diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 9786ea46694..8cc33bb0486 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter pkgname=libxml2 pkgver=2.9.9 -pkgrel=2 +pkgrel=3 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -15,10 +15,13 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils options="!strip" source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz fix-null-pointer-dereference.patch + CVE-2019-19956.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 2.9.9-r3: +# - CVE-2019-19956 # 2.9.8-r1: # - CVE-2018-9251 # - CVE-2018-14404 @@ -110,4 +113,5 @@ utils() { } sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810 libxml2-2.9.9.tar.gz -83074e582cdba8bedff40fc653731ad18ca357bde8f1420e2e8a2a38998b951aebcb73ca5d51859be3b4d9bc1a0308836ca2bb612269edbc61b9dd6ebc7fdb2a fix-null-pointer-dereference.patch" +83074e582cdba8bedff40fc653731ad18ca357bde8f1420e2e8a2a38998b951aebcb73ca5d51859be3b4d9bc1a0308836ca2bb612269edbc61b9dd6ebc7fdb2a fix-null-pointer-dereference.patch +0e03d0dcfae1e99e06c7a4c9a4d863a1518589e403d79665727883b27d7c0d7026b18e29b7c68df41138fbdffb88d977c5ef10ce2ffb96d1a6255304d89c2bb6 CVE-2019-19956.patch" diff --git a/main/libxml2/CVE-2019-19956.patch b/main/libxml2/CVE-2019-19956.patch new file mode 100644 index 00000000000..5bfb5d50648 --- /dev/null +++ b/main/libxml2/CVE-2019-19956.patch @@ -0,0 +1,33 @@ +From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie +Date: Wed, 7 Aug 2019 17:39:17 +0800 +Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover + +When doc is NULL, namespace created in xmlTreeEnsureXMLDecl +is bind to newDoc->oldNs, in this case, set newDoc->oldNs to +NULL and free newDoc will cause a memory leak. + +Found with libFuzzer. + +Closes #82. +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 1ce1ccf1..26d9f4e3 100644 +--- a/parser.c ++++ b/parser.c +@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax, + xmlFreeParserCtxt(ctxt); + newDoc->intSubset = NULL; + newDoc->extSubset = NULL; +- newDoc->oldNs = NULL; ++ if(doc != NULL) ++ newDoc->oldNs = NULL; + xmlFreeDoc(newDoc); + + return(ret); +-- +2.24.1 +