home  bbs  files  messages ]

      ZZLI4416             linux.debian.bugs.dist             15094 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 44 of 15094 on ZZLI4416, Monday 10-12-25, 1:11  
  From: GUILHEM MOULIN  
  To: ALL  
  Subj: Bug#1117844: bookworm-pu: package libxml  
 [continued from previous message] 
  
                       } 
                   } 
               } 
 -@@ -2905,7 +2905,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr 
 +@@ -2905,7 +2905,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const 
 xmlChar * value, 
                       xmlFree(strip); 
                   } else 
                       xmlAddRef(NULL, node->doc, value, attr); 
 @@ -764,7 +631,7 @@ 
               } 
               goto done; 
           case XML_SCHEMAS_IDREFS: 
 -@@ -2919,7 +2919,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr 
 +@@ -2919,7 +2919,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const 
 xmlChar * value, 
                   (node->type == XML_ATTRIBUTE_NODE)) { 
                   xmlAttrPtr attr = (xmlAttrPtr) node; 
  
 @@ -773,7 +640,7 @@ 
               } 
               goto done; 
           case XML_SCHEMAS_ENTITY:{ 
 -@@ -2950,7 +2950,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr 
 +@@ -2950,7 +2950,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const 
 xmlChar * value, 
                       (node->type == XML_ATTRIBUTE_NODE)) { 
                       xmlAttrPtr attr = (xmlAttrPtr) node; 
  
 @@ -782,7 +649,7 @@ 
                   } 
                   goto done; 
               } 
 -@@ -2967,7 +2967,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr 
 +@@ -2967,7 +2967,7 @@ xmlSchemaValAtomicType(xmlSchemaTypePtr type, const 
 xmlChar * value, 
                   (node->type == XML_ATTRIBUTE_NODE)) { 
                   xmlAttrPtr attr = (xmlAttrPtr) node; 
  
 diff -Nru libxml2-2.9.14+dfsg/debian/patches/CVE-2025-9714.patch 
 libxml2-2.9.14+dfsg/debian/patches/CVE-2025-9714.patch 
 --- libxml2-2.9.14+dfsg/debian/patches/CVE-2025-9714.patch 1970-01-01 
 01:00:00.000000000 +0100 
 +++ libxml2-2.9.14+dfsg/debian/patches/CVE-2025-9714.patch 2025-10-11 
 14:41:17.000000000 +0200 
 @@ -0,0 +1,113 @@ 
 +From: Nick Wellnhofer  
 +Date: Thu, 28 Jul 2022 20:21:24 +0200 
 +Subject: Make XPath depth check work with recursive invocations 
 + 
 +EXSLT functions like dyn:map or dyn:evaluate invoke xmlXPathRunEval 
 +recursively. Don't set depth to zero but keep and restore the original 
 +value to avoid stack overflows when abusing these functions. 
 + 
 +Origin: https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a426 
 5ef22b5a50741bad5facf9d8a8bc6d21 
 +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2392605 
 +Bug: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 
 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025- 
 9714 
 +--- 
 + xpath.c | 23 +++++++++++++++++------ 
 + 1 file changed, 17 insertions(+), 6 deletions(-) 
 + 
 +diff --git a/xpath.c b/xpath.c 
 +index c2d8458..028471d 100644 
 +--- a/xpath.c 
 ++++ b/xpath.c 
 +@@ -13883,12 +13883,11 @@ static int 
 + xmlXPathRunEval(xmlXPathParserContextPtr ctxt, int toBool) 
 + { 
 +     xmlXPathCompExprPtr comp; 
 ++    int oldDepth; 
 + 
 +     if ((ctxt == NULL) || (ctxt->comp == NULL)) 
 +  return(-1); 
 + 
 +-    ctxt->context->depth = 0; 
 +- 
 +     if (ctxt->valueTab == NULL) { 
 +  /* Allocate the value stack */ 
 +  ctxt->valueTab = (xmlXPathObjectPtr *) 
 +@@ -13942,11 +13941,13 @@ xmlXPathRunEval(xmlXPathParserContextPtr ctxt, 
 int 
 toBool) 
 +      "xmlXPathRunEval: last is less than zero\\n"); 
 +  return(-1); 
 +     } 
 ++    oldDepth = ctxt->context->depth; 
 +     if (toBool) 
 +  return(xmlXPathCompOpEvalToBoolean(ctxt, 
 +      &comp->steps[comp->last], 0)); 
 +     else 
 +  xmlXPathCompOpEval(ctxt, &comp->steps[comp->last]); 
 ++    ctxt->context->depth = oldDepth; 
 + 
 +     return(0); 
 + } 
 +@@ -14217,6 +14218,7 @@ xmlXPathCompExprPtr 
 + xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const xmlChar *str) { 
 +     xmlXPathParserContextPtr pctxt; 
 +     xmlXPathCompExprPtr comp; 
 ++    int oldDepth = 0; 
 + 
 + #ifdef XPATH_STREAMING 
 +     comp = xmlXPathTryStreamCompile(ctxt, str); 
 +@@ -14230,8 +14232,10 @@ xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const 
 xmlChar *str) { 
 +     if (pctxt == NULL) 
 +         return NULL; 
 +     if (ctxt != NULL) 
 +-        ctxt->depth = 0; 
 ++        oldDepth = ctxt->depth; 
 +     xmlXPathCompileExpr(pctxt, 1); 
 ++    if (ctxt != NULL) 
 ++        ctxt->depth = oldDepth; 
 + 
 +     if( pctxt->error != XPATH_EXPRESSION_OK ) 
 +     { 
 +@@ -14252,8 +14256,10 @@ xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const 
 xmlChar *str) { 
 +  comp = pctxt->comp; 
 +  if ((comp->nbStep > 1) && (comp->last >= 0)) { 
 +             if (ctxt != NULL) 
 +-                ctxt->depth = 0; 
 ++                oldDepth = ctxt->depth; 
 +      xmlXPathOptimizeExpression(pctxt, &comp->steps[comp->last]); 
 ++            if (ctxt != NULL) 
 ++                ctxt->depth = oldDepth; 
 +  } 
 +  pctxt->comp = NULL; 
 +     } 
 +@@ -14409,6 +14415,7 @@ xmlXPathEvalExpr(xmlXPathParserContextPtr ctxt) { 
 + #ifdef XPATH_STREAMING 
 +     xmlXPathCompExprPtr comp; 
 + #endif 
 ++    int oldDepth = 0; 
 + 
 +     if (ctxt == NULL) return; 
 + 
 +@@ -14422,8 +14429,10 @@ xmlXPathEvalExpr(xmlXPathParserContextPtr ctxt) { 
 + #endif 
 +     { 
 +         if (ctxt->context != NULL) 
 +-            ctxt->context->depth = 0; 
 ++            oldDepth = ctxt->context->depth; 
 +  xmlXPathCompileExpr(ctxt, 1); 
 ++        if (ctxt->context != NULL) 
 ++            ctxt->context->depth = oldDepth; 
 +         CHECK_ERROR; 
 + 
 +         /* Check for trailing characters. */ 
 +@@ -14432,9 +14441,11 @@ xmlXPathEvalExpr(xmlXPathParserContextPtr ctxt) { 
 + 
 +  if ((ctxt->comp->nbStep > 1) && (ctxt->comp->last >= 0)) { 
 +             if (ctxt->context != NULL) 
 +-                ctxt->context->depth = 0; 
 ++                oldDepth = ctxt->context->depth; 
 +      xmlXPathOptimizeExpression(ctxt, 
 +   &ctxt->comp->steps[ctxt->comp->last]); 
 ++            if (ctxt->context != NULL) 
 ++                ctxt->context->depth = oldDepth; 
 +         } 
 +     } 
 + 
 diff -Nru libxml2-2.9.14+dfsg/debian/patches/series libxml2-2.9. 
 4+dfsg/debian/patches/series 
 --- libxml2-2.9.14+dfsg/debian/patches/series 2025-08-25 13:25:27.000000000 
 +0200 
 +++ libxml2-2.9.14+dfsg/debian/patches/series 2025-10-11 14:41:17.000000000 
 +0200 
 @@ -24,3 +24,4 @@ 
  CVE-2025-6170.patch 
  CVE-2025-49794_CVE-2025-49796.patch 
  CVE-2025-7425.patch 
 +CVE-2025-9714.patch 
  
