kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix several CVE: CVE-2024-56171, CVE-2025-24928, CVE-2025-32414

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-06-13 12:30:26 +02:00
parent 66b22f147f
commit ee90a418d6
4 changed files with 69 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
textproc/libxml2/Makefile
View File

@ -1,10 +1,14 @@
PORTNAME= libxml2 PORTNAME= libxml2
DISTVERSION= 2.11.9 DISTVERSION= 2.11.9
PORTREVISION?= 0 PORTREVISION?= 1
CATEGORIES?= textproc gnome CATEGORIES?= textproc gnome
MASTER_SITES= GNOME MASTER_SITES= GNOME
DIST_SUBDIR= gnome DIST_SUBDIR= gnome
# FIX CVE-2025-32414
PATCH_SITES= https://gitlab.gnome.org/-/project/1665/uploads/
PATCHFILES+= 90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch:-p1
MAINTAINER= desktop@FreeBSD.org MAINTAINER= desktop@FreeBSD.org
COMMENT?= XML parser library for GNOME COMMENT?= XML parser library for GNOME
WWW= http://xmlsoft.org/ WWW= http://xmlsoft.org/
@ -13,6 +17,7 @@ LICENSE= MIT
USES+= cmake:testing cpe iconv localbase:ldflags pathfix \ USES+= cmake:testing cpe iconv localbase:ldflags pathfix \
pkgconfig tar:xz pkgconfig tar:xz
CPE_VENDOR= xmlsoft CPE_VENDOR= xmlsoft
USE_LDCONFIG= yes USE_LDCONFIG= yes
# Don't build with Python support unless requested # Don't build with Python support unless requested

4
textproc/libxml2/distinfo
View File

@ -1,3 +1,5 @@
TIMESTAMP = 1725749707 TIMESTAMP = 1749806706
SHA256 (gnome/libxml2-2.11.9.tar.xz) = 780157a1efdb57188ec474dca87acaee67a3a839c2525b2214d318228451809f SHA256 (gnome/libxml2-2.11.9.tar.xz) = 780157a1efdb57188ec474dca87acaee67a3a839c2525b2214d318228451809f
SIZE (gnome/libxml2-2.11.9.tar.xz) = 2627500 SIZE (gnome/libxml2-2.11.9.tar.xz) = 2627500
SHA256 (gnome/90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch) = 48eb9235fa0ebb1f539b9669d01a05ed5afb73132eee13a9dfe08ac2165e6e8a
SIZE (gnome/90c0ee56b5b7d6d91cb9bcd04b923b6c/bug-889-v2.11.0-and-above.patch) = 2113

18
textproc/libxml2/files/patch-CVE-2024-56171 Normal file
View File

@ -0,0 +1,18 @@
--- xmlschemas.c.orig 2024-07-24 16:00:51.000000000 +0200
+++ xmlschemas.c 2025-06-13 12:28:51.821977000 +0200
@@ -23672,6 +23672,7 @@
}
if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1)
goto internal_error;
+ dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
/*
* Remove the duplicate entry from the IDC node-table.
*/
@@ -23888,6 +23889,7 @@
goto internal_error;
}
xmlSchemaItemListAdd(parBind->dupls, parNode);
+ dupls = (xmlSchemaPSVIIDCNodePtr *) parBind->dupls->items;
} else {
/*
* Add the node-table entry (node and key-sequence) of

42
textproc/libxml2/files/patch-CVE-2025-24928 Normal file
View File

@ -0,0 +1,42 @@
--- valid.c.orig 2024-07-24 16:00:51.000000000 +0200
+++ valid.c 2025-06-13 12:21:58.669680000 +0200
@@ -5252,25 +5252,27 @@
return;
}
switch (cur->type) {
- case XML_ELEMENT_NODE:
+ case XML_ELEMENT_NODE: {
+ int qnameLen = xmlStrlen(cur->name);
+
+ if ((cur->ns != NULL) && (cur->ns->prefix != NULL))
+ qnameLen += xmlStrlen(cur->ns->prefix) + 1;
+ if (size - len < qnameLen + 10) {
+ if ((size - len > 4) && (buf[len - 1] != '.'))
+ strcat(buf, " ...");
+ return;
+ }
+
if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) {
- if (size - len < xmlStrlen(cur->ns->prefix) + 10) {
- if ((size - len > 4) && (buf[len - 1] != '.'))
- strcat(buf, " ...");
- return;
- }
strcat(buf, (char *) cur->ns->prefix);
strcat(buf, ":");
}
- if (size - len < xmlStrlen(cur->name) + 10) {
- if ((size - len > 4) && (buf[len - 1] != '.'))
- strcat(buf, " ...");
- return;
- }
- strcat(buf, (char *) cur->name);
+ if (cur->name != NULL)
+ strcat(buf, (char *) cur->name);
if (cur->next != NULL)
strcat(buf, " ");
break;
+ }
case XML_TEXT_NODE:
if (xmlIsBlankNode(cur))
break;