From ba69763d531ba0cd781d88721fd5d014dda7cb1a Mon Sep 17 00:00:00 2001 From: zhuofeng Date: Tue, 26 Mar 2024 09:36:26 +0800 Subject: [PATCH] ix CVE-2022-2309 --- backport-CVE-2022-2309.patch | 25 +++++++++++++++++++++++++ libxml2.spec | 9 ++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-2309.patch diff --git a/backport-CVE-2022-2309.patch b/backport-CVE-2022-2309.patch new file mode 100644 index 0000000..c681146 --- /dev/null +++ b/backport-CVE-2022-2309.patch @@ -0,0 +1,25 @@ +From 5930fe01963136ab92125feec0c6204d9c9225dc Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Mon, 18 Jul 2022 20:59:45 +0200 +Subject: [PATCH] Reset nsNr in xmlCtxtReset + +--- + parser.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/parser.c b/parser.c +index d278638d..e660b0a7 100644 +--- a/parser.c ++++ b/parser.c +@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt) + ctxt->nameNr = 0; + ctxt->name = NULL; + ++ ctxt->nsNr = 0; ++ + DICT_FREE(ctxt->version); + ctxt->version = NULL; + DICT_FREE(ctxt->encoding); +-- +2.27.0 + diff --git a/libxml2.spec b/libxml2.spec index f7737ed..3fe64aa 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.10 -Release: 37 +Release: 38 License: MIT Group: Development/Libraries Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz @@ -136,6 +136,7 @@ Patch122:backport-Always-initialize-SAX1-element-handlers.patch Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch Patch124:backport-CVE-2023-45322.patch Patch125:backport-CVE-2024-25062.patch +Patch126:backport-CVE-2022-2309.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python2-devel @@ -327,6 +328,12 @@ rm -fr %{buildroot} %changelog +* Tue Mar 26 zhuofeng - 2.9.10-38 +- Type:CVE +- CVE:CVE-2022-2309 +- SUG:NA +- DESC:fix CVE-2022-2309 + * Mon Feb 19 hehuazhen - 2.9.10-37 - Type:CVE - CVE:CVE-2024-25062 -- Gitee