diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2020-05-01 00:35:04 +0200 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-05-05 06:12:45 +0000 |
| commit | 595722b8fba7e3ab2b70299653c4d4b7b0e822c4 (patch) | |
| tree | 4f2d79f6e7583ca8ef0f94ab3bfd1daacd24aa5a | |
| parent | 4458783411acf14df578fcdbbeab9ba33416eff0 (diff) | |
| download | aports-595722b8fba7e3ab2b70299653c4d4b7b0e822c4.tar.bz2 aports-595722b8fba7e3ab2b70299653c4d4b7b0e822c4.tar.xz | |
main/libxml2: fix CVE-2019-20388
| -rw-r--r-- | main/libxml2/APKBUILD | 6 | ||||
| -rw-r--r-- | main/libxml2/CVE-2019-20388.patch | 12 |
2 files changed, 17 insertions, 1 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 0ecfad3f87..0eb79ff25f 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.9.10 -pkgrel=2 +pkgrel=3 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -14,11 +14,14 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils py3-$pkgname:_py3" options="!strip" source="http://xmlsoft.org/sources/libxml2-$pkgver.tar.gz + CVE-2019-20388.patch libxml2-CVE-2020-7595.patch revert-Make-xmlFreeNodeList-non-recursive.patch " # secfixes: +# 2.9.10-r3: +# - CVE-2019-20388 # 2.9.8-r2: # - CVE-2020-7595 # 2.9.8-r1: @@ -103,5 +106,6 @@ utils() { } sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz +46ade1189ef24cb56bd38c2c58aaacc8f3e8404656b9976754e9ec9bfe17f71e9a1fdb6febd02947f6120b5ce320cbc7391baf8d0cb042877bcf81553010ad04 CVE-2019-20388.patch 90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 libxml2-CVE-2020-7595.patch 347178e432379d543683cba21b902e7305202c03e8dbd724ae395963d677096a5cfc4e345e208d498163ca5174683c167610fc2b297090476038bc2bb7c84b4f revert-Make-xmlFreeNodeList-non-recursive.patch" diff --git a/main/libxml2/CVE-2019-20388.patch b/main/libxml2/CVE-2019-20388.patch new file mode 100644 index 0000000000..164b54ba2f --- /dev/null +++ b/main/libxml2/CVE-2019-20388.patch @@ -0,0 +1,12 @@ +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c84499d4185ca3a760b512daeca8760edaf05..39d92182f51ff723413cb41a0101d97b6647cdee 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; |