kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix several CVE: CVE-2024-56171, CVE-2025-24928, CVE-2025-32414

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-06-13 12:30:26 +02:00
parent 66b22f147f
commit ee90a418d6
4 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
textproc/libxml2/files/patch-CVE-2025-24928 Normal file
View File

@ -0,0 +1,42 @@
--- valid.c.orig 2024-07-24 16:00:51.000000000 +0200
+++ valid.c 2025-06-13 12:21:58.669680000 +0200
@@ -5252,25 +5252,27 @@
return;
}
switch (cur->type) {
- case XML_ELEMENT_NODE:
+ case XML_ELEMENT_NODE: {
+ int qnameLen = xmlStrlen(cur->name);
+
+ if ((cur->ns != NULL) && (cur->ns->prefix != NULL))
+ qnameLen += xmlStrlen(cur->ns->prefix) + 1;
+ if (size - len < qnameLen + 10) {
+ if ((size - len > 4) && (buf[len - 1] != '.'))
+ strcat(buf, " ...");
+ return;
+ }
+
if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) {
- if (size - len < xmlStrlen(cur->ns->prefix) + 10) {
- if ((size - len > 4) && (buf[len - 1] != '.'))
- strcat(buf, " ...");
- return;
- }
strcat(buf, (char *) cur->ns->prefix);
strcat(buf, ":");
}
- if (size - len < xmlStrlen(cur->name) + 10) {
- if ((size - len > 4) && (buf[len - 1] != '.'))
- strcat(buf, " ...");
- return;
- }
- strcat(buf, (char *) cur->name);
+ if (cur->name != NULL)
+ strcat(buf, (char *) cur->name);
if (cur->next != NULL)
strcat(buf, " ");
break;
+ }
case XML_TEXT_NODE:
if (xmlIsBlankNode(cur))
break;