Change-Id: Ie59cdab0feec620a9fcb0ff92f6071327f93f251
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3473
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,14 @@ |
0 |
+diff -dupr a/parser.c b/parser.c |
|
1 |
+--- a/parser.c 2016-05-23 00:25:25.000000000 -0700 |
|
2 |
+@@ -12714,6 +12714,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { |
|
3 |
+ } |
|
4 |
+ ctxt->input->cur = BAD_CAST""; |
|
5 |
+ ctxt->input->base = ctxt->input->cur; |
|
6 |
++ if (ctxt->input->buf) { |
|
7 |
++ xmlBufEmpty (ctxt->input->buf->buffer); |
|
8 |
++ } else |
|
9 |
++ ctxt->input->length = 0; |
|
10 |
+ } |
|
11 |
+ } |
|
12 |
+ |
... | ... |
@@ -4,7 +4,7 @@ |
4 | 4 |
Summary: Libxml2 |
5 | 5 |
Name: libxml2 |
6 | 6 |
Version: 2.9.4 |
7 |
-Release: 10%{?dist} |
|
7 |
+Release: 11%{?dist} |
|
8 | 8 |
License: MIT |
9 | 9 |
URL: http://xmlsoft.org/ |
10 | 10 |
Group: System Environment/General Libraries |
... | ... |
@@ -21,6 +21,7 @@ Patch3: libxml2-fix-buffer-size-checks.patch |
21 | 21 |
# Fix for CVE-2017-9049 and CVE-2017-9050 |
22 | 22 |
Patch4: libxml2-fix-handling-of-parameter-entity-references.patch |
23 | 23 |
Patch5: libxml2-fix-handling-of-parameter-entity-references-test.patch |
24 |
+Patch6: CVE-2017-8872.patch |
|
24 | 25 |
%define sha1 libxml2=958ae70baf186263a4bd801a81dd5d682aedd1db |
25 | 26 |
Provides: pkgconfig(libxml-2.0) |
26 | 27 |
|
... | ... |
@@ -64,6 +65,7 @@ Static libraries and header files for the support library for libxml |
64 | 64 |
%patch3 -p1 |
65 | 65 |
%patch4 -p1 |
66 | 66 |
%patch5 -p1 |
67 |
+%patch6 -p1 |
|
67 | 68 |
sed \ |
68 | 69 |
-e /xmlInitializeCatalog/d \ |
69 | 70 |
-e 's/((ent->checked =.*&&/(((ent->checked == 0) ||\ |
... | ... |
@@ -129,6 +131,8 @@ rm -rf %{buildroot}/* |
129 | 129 |
|
130 | 130 |
|
131 | 131 |
%changelog |
132 |
+* Wed Aug 09 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.9.4-11 |
|
133 |
+- Apply patch for CVE-2017-8872 |
|
132 | 134 |
* Mon Aug 07 2017 Danut Moraru <dmoraru@vmware.com> 2.9.4-10 |
133 | 135 |
- Change expected parsing error for test for upstream bug 781205 introduced by CVE-2017-9049 |
134 | 136 |
* Mon Jul 10 2017 Divya Thaluru <dthaluru@vmware.com> 2.9.4-9 |