Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libxml2 for openSUSE:Factory checked
in at 2021-05-13 22:18:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxml2 (Old)
and /work/SRC/openSUSE:Factory/.libxml2.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2"
Thu May 13 22:18:02 2021 rev:105 rq:892150 version:2.9.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2021-05-01
00:46:09.387596940 +0200
+++ /work/SRC/openSUSE:Factory/.libxml2.new.2988/libxml2.changes
2021-05-13 22:18:04.339691059 +0200
@@ -1,0 +2,7 @@
+Mon May 10 11:44:39 UTC 2021 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix: [bsc#1185698, CVE-2021-3537]
+ * NULL pointer dereference in valid.c:xmlValidBuildAContentModel
+ * Add libxml2-CVE-2021-3537.patch
+
+-------------------------------------------------------------------
New:
----
libxml2-CVE-2021-3537.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.v2xvjD/_old 2021-05-13 22:18:05.115688099 +0200
+++ /var/tmp/diff_new_pack.v2xvjD/_new 2021-05-13 22:18:05.119688083 +0200
@@ -72,6 +72,8 @@
Patch12: libxml2-CVE-2021-3517.patch
# PATCH-FIX-UPSTREAM bsc#1185408 CVE-2021-3518 use-after-free in
xinclude.c:xmlXIncludeDoProcess()
Patch13: libxml2-CVE-2021-3518.patch
+# PATCH-FIX-UPSTREAM bsc#1185698 CVE-2021-3537 NULL pointer dereference in
valid.c:xmlValidBuildAContentModel
+Patch14: libxml2-CVE-2021-3537.patch
BuildRequires: fdupes
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
@@ -181,6 +183,7 @@
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
%build
%if !%{with python}
++++++ libxml2-CVE-2021-3537.patch ++++++
>From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnho...@aevum.de>
Date: Sat, 1 May 2021 16:53:33 +0200
Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv
Check return value of recursive calls to
xmlParseElementChildrenContentDeclPriv and return immediately in case
of errors. Otherwise, struct xmlElementContent could contain unexpected
null pointers, leading to a null deref when post-validating documents
which aren't well-formed and parsed in recovery mode.
Fixes #243.
---
parser.c | 7 +++++++
1 file changed, 7 insertions(+)
Index: libxml2-2.9.10/parser.c
===================================================================
--- libxml2-2.9.10.orig/parser.c
+++ libxml2-2.9.10/parser.c
@@ -6195,6 +6195,8 @@ xmlParseElementChildrenContentDeclPriv(x
SKIP_BLANKS;
cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
depth + 1);
+ if (cur == NULL)
+ return(NULL);
SKIP_BLANKS;
GROW;
} else {
@@ -6328,6 +6330,11 @@ xmlParseElementChildrenContentDeclPriv(x
SKIP_BLANKS;
last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
depth + 1);
+ if (last == NULL) {
+ if (ret != NULL)
+ xmlFreeDocElementContent(ctxt->myDoc, ret);
+ return(NULL);
+ }
SKIP_BLANKS;
} else {
elem = xmlParseName(ctxt);
