diff --git a/gnu/local.mk b/gnu/local.mk index 8915c46cdd..b07aa42f7d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -633,6 +633,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ + %D%/packages/patches/libxml2-CVE-2016-1762.patch \ %D%/packages/patches/libxslt-CVE-2015-7995.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/libpthread-glibc-preparation.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2016-1762.patch b/gnu/packages/patches/libxml2-CVE-2016-1762.patch new file mode 100644 index 0000000000..15ec6a0aee --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-1762.patch @@ -0,0 +1,31 @@ +Copied from Debian. + +From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Tue, 9 Feb 2016 12:55:29 +0100 +Subject: [PATCH] Heap-based buffer overread in xmlNextChar + +For https://bugzilla.gnome.org/show_bug.cgi?id=759671 + +when the end of the internal subset isn't properly detected +xmlParseInternalSubset should just return instead of trying +to process input further. + +[carnil: drop patches to testsuite files] +--- + +diff --git a/parser.c b/parser.c +index c5741e3..0677030 100644 +--- a/parser.c ++++ b/parser.c +@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) { + */ + if (RAW != '>') { + xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL); ++ return; + } + NEXT; + } +-- +2.8.1 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index dc5c60dca8..40ff3e6b4b 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -116,7 +116,8 @@ (define libxml2/fixed version ".tar.gz")) (sha256 (base32 - "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))))) + "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")) + (patches (search-patches "libxml2-CVE-2016-1762.patch"))))))) (define-public python-libxml2 (package (inherit libxml2)