pyrox.dev / nixpkgs
lol
fork atom

libxml2_13: add patch for CVE-2025-6170

gepbird.tngl.sh 2da008e2 5d3c1810

verified
+115
unified split
+112
pkgs/development/libraries/libxml2/CVE-2025-6170.patch
··· 1 + diff --git a/result/scripts/long_command b/result/scripts/long_command 2 + new file mode 100644 3 + index 000000000..e6f00708b 4 + --- /dev/null 5 + +++ b/result/scripts/long_command 6 + @@ -0,0 +1,8 @@ 7 + +/ > b > b > Object is a Node Set : 8 + +Set contains 1 nodes: 9 + +1 ELEMENT a:c 10 + +b > Unknown command This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_comm 11 + +b > b > Unknown command ess_currents_of_time_and_existence 12 + +b > <?xml version="1.0"?> 13 + +<a xmlns:a="bar"><b xmlns:a="foo">Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_prof</b></a> 14 + +b > 15 + \ No newline at end of file 16 + diff --git a/debugXML.c b/debugXML.c 17 + index ed56b0f8..aeeea3c0 100644 18 + --- a/debugXML.c 19 + +++ b/debugXML.c 20 + @@ -2780,6 +2780,10 @@ xmlShellPwd(xmlShellCtxtPtr ctxt ATTRIBUTE_UNUSED, char *buffer, 21 + return (0); 22 + } 23 + 24 + +#define MAX_PROMPT_SIZE 500 25 + +#define MAX_ARG_SIZE 400 26 + +#define MAX_COMMAND_SIZE 100 27 + + 28 + /** 29 + * xmlShell: 30 + * @doc: the initial document 31 + @@ -2795,10 +2795,10 @@ void 32 + xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, 33 + FILE * output) 34 + { 35 + - char prompt[500] = "/ > "; 36 + + char prompt[MAX_PROMPT_SIZE] = "/ > "; 37 + char *cmdline = NULL, *cur; 38 + - char command[100]; 39 + - char arg[400]; 40 + + char command[MAX_COMMAND_SIZE]; 41 + + char arg[MAX_ARG_SIZE]; 42 + int i; 43 + xmlShellCtxtPtr ctxt; 44 + xmlXPathObjectPtr list; 45 + @@ -2856,7 +2856,8 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, 46 + cur++; 47 + i = 0; 48 + while ((*cur != ' ') && (*cur != '\t') && 49 + - (*cur != '\n') && (*cur != '\r')) { 50 + + (*cur != '\n') && (*cur != '\r') && 51 + + (i < (MAX_COMMAND_SIZE - 1))) { 52 + if (*cur == 0) 53 + break; 54 + command[i++] = *cur++; 55 + @@ -2871,7 +2872,7 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input, 56 + while ((*cur == ' ') || (*cur == '\t')) 57 + cur++; 58 + i = 0; 59 + - while ((*cur != '\n') && (*cur != '\r') && (*cur != 0)) { 60 + + while ((*cur != '\n') && (*cur != '\r') && (*cur != 0) && (i < (MAX_ARG_SIZE-1))) { 61 + if (*cur == 0) 62 + break; 63 + arg[i++] = *cur++; 64 + diff --git a/xmllint.c b/xmllint.c 65 + index c6273477..3d90272c 100644 66 + --- a/xmllint.c 67 + +++ b/xmllint.c 68 + @@ -724,6 +724,9 @@ xmlHTMLValidityWarning(void *ctx, const char *msg, ...) 69 + ************************************************************************/ 70 + #ifdef LIBXML_DEBUG_ENABLED 71 + #ifdef LIBXML_XPATH_ENABLED 72 + + 73 + +#define MAX_PROMPT_SIZE 500 74 + + 75 + /** 76 + * xmlShellReadline: 77 + * @prompt: the prompt value 78 + @@ -754,9 +754,9 @@ xmlShellReadline(char *prompt) { 79 + if (prompt != NULL) 80 + fprintf(stdout, "%s", prompt); 81 + fflush(stdout); 82 + - if (!fgets(line_read, 500, stdin)) 83 + + if (!fgets(line_read, MAX_PROMPT_SIZE, stdin)) 84 + return(NULL); 85 + - line_read[500] = 0; 86 + + line_read[MAX_PROMPT_SIZE] = 0; 87 + len = strlen(line_read); 88 + ret = (char *) malloc(len + 1); 89 + if (ret != NULL) { 90 + -- 91 + diff --git a/test/scripts/long_command.script b/test/scripts/long_command.script 92 + new file mode 100644 93 + index 000000000..00f6df09f 94 + --- /dev/null 95 + +++ b/test/scripts/long_command.script 96 + @@ -0,0 +1,6 @@ 97 + +cd a/b 98 + +set <a:c/> 99 + +xpath //*[namespace-uri()="foo"] 100 + +This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_command_please_dont_crash foo 101 + +set Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_profound_emotion_and_every_grand_aspiration_that_propels_our_species_ever_onward_through_the_relentless_currents_of_time_and_existence 102 + +save - 103 + diff --git a/test/scripts/long_command.xml b/test/scripts/long_command.xml 104 + new file mode 100644 105 + index 000000000..1ba44016e 106 + --- /dev/null 107 + +++ b/test/scripts/long_command.xml 108 + @@ -0,0 +1 @@ 109 + +<a xmlns:a="bar"><b xmlns:a="foo"/></a> 110 + -- 111 + GitLab 112 +
+3
pkgs/development/libraries/libxml2/default.nix
··· 31 31 hash = "sha256-r7PYKr5cDDNNMtM3ogNLsucPFTwP/uoC7McijyLl4kU="; 32 32 excludes = [ "runtest.c" ]; # tests were rewritten in C and are on schematron for 2.13.x, meaning this does not apply 33 33 }) 34 + # same as upstream, fixed conflicts 35 + # https://gitlab.gnome.org/GNOME/libxml2/-/commit/c340e419505cf4bf1d9ed7019a87cc00ec200434 36 + ./CVE-2025-6170.patch 34 37 ]; 35 38 freezeUpdateScript = true; 36 39 extraMeta = {