aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2020-05-01 00:35:04 +0200
committerLeo <thinkabit.ukim@gmail.com>2020-05-02 18:43:11 +0000
commitac23b3e90113e1e6c771933e31ddfa087e9af9da (patch)
tree1f4822abf71c1707e9cffe55f7da4649f419008b
parent4cbbd3a95d473af93eebdc534acf3b7d1dccfcb0 (diff)
downloadaports-ac23b3e90113e1e6c771933e31ddfa087e9af9da.tar.gz
aports-ac23b3e90113e1e6c771933e31ddfa087e9af9da.tar.bz2
aports-ac23b3e90113e1e6c771933e31ddfa087e9af9da.tar.xz
main/libxml2: fix CVE-2019-20388
-rw-r--r--main/libxml2/APKBUILD6
-rw-r--r--main/libxml2/CVE-2019-20388.patch12
2 files changed, 17 insertions, 1 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index ab2d18b9c1..5e81f75e0e 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.10
-pkgrel=3
+pkgrel=4
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -14,12 +14,15 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils
py3-$pkgname:_py3"
options="!strip"
source="http://xmlsoft.org/sources/libxml2-$pkgver.tar.gz
+ CVE-2019-20388.patch
libxml2-CVE-2020-7595.patch
revert-Make-xmlFreeNodeList-non-recursive.patch
libxml2-2.9.8-python3-unicode-errors.patch
"
# secfixes:
+# 2.9.10-r4:
+# - CVE-2019-20388
# 2.9.8-r3:
# - CVE-2020-7595
# 2.9.8-r1:
@@ -88,6 +91,7 @@ utils() {
}
sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz
+46ade1189ef24cb56bd38c2c58aaacc8f3e8404656b9976754e9ec9bfe17f71e9a1fdb6febd02947f6120b5ce320cbc7391baf8d0cb042877bcf81553010ad04 CVE-2019-20388.patch
90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 libxml2-CVE-2020-7595.patch
347178e432379d543683cba21b902e7305202c03e8dbd724ae395963d677096a5cfc4e345e208d498163ca5174683c167610fc2b297090476038bc2bb7c84b4f revert-Make-xmlFreeNodeList-non-recursive.patch
a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch"
diff --git a/main/libxml2/CVE-2019-20388.patch b/main/libxml2/CVE-2019-20388.patch
new file mode 100644
index 0000000000..164b54ba2f
--- /dev/null
+++ b/main/libxml2/CVE-2019-20388.patch
@@ -0,0 +1,12 @@
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c84499d4185ca3a760b512daeca8760edaf05..39d92182f51ff723413cb41a0101d97b6647cdee 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+ vctxt->nberrors = 0;
+ vctxt->depth = -1;
+ vctxt->skipDepth = -1;
+- vctxt->xsiAssemble = 0;
+ vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+ vctxt->createIDCNodeTables = 1;