commit libxml2 for openSUSE:Factory

root Thu, 10 Sep 2020 13:46:19 -0700

Hello community,

here is the log from the commit of package libxml2 for openSUSE:Factory checked 
in at 2020-09-10 22:45:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxml2 (Old)
 and      /work/SRC/openSUSE:Factory/.libxml2.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libxml2"

Thu Sep 10 22:45:28 2020 rev:99 rq:832832 version:2.9.10

Changes:
--------
--- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes  2020-06-11 
14:38:27.400219318 +0200
+++ /work/SRC/openSUSE:Factory/.libxml2.new.4249/libxml2.changes        
2020-09-10 22:45:34.363687118 +0200
@@ -1,0 +2,7 @@
+Mon Sep  7 08:12:29 UTC 2020 - Pedro Monreal <pmonr...@suse.com>
+
+- Security fix: [bsc#1176179, CVE-2020-24977]
+  * xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal
+- Add patch libxml2-CVE-2020-24977.patch
+
+-------------------------------------------------------------------

New:
----
  libxml2-CVE-2020-24977.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.YckBWg/_old  2020-09-10 22:45:35.399688073 +0200
+++ /var/tmp/diff_new_pack.YckBWg/_new  2020-09-10 22:45:35.403688076 +0200
@@ -53,6 +53,8 @@
 Patch5:         libxml2-CVE-2020-7595.patch
 # PATCH-FIX-UPSTREAM bsc#1159928 CVE-2019-19956 Revert usptream commit
 Patch6:         libxml2-CVE-2019-19956.patch
+# PATCH-FIX-UPSTREAM bsc#1176179 CVE-2020-24977 xmllint: 
global-buffer-overflow in xmlEncodeEntitiesInternal
+Patch7:         libxml2-CVE-2020-24977.patch
 BuildRequires:  fdupes
 BuildRequires:  pkgconfig
 %if !%{with python}
@@ -175,6 +177,7 @@
 %patch4 -p1 -R
 %patch5 -p1
 %patch6 -p1 -R
+%patch7 -p1
 
 %build
 %if !%{with python}


++++++ libxml2-CVE-2020-24977.patch ++++++
>From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnho...@aevum.de>
Date: Fri, 7 Aug 2020 21:54:27 +0200
Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'

Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
array access.

Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
the report.

Fixes #178.
---
 xmllint.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xmllint.c b/xmllint.c
index f6a8e4636..c647486f3 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -528,6 +528,12 @@ static void
 xmlHTMLEncodeSend(void) {
     char *result;
 
+    /*
+     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
+     * end with a truncated UTF-8 sequence. This is a hack to at least avoid
+     * an out-of-bounds read.
+     */
+    memset(&buffer[sizeof(buffer)-4], 0, 4);
     result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
     if (result) {
        xmlGenericError(xmlGenericErrorContext, "%s", result);
-- 
GitLab

commit libxml2 for openSUSE:Factory

Reply via email to