aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-09-16 05:31:27 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-09-16 05:41:54 -0300
commitc76184d821a9df9c0a0d31e288e37d6030393ee1 (patch)
tree6e7a810b35cd23c937494288a1e99b13e386856b
parentf2e3873f63b4a8a5b1d87eda9f8becc6254b19a7 (diff)
downloadaports-c76184d821a9df9c0a0d31e288e37d6030393ee1.tar.gz
aports-c76184d821a9df9c0a0d31e288e37d6030393ee1.tar.bz2
aports-c76184d821a9df9c0a0d31e288e37d6030393ee1.tar.xz
main/libxml2: fix CVE-2020-24977
-rw-r--r--main/libxml2/APKBUILD8
-rw-r--r--main/libxml2/CVE-2020-24977.patch30
2 files changed, 36 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 2f2d4f25c4..0636a38dc4 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.9
-pkgrel=2
+pkgrel=3
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -16,10 +16,13 @@ options="!strip"
source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
fix-null-pointer-dereference.patch
CVE-2019-19956.patch
+ CVE-2020-24977.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 2.9.9-r3:
+# - CVE-2020-24977
# 2.9.9-r2:
# - CVE-2019-19956
# 2.9.8-r1:
@@ -114,4 +117,5 @@ utils() {
sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810 libxml2-2.9.9.tar.gz
83074e582cdba8bedff40fc653731ad18ca357bde8f1420e2e8a2a38998b951aebcb73ca5d51859be3b4d9bc1a0308836ca2bb612269edbc61b9dd6ebc7fdb2a fix-null-pointer-dereference.patch
-0e03d0dcfae1e99e06c7a4c9a4d863a1518589e403d79665727883b27d7c0d7026b18e29b7c68df41138fbdffb88d977c5ef10ce2ffb96d1a6255304d89c2bb6 CVE-2019-19956.patch"
+0e03d0dcfae1e99e06c7a4c9a4d863a1518589e403d79665727883b27d7c0d7026b18e29b7c68df41138fbdffb88d977c5ef10ce2ffb96d1a6255304d89c2bb6 CVE-2019-19956.patch
+dfc6fa0232bd94635c66535734175c04e8b7461c216e1337da68d7c5dce36fc750f787f2ee08ef6d91521df55c45f4ae235f8f44bea697a7c734a3b62c9fab60 CVE-2020-24977.patch"
diff --git a/main/libxml2/CVE-2020-24977.patch b/main/libxml2/CVE-2020-24977.patch
new file mode 100644
index 0000000000..cd348c2aa5
--- /dev/null
+++ b/main/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,30 @@
+Found by OSS-Fuzz
+
+diff --git a/xmlschemastypes.c b/xmlschemastypes.c
+index ca381d3..dd9eac1 100644
+--- a/xmlschemastypes.c
++++ b/xmlschemastypes.c
+@@ -3628,6 +3628,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
+ minday = 0;
+ maxday = 0;
+ } else {
++ if (myear > LONG_MAX / 366)
++ return -2;
+ maxday = 366 * ((myear + 3) / 4) +
+ 365 * ((myear - 1) % 4);
+ minday = maxday - 1;
+@@ -4014,6 +4016,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
+ if ((x == NULL) || (y == NULL))
+ return -2;
+
++ if ((x->value.date.year > LONG_MAX / 366) ||
++ (x->value.date.year < LONG_MIN / 366) ||
++ (y->value.date.year > LONG_MAX / 366) ||
++ (y->value.date.year < LONG_MIN / 366)) {
++ /* Possible overflow when converting to days. */
++ return -2;
++ }
++
+ if (x->value.date.tz_flag) {
+
+ if (!y->value.date.tz_flag) {