diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-16 14:25:25 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-16 16:35:49 +0200 |
| commit | 23378989c95591c62d00888e83710e5424685eaa (patch) | |
| tree | c7f6ec3d083dab835184dd4db3bb36890c860e60 | |
| parent | 108d798f522424e0e5c45a725d2b052458411614 (diff) | |
| download | aports-23378989c95591c62d00888e83710e5424685eaa.tar.bz2 aports-23378989c95591c62d00888e83710e5424685eaa.tar.xz | |
main/libxml2: fix for CVE-2017-5969
fixes #6856
| -rw-r--r-- | main/libxml2/APKBUILD | 8 | ||||
| -rw-r--r-- | main/libxml2/CVE-2017-5969.patch | 63 |
2 files changed, 69 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 1978d38a37..a1cd8572b4 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.9.4 -pkgrel=2 +pkgrel=3 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -14,6 +14,7 @@ subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils" source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz CVE-2016-5131.patch CVE-2016-9318.patch + CVE-2017-5969.patch " # secfixes: @@ -21,6 +22,8 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz # - CVE-2016-5131 # 2.9.4-r2: # - CVE-2016-9318 +# 2.9.4-r3: +# - CVE-2017-5969 options="!strip" @@ -77,4 +80,5 @@ sha256sums="ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c li 4e0248f5a6877b157b9d736c412d4da7a2c015d58a816b859957efddb8d3c8d4 CVE-2016-5131.patch" sha512sums="f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 libxml2-2.9.4.tar.gz c92cda9851fdf8af6cb21aa80f39b474cddef8c749298f5b51f76f871160ac9749fdaac3fa406cc0c75a666f7627983fce0e90fb2919f3a8c778e1148583be33 CVE-2016-5131.patch -508550f2f3489954abceee5404722dc7a8dcf6590219561a1ab36c2c14b1d1bfc2bad0403577db4e20c2c4e8c9114beb6bd80b165bb8e02c6cc52e6c5fb6e1ee CVE-2016-9318.patch" +508550f2f3489954abceee5404722dc7a8dcf6590219561a1ab36c2c14b1d1bfc2bad0403577db4e20c2c4e8c9114beb6bd80b165bb8e02c6cc52e6c5fb6e1ee CVE-2016-9318.patch +c1ce2284bdd874bd6eb1b2bef0e2c8d561861f82b5f03c4b7155e3ed11e2c56743d2f624530f0c7672d65329a13199e534f51ec19f06d4b6941b861dda50ef67 CVE-2017-5969.patch" diff --git a/main/libxml2/CVE-2017-5969.patch b/main/libxml2/CVE-2017-5969.patch new file mode 100644 index 0000000000..367ad730d0 --- /dev/null +++ b/main/libxml2/CVE-2017-5969.patch @@ -0,0 +1,63 @@ +From 94691dc884d1a8ada39f073408b4bb92fe7fe882 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Wed, 7 Jun 2017 16:47:36 +0200 +Subject: Fix NULL pointer deref in xmlDumpElementContent + +Can only be triggered in recovery mode. + +Fixes bug 758422 (CVE-2017-5969). +--- + valid.c | 24 ++++++++++++++---------- + 1 file changed, 14 insertions(+), 10 deletions(-) + +diff --git a/valid.c b/valid.c +index 9b2df56..8075d3a 100644 +--- a/valid.c ++++ b/valid.c +@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) + xmlBufferWriteCHAR(buf, content->name); + break; + case XML_ELEMENT_CONTENT_SEQ: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " , "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || +- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); + break; + case XML_ELEMENT_CONTENT_OR: +- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || +- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) ++ if ((content->c1 != NULL) && ++ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || ++ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) + xmlDumpElementContent(buf, content->c1, 1); + else + xmlDumpElementContent(buf, content->c1, 0); + xmlBufferWriteChar(buf, " | "); +- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || +- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && +- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) ++ if ((content->c2 != NULL) && ++ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || ++ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && ++ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) + xmlDumpElementContent(buf, content->c2, 1); + else + xmlDumpElementContent(buf, content->c2, 0); +-- +cgit v0.12 + |