From 8874c00a8080b7e54f738486bcacfedf0020b950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Mon, 17 Jul 2017 13:23:33 +0200 Subject: Fix CVE-2017-10672
--- XML-LibXML-2.0129-CVE-2017-10672.patch | 77 ++++++++++++++++++++++++++++++++++ perl-XML-LibXML.spec | 10 ++++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 XML-LibXML-2.0129-CVE-2017-10672.patch diff --git a/XML-LibXML-2.0129-CVE-2017-10672.patch b/XML-LibXML-2.0129-CVE-2017-10672.patch new file mode 100644 index 0000000..dd7c702 --- /dev/null +++ b/XML-LibXML-2.0129-CVE-2017-10672.patch @@ -0,0 +1,77 @@ +diff -urN XML-LibXML-2.0129.orig/LibXML.xs XML-LibXML-2.0129/LibXML.xs +--- XML-LibXML-2.0129.orig/LibXML.xs 2016-06-24 18:01:53.000000000 +0200 ++++ XML-LibXML-2.0129/LibXML.xs 2017-07-13 12:41:48.000000000 +0200 +@@ -4829,38 +4829,42 @@ + PREINIT: + xmlNodePtr ret = NULL; + CODE: +- if ( self->type == XML_DOCUMENT_NODE ) { +- switch ( nNode->type ) { +- case XML_ELEMENT_NODE: +- warn("replaceChild with an element on a document node not supported yet!"); +- XSRETURN_UNDEF; +- break; +- case XML_DOCUMENT_FRAG_NODE: +- warn("replaceChild with a document fragment node on a document node not supported yet!"); +- XSRETURN_UNDEF; +- break; +- case XML_TEXT_NODE: +- case XML_CDATA_SECTION_NODE: +- warn("replaceChild with a text node not supported on a document node!"); +- XSRETURN_UNDEF; +- break; +- default: +- break; +- } +- } +- ret = domReplaceChild( self, nNode, oNode ); +- if (ret == NULL) { +- XSRETURN_UNDEF; +- } +- else { +- LibXML_reparent_removed_node(ret); +- RETVAL = PmmNodeToSv(ret, PmmOWNERPO(PmmPROXYNODE(ret))); +- if (nNode->type == XML_DTD_NODE) { +- LibXML_set_int_subset(nNode->doc, nNode); ++ if( nNode == oNode ) { ++ RETVAL = nNode; ++ }else{ ++ if ( self->type == XML_DOCUMENT_NODE ) { ++ switch ( nNode->type ) { ++ case XML_ELEMENT_NODE: ++ warn("replaceChild with an element on a document node not supported yet!"); ++ XSRETURN_UNDEF; ++ break; ++ case XML_DOCUMENT_FRAG_NODE: ++ warn("replaceChild with a document fragment node on a document node not supported yet!"); ++ XSRETURN_UNDEF; ++ break; ++ case XML_TEXT_NODE: ++ case XML_CDATA_SECTION_NODE: ++ warn("replaceChild with a text node not supported on a document node!"); ++ XSRETURN_UNDEF; ++ break; ++ default: ++ break; ++ } + } +- if ( nNode->_private != NULL ) { +- PmmFixOwner( PmmPROXYNODE(nNode), +- PmmOWNERPO(PmmPROXYNODE(self)) ); ++ ret = domReplaceChild( self, nNode, oNode ); ++ if (ret == NULL) { ++ XSRETURN_UNDEF; ++ } ++ else { ++ LibXML_reparent_removed_node(ret); ++ RETVAL = PmmNodeToSv(ret, PmmOWNERPO(PmmPROXYNODE(ret))); ++ if (nNode->type == XML_DTD_NODE) { ++ LibXML_set_int_subset(nNode->doc, nNode); ++ } ++ if ( nNode->_private != NULL ) { ++ PmmFixOwner( PmmPROXYNODE(nNode), ++ PmmOWNERPO(PmmPROXYNODE(self)) ); ++ } + } + } + OUTPUT: diff --git a/perl-XML-LibXML.spec b/perl-XML-LibXML.spec index 94522cb..a3bb70b 100644 --- a/perl-XML-LibXML.spec +++ b/perl-XML-LibXML.spec @@ -8,13 +8,16 @@ Name: perl-XML-LibXML # it might not be needed anymore # this module is maintained, the other is not Version: 2.0129 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 Summary: Perl interface to the libxml2 library Group: Development/Libraries License: (GPL+ or Artistic) and MIT URL: http://search.cpan.org/dist/XML-LibXML/ Source0: http://search.cpan.org/CPAN/authors/id/S/SH/SHLOMIF/XML-LibXML-%{version}.tar.gz +# Fix CVE-2017-10672 (use-after-free by controlling the arguments to +# a replaceChild call), bug #1470205 +Patch0: XML-LibXML-2.0129-CVE-2017-10672.patch BuildRequires: coreutils BuildRequires: findutils BuildRequires: glibc-common @@ -93,6 +96,7 @@ validating XML parser and the high performance DOM implementation. %prep %setup -q -n XML-LibXML-%{version} +%patch0 -p1 chmod -x *.c for i in Changes; do /usr/bin/iconv -f iso8859-1 -t utf-8 $i > $i.conv && /bin/mv -f $i.conv $i @@ -136,6 +140,10 @@ fi %{_mandir}/man3/*.3* %changelog +* Mon Jul 17 2017 Petr Pisar <ppi...@redhat.com> - 1:2.0129-5 +- Fix CVE-2017-10672 (use-after-free by controlling the arguments to + a replaceChild call) (bug #1470205) + * Fri Jul 14 2017 Petr Pisar <ppi...@redhat.com> - 1:2.0129-4 - Rename perl dependency in scriptlets -- cgit v1.1 https://src.fedoraproject.org/cgit/perl-XML-LibXML.git/commit/?h=master&id=8874c00a8080b7e54f738486bcacfedf0020b950 _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org