fix CVE-2024-40896
This commit is contained in:
Funda Wang
parent
b4e91f5c86
commit
2abb988b9c
37
backport-CVE-2024-40896.patch
Normal file
37
backport-CVE-2024-40896.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||||||
|
Date: Sat, 6 Jul 2024 01:03:46 +0200
|
||||||
|
Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code
|
||||||
|
|
||||||
|
Some users set an entity's children manually in the getEntity SAX
|
||||||
|
callback to restrict entity expansion. This stopped working after
|
||||||
|
renaming the "checked" member of xmlEntity, making at least one
|
||||||
|
downstream project and its dependants susceptible to XXE attacks.
|
||||||
|
|
||||||
|
See #761.
|
||||||
|
---
|
||||||
|
parser.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/parser.c b/parser.c
|
||||||
|
index 4feb21a28..8fe0a064d 100644
|
||||||
|
--- a/parser.c
|
||||||
|
+++ b/parser.c
|
||||||
|
@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Some users try to parse entities on their own and used to set
|
||||||
|
+ * the renamed "checked" member. Fix the flags to cover this
|
||||||
|
+ * case.
|
||||||
|
+ */
|
||||||
|
+ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL))
|
||||||
|
+ ent->flags |= XML_ENT_PARSED;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* The first reference to the entity trigger a parsing phase
|
||||||
|
* where the ent->children is filled with the result from
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Summary: Library providing XML and HTML support
|
Summary: Library providing XML and HTML support
|
||||||
Name: libxml2
|
Name: libxml2
|
||||||
Version: 2.11.5
|
Version: 2.11.5
|
||||||
Release: 3
|
Release: 4
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
|
Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz
|
||||||
@ -12,6 +12,7 @@ Patch2: backport-xpath-Remove-remaining-references-to-valueFrame.patch
|
|||||||
Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch
|
Patch3: backport-examples-Don-t-call-xmlCleanupParser-and-xmlMemoryDu.patch
|
||||||
Patch4: backport-CVE-2024-25062.patch
|
Patch4: backport-CVE-2024-25062.patch
|
||||||
Patch5: backport-CVE-2024-34459.patch
|
Patch5: backport-CVE-2024-34459.patch
|
||||||
|
Patch6: backport-CVE-2024-40896.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
@ -163,6 +164,12 @@ rm -fr %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 29 2024 Funda Wang <fundawang@yeah.net> - 2.11.5-4
|
||||||
|
- Type:CVE
|
||||||
|
- CVE:CVE-2024-40896
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2024-40896
|
||||||
|
|
||||||
* Fri May 17 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.11.5-3
|
* Fri May 17 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.11.5-3
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- CVE:CVE-2024-34459
|
- CVE:CVE-2024-34459
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user