file mode 100644
index 0000000..88e3e35
--- /dev/null
+++ b/backport-CVE-2024-25062.patch
@@ -0,0 +1,29 @@
+From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 14 Oct 2023 22:45:54 +0200
+Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
+ backtracking
+
+Fixes a use-after-free if XML Reader if used with DTD validation and
+XInclude expansion.
+
+Fixes #604.
+---
+ xmlreader.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xmlreader.c b/xmlreader.c
+index 979385a13..fefd68e0b 100644
+--- a/xmlreader.c
++++ b/xmlreader.c
+@@ -1443,6 +1443,7 @@ node_found:
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
++        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+ 	(reader->node->type == XML_ELEMENT_NODE) &&
+ 	(reader->node->ns != NULL) &&
+-- 
+GitLab
+
diff --git a/libxml2.spec b/libxml2.spec
index 43fb830..40bd5b5 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.14
-Release: 9
+Release: 10
 License: MIT
 Group: Development/Libraries
 Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz
@@ -189,6 +189,7 @@ Patch6167:  backport-malloc-fail-Fix-null-deref-after-xmlXIncludeNewRef.patch
 Patch6168:  backport-xpath-Ignore-entity-ref-nodes-when-computing-node-ha.patch
 Patch6169:  backport-SAX-Always-initialize-SAX1-element-handlers.patch
 Patch6170:  backport-CVE-2023-45322.patch
+Patch6171:  backport-CVE-2024-25062.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python3-devel
@@ -344,6 +345,11 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Sun Feb 18 2024 BruceGW <gyl93216@163.com> - 2.9.14-10
+- Type:CVE
+- SUG:NA
+- DESC:fix CVE-2024-25062
+
 * Mon Oct 16 2023 BruceGW <gyl93216@163.com> - 2.9.14-9
 - Type:CVE
 - CVE:CVE-2023-45322
-- 
Gitee