!230 fix CVE-2022-2309

From: @zhuofeng6 Reviewed-by: @hubin95 Signed-off-by: @hubin95
2024-03-26 07:10:46 +00:00 · 2024-03-26 07:10:46 +00:00 · 3c53f29772
commit 3c53f29772
parent a9888febbe 241736ed93
2 changed files with 33 additions and 1 deletions
--- a/backport-CVE-2022-2309.patch
+++ b/backport-CVE-2022-2309.patch
@ -0,0 +1,25 @@
+From 5930fe01963136ab92125feec0c6204d9c9225dc Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 18 Jul 2022 20:59:45 +0200
+Subject: [PATCH] Reset nsNr in xmlCtxtReset
+
+---
+ parser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d278638d..e660b0a7 100644
+--- a/parser.c
+++ b/parser.c
+@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
+     ctxt->nameNr = 0;
+     ctxt->name = NULL;
+ 
+    ctxt->nsNr = 0;
+
+     DICT_FREE(ctxt->version);
+     ctxt->version = NULL;
+     DICT_FREE(ctxt->encoding);
+-- 
+2.27.0
+
--- a/libxml2.spec
+++ b/libxml2.spec
@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.10
-Release: 39
+Release: 40
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz
@ -135,6 +135,7 @@ Patch122:backport-Always-initialize-SAX1-element-handlers.patch
 Patch123:backport-malloc-fail-Fix-memory-leak-in-xmlStaticCopyNodeList.patch
 Patch124:backport-CVE-2023-45322.patch
 Patch125:backport-CVE-2024-25062.patch
+Patch126:backport-CVE-2022-2309.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python2-devel
@ -326,6 +327,12 @@ rm -fr %{buildroot}


 %changelog
+* Tue Mar 26 zhuofeng <zhuofeng2@huawei.com> - 2.9.10-40
+- Type:CVE
+- CVE:CVE-2022-2309
+- SUG:NA
+- DESC:fix CVE-2022-2309
+
 * Mon Feb 19 hehuazhen <hehuazhen@huawei.com> - 2.9.10-39
 - Type:CVE
 - CVE:CVE-2024-25062