diff options
| author | Brian Davis <slimm609@gmail.com> | 2020-09-15 16:37:12 -0400 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-09-16 05:27:30 -0300 |
| commit | d8bb86a854d343e8ec071584a1f43c32f0325cbe (patch) | |
| tree | 63428fac931c6e605435420f61d8d204f14bda5f | |
| parent | 40880457de10b4f94189e24a9fc8d2d063fbcd94 (diff) | |
| download | aports-d8bb86a854d343e8ec071584a1f43c32f0325cbe.tar.gz aports-d8bb86a854d343e8ec071584a1f43c32f0325cbe.tar.bz2 aports-d8bb86a854d343e8ec071584a1f43c32f0325cbe.tar.xz | |
main/libxml2: fix CVE-2020-24977
(cherry picked from commit d84e627ac3eb58c9324b16dff512000f8c980ce0)
| -rw-r--r-- | main/libxml2/APKBUILD | 9 | ||||
| -rw-r--r-- | main/libxml2/CVE-2020-24977.patch | 40 |
2 files changed, 47 insertions, 2 deletions
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 5e81f75e0e3..fb40d14324e 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.9.10 -pkgrel=4 +pkgrel=5 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -18,9 +18,12 @@ source="http://xmlsoft.org/sources/libxml2-$pkgver.tar.gz libxml2-CVE-2020-7595.patch revert-Make-xmlFreeNodeList-non-recursive.patch libxml2-2.9.8-python3-unicode-errors.patch + CVE-2020-24977.patch " # secfixes: +# 2.9.10-r5: +# - CVE-2020-24977 # 2.9.10-r4: # - CVE-2019-20388 # 2.9.8-r3: @@ -94,4 +97,6 @@ sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee 46ade1189ef24cb56bd38c2c58aaacc8f3e8404656b9976754e9ec9bfe17f71e9a1fdb6febd02947f6120b5ce320cbc7391baf8d0cb042877bcf81553010ad04 CVE-2019-20388.patch 90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 libxml2-CVE-2020-7595.patch 347178e432379d543683cba21b902e7305202c03e8dbd724ae395963d677096a5cfc4e345e208d498163ca5174683c167610fc2b297090476038bc2bb7c84b4f revert-Make-xmlFreeNodeList-non-recursive.patch -a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch" +a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch +b25a49cfb51569799ada41bad0efaf2666d70b9efb380987c3d5678fd943ada5d0baa18a3db5efa58dac65db8e2d2915ab5c6bac850d0c610656c89734853fd5 CVE-2020-24977.patch +" diff --git a/main/libxml2/CVE-2020-24977.patch b/main/libxml2/CVE-2020-24977.patch new file mode 100644 index 00000000000..9633641ae47 --- /dev/null +++ b/main/libxml2/CVE-2020-24977.patch @@ -0,0 +1,40 @@ +From 8e7c20a1af8776677d7890f30b7a180567701a49 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 3 Aug 2020 17:30:41 +0200 +Subject: [PATCH] Fix integer overflow when comparing schema dates + +Found by OSS-Fuzz. +--- + xmlschemastypes.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/xmlschemastypes.c b/xmlschemastypes.c +index 4249d7000..d6b9f924e 100644 +--- a/xmlschemastypes.c ++++ b/xmlschemastypes.c +@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y) + minday = 0; + maxday = 0; + } else { ++ if (myear > LONG_MAX / 366) ++ return -2; + /* FIXME: This doesn't take leap year exceptions every 100/400 years + into account. */ + maxday = 365 * myear + (myear + 3) / 4; +@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y) + if ((x == NULL) || (y == NULL)) + return -2; + ++ if ((x->value.date.year > LONG_MAX / 366) || ++ (x->value.date.year < LONG_MIN / 366) || ++ (y->value.date.year > LONG_MAX / 366) || ++ (y->value.date.year < LONG_MIN / 366)) { ++ /* Possible overflow when converting to days. */ ++ return -2; ++ } ++ + if (x->value.date.tz_flag) { + + if (!y->value.date.tz_flag) { +-- +GitLab
\ No newline at end of file |