fix CVE-2024-40896
This commit is contained in:
Funda Wang
parent
b4e91f5c86
commit
2abb988b9c
37
backport-CVE-2024-40896.patch
Normal file
37
backport-CVE-2024-40896.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||
Date: Sat, 6 Jul 2024 01:03:46 +0200
|
||||
Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code
|
||||
|
||||
Some users set an entity's children manually in the getEntity SAX
|
||||
callback to restrict entity expansion. This stopped working after
|
||||
renaming the "checked" member of xmlEntity, making at least one
|
||||
downstream project and its dependants susceptible to XXE attacks.
|
||||
|
||||
See #761.
|
||||
---
|
||||
parser.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/parser.c b/parser.c
|
||||
index 4feb21a28..8fe0a064d 100644
|
||||
--- a/parser.c
|
||||
+++ b/parser.c
|
||||
@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
||||
return;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Some users try to parse entities on their own and used to set
|
||||
+ * the renamed "checked" member. Fix the flags to cover this
|
||||
+ * case.
|
||||
+ */
|
||||
+ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL))
|
||||
+ ent->flags |= XML_ENT_PARSED;
|
||||
+
|
||||
/*
|
||||
* The first reference to the entity trigger a parsing phase
|
||||
* where the ent->children is filled with the result from
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library providing XML and HTML support
|
||||
Name: libxml2
|
||||
Version: 2.11.5
|
||||
Release: 3
|
||||
Release: 4
|
||||
License: MIT
|
||||
Group: Development/Libraries
|
||||
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
|
||||
@ -12,6 +12,7 @@ Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch
|
||||
Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch
|
||||
Patch4: backport-CVE-2024-25062.patch
|
||||
Patch5: backport-CVE-2024-34459.patch
|
||||
Patch6: backport-CVE-2024-40896.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires: python3-devel
|
||||
@ -163,6 +164,12 @@ rm -fr %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 29 2024 Funda Wang <fundawang@yeah.net> - 2.11.5-4
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-40896
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-40896
|
||||
|
||||
* Fri May 17 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.11.5-3
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-34459
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user