 --m2kLb3U0rPcvqgmI-- 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmjqYwQACgkQ05pJnDwh 
 pVJXWxAAvCJxhZ14IKKckC7mU4Sy8cC33GrcxDlFyCh50XdXtbegtRzAh7Wwxo2X 
 ocKRN82wBKHJjmP5vpL0nqjM70Fb9FyCAJy9Ih22vTQ7G32TyoyF33nDCfN178ip 
 H9NhztJftk4tSQuKfhvU21JHO20a9LD8AY3jojBvP6e8dOE6xq7KDpHjyRQwgIoa 
 ONOSapoaE3s4hKy/NCRkq43fsXwIrl73gKLGD5GFdqhzivUi6qgkSnFYByEXUGgx 
 TcUfw60hTDPjRGqDQ33ue45QfbQ+Hg1G1Gjw/LwqMEWMxhQDJ3rK4KXGtdgPw/FM 
 w/mZra1/ck3JIz5sqJHCmzlmh/BzWH0FJr9KLCsbtsSJIml76jvzlE5jMDS+AJMO 
 C1DHf6Xx7sJGlLzgUX2N63b8uCpVASz9TBeM5sP06LFyxdMfTyEAvenG49tajg5b 
 yx4nK9F1lyxSaySCgW1KedHHzBp6rxc8BdZpdLdIVid045xLL4L4VLgDfkXxS6r+ 
 P96Df3E8f1NQtWdSz+awLWBJENw9/ybPZBom32EEixq5bmJKFLsi3I6VaGX8s3VA 
 eyL4Ke9V66GBOQnkW4wk8eL3a4CgjtOySrmusIHiKwBs5eWEO5hIc2NvQfebrNKg 
 hNC+s9UnBG874iAtyRoQ2Tlb4yfGYHTiKkC7taVH9zymhwdOhTs= 
 =ipU0 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,110 visits
(c) 1994,  bbs@darkrealms.ca