From f54977e0ff03504bc6c719135b3e5e32cff6d26b Mon Sep 17 00:00:00 2001 From: zhuofeng Date: Tue, 30 Jul 2024 14:45:44 +0800 Subject: [PATCH] fix CVE-2024-40896 --- backport-CVE-2024-40896.patch | 37 +++++++++++++++++++++++++++++++++++ libxml2.spec | 9 ++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-40896.patch diff --git a/backport-CVE-2024-40896.patch b/backport-CVE-2024-40896.patch new file mode 100644 index 0000000..9fddd1e --- /dev/null +++ b/backport-CVE-2024-40896.patch @@ -0,0 +1,37 @@ +From ae8f0ac0a2900219c3d762ae0b513e199dcf19a5 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 6 Jul 2024 01:03:46 +0200 +Subject: [PATCH] [CVE-2024-40896] Fix XXE protection in downstream code + +Some users set an entity's children manually in the getEntity SAX +callback to restrict entity expansion. This stopped working after +renaming the "checked" member of xmlEntity, making at least one +downstream project and its dependants susceptible to XXE attacks. + +See #761. +--- + parser.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/parser.c b/parser.c +index 4feb21a28..8fe0a064d 100644 +--- a/parser.c ++++ b/parser.c +@@ -7148,6 +7148,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + return; + } + ++ /* ++ * Some users try to parse entities on their own and used to set ++ * the renamed "checked" member. Fix the flags to cover this ++ * case. ++ */ ++ if (((ent->flags & XML_ENT_PARSED) == 0) && (ent->children != NULL)) ++ ent->flags |= XML_ENT_PARSED; ++ + /* + * The first reference to the entity trigger a parsing phase + * where the ent->children is filled with the result from +-- +GitLab + diff --git a/libxml2.spec b/libxml2.spec index 595c4ea..0c62d98 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,13 +1,14 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.12.6 -Release: 2 +Release: 3 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.11/%{name}-%{version}.tar.xz Patch0: libxml2-multilib.patch Patch1: backport-CVE-2024-34459.patch +Patch2: backport-CVE-2024-40896.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel @@ -159,6 +160,12 @@ rm -fr %{buildroot} %changelog +* Tue Jul 30 2024 zhuofeng - 2.12.6-3 +- Type:CVE +- CVE:CVE-2024-40896 +- SUG:NA +- DESC:fix CVE-2024-40896 + * Tue May 14 2024 cenhuilin - 2.12.6-2 - Type:CVE - CVE:CVE-2024-34459 -- Gitee