| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| install-html.patch | install *all* the HTML docs The relevant makefile target was never updated since 2004.. Should probably look for a nicer way to do this than the current list before forwarding. |
Mattia Rizzolo <mattia@debian.org> | no | 2021-07-28 | ||
| xml2-config-fix.patch | display dynamic linking information with --libs, not static Don't bother about keeping support for the static variant, it's not needed in debian directly. |
Mattia Rizzolo <mattia@debian.org> | no | debian | 2020-02-23 | |
| python3-unicode-errors.patch | https://gitlab.gnome.org/GNOME/libxml2/issues/64 | no | https://src.fedoraproject.org/rpms/libxml2/blob/master/f/libxml2-2.9.8-python3-unicode-errors.patch | |||
| CVE-2022-40303-Fix-integer-overflows-with-XML_PARSE_.patch | [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE Also impose size limits when XML_PARSE_HUGE is set. Limit size of names to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to XML_MAX_HUGE_LENGTH (1 billion bytes). Move some the length checks to the end of the respective loop to make them strict. xmlParseEntityValue didn't have a length limitation at all. But without XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. Thanks to Maddie Stone working with Google Project Zero for the report! |
Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 | 2022-08-25 |
| CVE-2022-40304-Fix-dict-corruption-caused-by-entity-.patch | [CVE-2022-40304] Fix dict corruption caused by entity reference cycles When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees. Stop storing entity content, orig, ExternalID and SystemID in a dict. These values are unlikely to occur multiple times in a document, so they shouldn't have been stored in a dict in the first place. Thanks to Ned Williamson and Nathan Wachholz working with Google Project Zero for the report! |
Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b | 2022-08-31 |
| schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch | schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK Found by OSS-Fuzz. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 | 2022-09-13 | |
| CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch | [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType Fix a null pointer dereference when parsing (invalid) XML schemas. Thanks to Robby Simpson for the report! Fixes #491. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f | 2023-04-07 |
| CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch | [CVE-2023-29469] Hashing of empty dict strings isn't deterministic When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various logic or memory errors, including double frees. For consistency the seed is also taken into account, but this shouldn't have an impact on security. Found by OSS-Fuzz. Fixes #510. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 | 2023-04-07 |
| Reset-nsNr-in-xmlCtxtReset.patch | Reset nsNr in xmlCtxtReset | Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc | 2022-07-18 |
| Also-reset-nsNr-in-htmlCtxtReset.patch | Also reset nsNr in htmlCtxtReset | Nick Wellnhofer <wellnhofer@aevum.de> | no | debian | https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2 | 2022-07-28 |