diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-12-10 01:12:17 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-12-10 13:30:41 +0100 |
commit | e20d844068126e89fe483df7687b094b92f7369d (patch) | |
tree | c5cd26513a10742cf9ff04b268cff954c8f32d9f /patches/source/libxml2/libxml2.do-not-check-crc.diff | |
parent | d62d64ff5c0a0ce8526256d2a2f1dd3ca68698af (diff) | |
download | current-e20d844068126e89fe483df7687b094b92f7369d.tar.gz current-e20d844068126e89fe483df7687b094b92f7369d.tar.xz |
Sun Dec 10 01:12:17 UTC 202320231210011217_15.0
patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz: Upgraded.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
Diffstat (limited to 'patches/source/libxml2/libxml2.do-not-check-crc.diff')
-rw-r--r-- | patches/source/libxml2/libxml2.do-not-check-crc.diff | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/patches/source/libxml2/libxml2.do-not-check-crc.diff b/patches/source/libxml2/libxml2.do-not-check-crc.diff deleted file mode 100644 index 3e6507764..000000000 --- a/patches/source/libxml2/libxml2.do-not-check-crc.diff +++ /dev/null @@ -1,35 +0,0 @@ -diff -up libxml2-2.9.0/xzlib.c.do-not-check-crc libxml2-2.9.0/xzlib.c ---- libxml2-2.9.0/xzlib.c.do-not-check-crc 2012-09-11 05:52:46.000000000 +0200 -+++ libxml2-2.9.0/xzlib.c 2012-11-19 19:28:42.431700534 +0100 -@@ -552,17 +552,20 @@ xz_decomp(xz_statep state) - #ifdef HAVE_ZLIB_H - if (state->how == GZIP) { - if (gz_next4(state, &crc) == -1 || gz_next4(state, &len) == -1) { -- xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -- return -1; -- } -- if (crc != state->zstrm.adler) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -- return -1; -- } -- if (len != (state->zstrm.total_out & 0xffffffffL)) { -- xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -- return -1; -- } -+ /* -+ xz_error(state, LZMA_DATA_ERROR, "unexpected end of file"); -+ return -1; -+ */ -+ } else { -+ if (crc != state->zstrm.adler) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect data check"); -+ return -1; -+ } -+ if (len != (state->zstrm.total_out & 0xffffffffL)) { -+ xz_error(state, LZMA_DATA_ERROR, "incorrect length check"); -+ return -1; -+ } -+ } - state->strm.avail_in = 0; - state->strm.next_in = NULL; - state->strm.avail_out = 0; |