download.lst | 4 external/libxml2/0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch.1 | 52 ++++++++++ external/libxml2/UnpackedTarball_libxml2.mk | 1 3 files changed, 55 insertions(+), 2 deletions(-)
New commits: commit 9e6e7ac147c60ee75c5b7aef2eef95f9c68133c6 Author: Michael Stahl <[email protected]> AuthorDate: Thu Oct 16 20:16:30 2025 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:06:32 2025 +0200 libxml2: add patch for CVE-2025-6021 Change-Id: I007f2faf0adf4b6f646bbbb55af5db8c643cc8df Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192548 Reviewed-by: Thorsten Behrens <[email protected]> Tested-by: allotropia jenkins <[email protected]> diff --git a/external/libxml2/0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch.1 b/external/libxml2/0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch.1 new file mode 100644 index 000000000000..48e75e5243f7 --- /dev/null +++ b/external/libxml2/0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch.1 @@ -0,0 +1,52 @@ +From acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <[email protected]> +Date: Tue, 27 May 2025 12:53:17 +0200 +Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName + +This issue affects memory safety and might receive a CVE ID later. + +Fixes #926. +--- + tree.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/tree.c b/tree.c +index 7454b07e..e14bc62a 100644 +--- a/tree.c ++++ b/tree.c +@@ -21,6 +21,7 @@ + #include <string.h> /* for memset() only ! */ + #include <stddef.h> + #include <limits.h> ++#include <stdint.h> + #include <ctype.h> + #include <stdlib.h> + +@@ -168,10 +168,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) { + xmlChar * + xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, + xmlChar *memory, int len) { +- int lenn, lenp; ++ size_t lenn, lenp; + xmlChar *ret; + +- if (ncname == NULL) return(NULL); ++ if ((ncname == NULL) || (len < 0)) return(NULL); + if (prefix == NULL) return((xmlChar *) ncname); + + #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +@@ -182,8 +182,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, + + lenn = strlen((char *) ncname); + lenp = strlen((char *) prefix); ++ if (lenn >= SIZE_MAX - lenp - 1) ++ return(NULL); + +- if ((memory == NULL) || (len < lenn + lenp + 2)) { ++ if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) { + ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2); + if (ret == NULL) + return(NULL); +-- +2.51.0 + diff --git a/external/libxml2/UnpackedTarball_libxml2.mk b/external/libxml2/UnpackedTarball_libxml2.mk index 489fb007572b..8b73279d1113 100644 --- a/external/libxml2/UnpackedTarball_libxml2.mk +++ b/external/libxml2/UnpackedTarball_libxml2.mk @@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxml2,\ $(if $(gb_Module_CURRENTMODULE_SYMBOLS_ENABLED), \ external/libxml2/libxml2-icu-sym.patch.0, \ external/libxml2/libxml2-icu.patch.0) \ + external/libxml2/0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch.1 \ )) $(eval $(call gb_UnpackedTarball_add_file,libxml2,xml2-config.in,external/libxml2/xml2-config.in)) commit e8c46b6f78d11da6cf36b52fa292496ac9921f6e Author: Xisco Fauli <[email protected]> AuthorDate: Wed Apr 23 10:18:37 2025 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:06:17 2025 +0200 libxml2: upgrade to 2.13.8 Downloaded from https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.8.tar.xz Change-Id: I24dc935a4a878ec3f5de996cecd3615cbed92321 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/184462 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit ace0eff7d9b091eeb22258a49c1ddbd77b1e9f62) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/184475 Reviewed-by: Christian Lohmaier <[email protected]> (cherry picked from commit de01ebb8caa4d3381cc32b9000900d12cd74a09e) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192547 Tested-by: allotropia jenkins <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/download.lst b/download.lst index 6beb237a3cdf..a0de13944e63 100644 --- a/download.lst +++ b/download.lst @@ -351,8 +351,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 14796d24402108e99d8de4e974d539bed62e23af8c4233317274ce073ceff93b -LIBXML_VERSION_MICRO := 7 +LIBXML_SHA256SUM := 277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a +LIBXML_VERSION_MICRO := 8 LIBXML_TARBALL := libxml2-2.13.