aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian Davis <slimm609@gmail.com>2020-09-15 16:37:12 -0400
committerLeo <thinkabit.ukim@gmail.com>2020-09-16 08:26:23 +0000
commitd84e627ac3eb58c9324b16dff512000f8c980ce0 (patch)
treea9258960f50b8a29a65fc1edf15d71cc9e00f732
parentc68b72138ba99338ad770d43fce7bfa824fe3c16 (diff)
downloadaports-d84e627ac3eb58c9324b16dff512000f8c980ce0.tar.gz
aports-d84e627ac3eb58c9324b16dff512000f8c980ce0.tar.bz2
aports-d84e627ac3eb58c9324b16dff512000f8c980ce0.tar.xz
main/libxml2: fix CVE-2020-24977
-rw-r--r--main/libxml2/APKBUILD9
-rw-r--r--main/libxml2/CVE-2020-24977.patch40
2 files changed, 47 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 5e81f75e0e..fb40d14324 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.10
-pkgrel=4
+pkgrel=5
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -18,9 +18,12 @@ source="http://xmlsoft.org/sources/libxml2-$pkgver.tar.gz
libxml2-CVE-2020-7595.patch
revert-Make-xmlFreeNodeList-non-recursive.patch
libxml2-2.9.8-python3-unicode-errors.patch
+ CVE-2020-24977.patch
"
# secfixes:
+# 2.9.10-r5:
+# - CVE-2020-24977
# 2.9.10-r4:
# - CVE-2019-20388
# 2.9.8-r3:
@@ -94,4 +97,6 @@ sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee
46ade1189ef24cb56bd38c2c58aaacc8f3e8404656b9976754e9ec9bfe17f71e9a1fdb6febd02947f6120b5ce320cbc7391baf8d0cb042877bcf81553010ad04 CVE-2019-20388.patch
90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 libxml2-CVE-2020-7595.patch
347178e432379d543683cba21b902e7305202c03e8dbd724ae395963d677096a5cfc4e345e208d498163ca5174683c167610fc2b297090476038bc2bb7c84b4f revert-Make-xmlFreeNodeList-non-recursive.patch
-a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch"
+a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch
+b25a49cfb51569799ada41bad0efaf2666d70b9efb380987c3d5678fd943ada5d0baa18a3db5efa58dac65db8e2d2915ab5c6bac850d0c610656c89734853fd5 CVE-2020-24977.patch
+"
diff --git a/main/libxml2/CVE-2020-24977.patch b/main/libxml2/CVE-2020-24977.patch
new file mode 100644
index 0000000000..9633641ae4
--- /dev/null
+++ b/main/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,40 @@
+From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Aug 2020 17:30:41 +0200
+Subject: [PATCH] Fix integer overflow when comparing schema dates
+
+Found by OSS-Fuzz.
+---
+ xmlschemastypes.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/xmlschemastypes.c b/xmlschemastypes.c
+index 4249d7000..d6b9f924e 100644
+--- a/xmlschemastypes.c
++++ b/xmlschemastypes.c
+@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
+ minday = 0;
+ maxday = 0;
+ } else {
++ if (myear > LONG_MAX / 366)
++ return -2;
+ /* FIXME: This doesn't take leap year exceptions every 100/400 years
+ into account. */
+ maxday = 365 * myear + (myear + 3) / 4;
+@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
+ if ((x == NULL) || (y == NULL))
+ return -2;
+
++ if ((x->value.date.year > LONG_MAX / 366) ||
++ (x->value.date.year < LONG_MIN / 366) ||
++ (y->value.date.year > LONG_MAX / 366) ||
++ (y->value.date.year < LONG_MIN / 366)) {
++ /* Possible overflow when converting to days. */
++ return -2;
++ }
++
+ if (x->value.date.tz_flag) {
+
+ if (!y->value.date.tz_flag) {
+--
+GitLab \ No newline at end of file