From 4ada74f2d70040f2215b2cac93128ac19248c404 Mon Sep 17 00:00:00 2001 From: cenhuilin Date: Tue, 14 May 2024 09:55:26 +0800 Subject: [PATCH] fix CVE-2024-34459 --- backport-CVE-2024-34459.patch | 26 ++++++++++++++++++++++++++ libxml2.spec | 9 ++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-34459.patch diff --git a/backport-CVE-2024-34459.patch b/backport-CVE-2024-34459.patch new file mode 100644 index 0000000..b7b80ce --- /dev/null +++ b/backport-CVE-2024-34459.patch @@ -0,0 +1,26 @@ +From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 14 May 2024 08:50:50 +0800 +Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +Add a missing bounds check. +--- + xmllint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index 5c26c3f..fcbf465 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -560,7 +560,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { + len = strlen(buffer); + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); + cur = input->cur; +- while ((*cur == '\n') || (*cur == '\r')) ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) + cur--; + n = 0; + while ((cur != base) && (n++ < 80)) { +-- +2.33.0 + diff --git a/libxml2.spec b/libxml2.spec index 187b2fa..595c4ea 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,12 +1,13 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.12.6 -Release: 1 +Release: 2 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz Patch0: libxml2-multilib.patch +Patch1: backport-CVE-2024-34459.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel @@ -158,6 +159,12 @@ rm -fr %{buildroot} %changelog +* Tue May 14 2024 cenhuilin - 2.12.6-2 +- Type:CVE +- CVE:CVE-2024-34459 +- SUG:NA +- DESC:fix CVE-2024-34459 + * Wed Feb 28 2024 Zhipeng Xie - 2.12.6-1 - Type:enhancement - CVE:NA -- Gitee