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit 2782b74115a79897fbcb8e5ececfd422d57a0838 Author: Xisco Fauli <[email protected]> AuthorDate: Thu Mar 27 16:32:52 2025 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:06:06 2025 +0200 libxml2: upgrade to 2.13.7 Downloaded from https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.7.tar.xz Change-Id: Ic65581fd80ebc73d052f934afcf61954fc6e6527 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183408 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 63098d0bd802fb0cdbfcd0c9505fe2c4019bf5ad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192546 Tested-by: Thorsten Behrens <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/download.lst b/download.lst index 11c36336f2db..6beb237a3cdf 100644 --- a/download.lst +++ b/download.lst @@ -351,8 +351,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := f453480307524968f7a04ec65e64f2a83a825973bcd260a2e7691be82ae70c96 -LIBXML_VERSION_MICRO := 6 +LIBXML_SHA256SUM := 14796d24402108e99d8de4e974d539bed62e23af8c4233317274ce073ceff93b +LIBXML_VERSION_MICRO := 7 LIBXML_TARBALL := libxml2-2.13.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit cc7a6b8bfd79c2a675578f65fb3410a1e1ca3a7e Author: Xisco Fauli <[email protected]> AuthorDate: Wed Feb 19 09:38:27 2025 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:05:34 2025 +0200 libxml2: upgrade to 2.13.6 Downloaded from https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.6.tar.xz Change-Id: Ia52a7fd49d9db7a339e5defacce866e4aad34efc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181867 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 09721edb1c48c996b965b2e533f271d9df401414) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181874 Reviewed-by: Michael Weghorn <[email protected]> (cherry picked from commit a023afdad6888b39c6efaaaebfc3c70f736b7a0b) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192545 Tested-by: allotropia jenkins <[email protected]> Reviewed-by: Thorsten Behrens <[email protected]> diff --git a/download.lst b/download.lst index 4aa8029f9095..11c36336f2db 100644 --- a/download.lst +++ b/download.lst @@ -351,8 +351,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 74fc163217a3964257d3be39af943e08861263c4231f9ef5b496b6f6d4c7b2b6 -LIBXML_VERSION_MICRO := 5 +LIBXML_SHA256SUM := f453480307524968f7a04ec65e64f2a83a825973bcd260a2e7691be82ae70c96 +LIBXML_VERSION_MICRO := 6 LIBXML_TARBALL := libxml2-2.13.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit 908ab491fd8123e5a90b903b68965db8e397a0e9 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Nov 13 09:49:58 2024 +0100 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:05:21 2025 +0200 libxml2: upgrade to 2.13.5 Downloaded from https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.5.tar.xz Change-Id: I8b88b49fdda737c74bc0c2b3b18b14ada3389f20 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176519 Reviewed-by: Xisco Fauli <[email protected]> Tested-by: Jenkins (cherry picked from commit d7c396771303c772bb8ed8c01b3b76d74946f179) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192544 Reviewed-by: Thorsten Behrens <[email protected]> Tested-by: allotropia jenkins <[email protected]> diff --git a/download.lst b/download.lst index 2235cd2798ec..4aa8029f9095 100644 --- a/download.lst +++ b/download.lst @@ -351,8 +351,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 65d042e1c8010243e617efb02afda20b85c2160acdbfbcb5b26b80cec6515650 -LIBXML_VERSION_MICRO := 4 +LIBXML_SHA256SUM := 74fc163217a3964257d3be39af943e08861263c4231f9ef5b496b6f6d4c7b2b6 +LIBXML_VERSION_MICRO := 5 LIBXML_TARBALL := libxml2-2.13.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick commit b0df79f095f842dc8ab3123e7330d23d87508358 Author: Xisco Fauli <[email protected]> AuthorDate: Wed Sep 18 15:54:25 2024 +0200 Commit: Thorsten Behrens <[email protected]> CommitDate: Wed Oct 22 00:05:06 2025 +0200 libxml2: upgrade to 2.13.4 * 0001-ofz-70675-XML_ERR_FATAL-not-ending-parse.patch.0 is no longer needed. fixed upstream Downloaded from https://download-fallback.gnome.org/sources/libxml2/2.13/libxml2-2.13.4.tar.xz Change-Id: I7d39940ad5b197b302c57110e147aef7d2b911d6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173621 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit d500848976b6244048684a9972322b582559910a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192543 Reviewed-by: Thorsten Behrens <[email protected]> Tested-by: allotropia jenkins <[email protected]> diff --git a/download.lst b/download.lst index 2e5b5a3e311f..2235cd2798ec 100644 --- a/download.lst +++ b/download.lst @@ -351,8 +351,8 @@ XMLSEC_TARBALL := xmlsec1-1.2.28.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts -LIBXML_SHA256SUM := 0805d7c180cf09caad71666c7a458a74f041561a532902454da5047d83948138 -LIBXML_VERSION_MICRO := 3 +LIBXML_SHA256SUM := 65d042e1c8010243e617efb02afda20b85c2160acdbfbcb5b26b80cec6515650 +LIBXML_VERSION_MICRO := 4 LIBXML_TARBALL := libxml2-2.13.$(LIBXML_VERSION_MICRO).tar.xz # three static lines # so that git cherry-pick
