diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-16 14:25:25 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-16 16:30:51 +0200 |
commit | 4e7a6efe3f60338f70ade314e9bc46474c7fff9a (patch) | |
tree | 626eea1e3b39e44e38b358823ee560de3dc93203 | |
parent | dab0364651fea7158196224398355ee204826bf0 (diff) | |
download | alpine_aports-4e7a6efe3f60338f70ade314e9bc46474c7fff9a.tar.bz2 alpine_aports-4e7a6efe3f60338f70ade314e9bc46474c7fff9a.tar.xz alpine_aports-4e7a6efe3f60338f70ade314e9bc46474c7fff9a.zip |
main/libxml2: fix for CVE-2017-5969
fixes #6852
-rw-r--r-- | main/libxml2/APKBUILD | 8 | ||||
-rw-r--r-- | main/libxml2/CVE-2017-5969.patch | 63 |
2 files changed, 69 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 48afac511a..8d3d0531f1 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Carlo Landmeter <clandmeter@gmail.com> | 2 | # Maintainer: Carlo Landmeter <clandmeter@gmail.com> |
3 | pkgname=libxml2 | 3 | pkgname=libxml2 |
4 | pkgver=2.9.4 | 4 | pkgver=2.9.4 |
5 | pkgrel=3 | 5 | pkgrel=4 |
6 | pkgdesc="XML parsing library, version 2" | 6 | pkgdesc="XML parsing library, version 2" |
7 | url="http://www.xmlsoft.org/" | 7 | url="http://www.xmlsoft.org/" |
8 | arch="all" | 8 | arch="all" |
@@ -16,6 +16,7 @@ options="!strip" | |||
16 | source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz | 16 | source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz |
17 | CVE-2016-5131.patch | 17 | CVE-2016-5131.patch |
18 | CVE-2016-9318.patch | 18 | CVE-2016-9318.patch |
19 | CVE-2017-5969.patch | ||
19 | " | 20 | " |
20 | builddir="$srcdir/$pkgname-$pkgver" | 21 | builddir="$srcdir/$pkgname-$pkgver" |
21 | 22 | ||
@@ -24,6 +25,8 @@ builddir="$srcdir/$pkgname-$pkgver" | |||
24 | # - CVE-2016-5131 | 25 | # - CVE-2016-5131 |
25 | # 2.9.4-r2: | 26 | # 2.9.4-r2: |
26 | # - CVE-2016-9318 | 27 | # - CVE-2016-9318 |
28 | # 2.9.4-r4: | ||
29 | # - CVE-2017-5969 | ||
27 | 30 | ||
28 | build() { | 31 | build() { |
29 | cd "$builddir" | 32 | cd "$builddir" |
@@ -70,4 +73,5 @@ utils() { | |||
70 | 73 | ||
71 | sha512sums="f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 libxml2-2.9.4.tar.gz | 74 | sha512sums="f5174ab1a3a0ec0037a47f47aa47def36674e02bfb42b57f609563f84c6247c585dbbb133c056953a5adb968d328f18cbc102eb0d00d48eb7c95478389e5daf9 libxml2-2.9.4.tar.gz |
72 | c92cda9851fdf8af6cb21aa80f39b474cddef8c749298f5b51f76f871160ac9749fdaac3fa406cc0c75a666f7627983fce0e90fb2919f3a8c778e1148583be33 CVE-2016-5131.patch | 75 | c92cda9851fdf8af6cb21aa80f39b474cddef8c749298f5b51f76f871160ac9749fdaac3fa406cc0c75a666f7627983fce0e90fb2919f3a8c778e1148583be33 CVE-2016-5131.patch |
73 | 508550f2f3489954abceee5404722dc7a8dcf6590219561a1ab36c2c14b1d1bfc2bad0403577db4e20c2c4e8c9114beb6bd80b165bb8e02c6cc52e6c5fb6e1ee CVE-2016-9318.patch" | 76 | 508550f2f3489954abceee5404722dc7a8dcf6590219561a1ab36c2c14b1d1bfc2bad0403577db4e20c2c4e8c9114beb6bd80b165bb8e02c6cc52e6c5fb6e1ee CVE-2016-9318.patch |
77 | c1ce2284bdd874bd6eb1b2bef0e2c8d561861f82b5f03c4b7155e3ed11e2c56743d2f624530f0c7672d65329a13199e534f51ec19f06d4b6941b861dda50ef67 CVE-2017-5969.patch" | ||
diff --git a/main/libxml2/CVE-2017-5969.patch b/main/libxml2/CVE-2017-5969.patch new file mode 100644 index 0000000000..367ad730d0 --- /dev/null +++ b/main/libxml2/CVE-2017-5969.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | From 94691dc884d1a8ada39f073408b4bb92fe7fe882 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Veillard <veillard@redhat.com> | ||
3 | Date: Wed, 7 Jun 2017 16:47:36 +0200 | ||
4 | Subject: Fix NULL pointer deref in xmlDumpElementContent | ||
5 | |||
6 | Can only be triggered in recovery mode. | ||
7 | |||
8 | Fixes bug 758422 (CVE-2017-5969). | ||
9 | --- | ||
10 | valid.c | 24 ++++++++++++++---------- | ||
11 | 1 file changed, 14 insertions(+), 10 deletions(-) | ||
12 | |||
13 | diff --git a/valid.c b/valid.c | ||
14 | index 9b2df56..8075d3a 100644 | ||
15 | --- a/valid.c | ||
16 | +++ b/valid.c | ||
17 | @@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) | ||
18 | xmlBufferWriteCHAR(buf, content->name); | ||
19 | break; | ||
20 | case XML_ELEMENT_CONTENT_SEQ: | ||
21 | - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
22 | - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) | ||
23 | + if ((content->c1 != NULL) && | ||
24 | + ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
25 | + (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) | ||
26 | xmlDumpElementContent(buf, content->c1, 1); | ||
27 | else | ||
28 | xmlDumpElementContent(buf, content->c1, 0); | ||
29 | xmlBufferWriteChar(buf, " , "); | ||
30 | - if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || | ||
31 | - ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && | ||
32 | - (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) | ||
33 | + if ((content->c2 != NULL) && | ||
34 | + ((content->c2->type == XML_ELEMENT_CONTENT_OR) || | ||
35 | + ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && | ||
36 | + (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) | ||
37 | xmlDumpElementContent(buf, content->c2, 1); | ||
38 | else | ||
39 | xmlDumpElementContent(buf, content->c2, 0); | ||
40 | break; | ||
41 | case XML_ELEMENT_CONTENT_OR: | ||
42 | - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
43 | - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) | ||
44 | + if ((content->c1 != NULL) && | ||
45 | + ((content->c1->type == XML_ELEMENT_CONTENT_OR) || | ||
46 | + (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) | ||
47 | xmlDumpElementContent(buf, content->c1, 1); | ||
48 | else | ||
49 | xmlDumpElementContent(buf, content->c1, 0); | ||
50 | xmlBufferWriteChar(buf, " | "); | ||
51 | - if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || | ||
52 | - ((content->c2->type == XML_ELEMENT_CONTENT_OR) && | ||
53 | - (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) | ||
54 | + if ((content->c2 != NULL) && | ||
55 | + ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || | ||
56 | + ((content->c2->type == XML_ELEMENT_CONTENT_OR) && | ||
57 | + (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) | ||
58 | xmlDumpElementContent(buf, content->c2, 1); | ||
59 | else | ||
60 | xmlDumpElementContent(buf, content->c2, 0); | ||
61 | -- | ||
62 | cgit v0.12 | ||
63 | |||