Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2021-05-13 22:18:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Thu May 13 22:18:02 2021 rev:105 rq:892150 version:2.9.10 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2021-05-01 00:46:09.387596940 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new.2988/libxml2.changes 2021-05-13 22:18:04.339691059 +0200 @@ -1,0 +2,7 @@ +Mon May 10 11:44:39 UTC 2021 - Pedro Monreal <pmonr...@suse.com> + +- Security fix: [bsc#1185698, CVE-2021-3537] + * NULL pointer dereference in valid.c:xmlValidBuildAContentModel + * Add libxml2-CVE-2021-3537.patch + +------------------------------------------------------------------- New: ---- libxml2-CVE-2021-3537.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.v2xvjD/_old 2021-05-13 22:18:05.115688099 +0200 +++ /var/tmp/diff_new_pack.v2xvjD/_new 2021-05-13 22:18:05.119688083 +0200 @@ -72,6 +72,8 @@ Patch12: libxml2-CVE-2021-3517.patch # PATCH-FIX-UPSTREAM bsc#1185408 CVE-2021-3518 use-after-free in xinclude.c:xmlXIncludeDoProcess() Patch13: libxml2-CVE-2021-3518.patch +# PATCH-FIX-UPSTREAM bsc#1185698 CVE-2021-3537 NULL pointer dereference in valid.c:xmlValidBuildAContentModel +Patch14: libxml2-CVE-2021-3537.patch BuildRequires: fdupes BuildRequires: pkgconfig BuildRequires: python-rpm-macros @@ -181,6 +183,7 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build %if !%{with python} ++++++ libxml2-CVE-2021-3537.patch ++++++ >From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer <wellnho...@aevum.de> Date: Sat, 1 May 2021 16:53:33 +0200 Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. Otherwise, struct xmlElementContent could contain unexpected null pointers, leading to a null deref when post-validating documents which aren't well-formed and parsed in recovery mode. Fixes #243. --- parser.c | 7 +++++++ 1 file changed, 7 insertions(+) Index: libxml2-2.9.10/parser.c =================================================================== --- libxml2-2.9.10.orig/parser.c +++ libxml2-2.9.10/parser.c @@ -6195,6 +6195,8 @@ xmlParseElementChildrenContentDeclPriv(x SKIP_BLANKS; cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, depth + 1); + if (cur == NULL) + return(NULL); SKIP_BLANKS; GROW; } else { @@ -6328,6 +6330,11 @@ xmlParseElementChildrenContentDeclPriv(x SKIP_BLANKS; last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, depth + 1); + if (last == NULL) { + if (ret != NULL) + xmlFreeDocElementContent(ctxt->myDoc, ret); + return(NULL); + } SKIP_BLANKS; } else { elem = xmlParseName(ctxt);