From 2ad1d8da11a1f466b8ee9b5efe729616b87d8d34 Mon Sep 17 00:00:00 2001
From: Sumedh Alok Sharma <sumsharma@microsoft.com>
Date: Tue, 17 Sep 2024 13:07:53 +0530
Subject: [PATCH 1/2] libxml2: Add patch to resolve CVE-2024-25062

---
 SPECS/libxml2/CVE-2024-25062.patch | 29 +++++++++++++++++++++++++++++
 SPECS/libxml2/libxml2.spec         |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100755 SPECS/libxml2/CVE-2024-25062.patch

diff --git a/SPECS/libxml2/CVE-2024-25062.patch b/SPECS/libxml2/CVE-2024-25062.patch
new file mode 100755
index 00000000000..88e3e356d25
--- /dev/null
+++ b/SPECS/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,29 @@
+From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 14 Oct 2023 22:45:54 +0200
+Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
+ backtracking
+
+Fixes a use-after-free if XML Reader if used with DTD validation and
+XInclude expansion.
+
+Fixes #604.
+---
+ xmlreader.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xmlreader.c b/xmlreader.c
+index 979385a13..fefd68e0b 100644
+--- a/xmlreader.c
++++ b/xmlreader.c
+@@ -1443,6 +1443,7 @@ node_found:
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
++        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+ 	(reader->node->type == XML_ELEMENT_NODE) &&
+ 	(reader->node->ns != NULL) &&
+-- 
+GitLab
+
diff --git a/SPECS/libxml2/libxml2.spec b/SPECS/libxml2/libxml2.spec
index 72bd5b3dcfc..c783eab65ed 100644
--- a/SPECS/libxml2/libxml2.spec
+++ b/SPECS/libxml2/libxml2.spec
@@ -1,7 +1,7 @@
 Summary:        Libxml2
 Name:           libxml2
 Version:        2.10.4
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -10,6 +10,7 @@ URL:            https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
 Source0:        https://gitlab.gnome.org/GNOME/%{name}/-/archive/v%{version}/%{name}-v%{version}.tar.gz
 Patch0:         CVE-2023-45322.patch
 Patch1:         CVE-2024-34459.patch
+Patch2:         CVE-2024-25062.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-xml
 Provides:       %{name}-tools = %{version}-%{release}
@@ -80,6 +81,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/cmake/libxml2/libxml2-config.cmake
 
 %changelog
+* Tue Sep 17 2024 Sumedh Sharma <sumsharma@microsoft.com> - 2.10.4-4
+- Add patch to resolve CVE-2024-25062
+
 * Mon May 20 2024 Sudipta Pandit <sudpandit@microsoft.com> - 2.10.4-3
 - Apply patch for CVE-2024-34459
 

From 57ab079325e0dc898f9e4c411d5c1aba24bd68a4 Mon Sep 17 00:00:00 2001
From: Sumedh Alok Sharma <sumsharma@microsoft.com>
Date: Tue, 17 Sep 2024 13:38:12 +0530
Subject: [PATCH 2/2] libxml2: Update toolchain manifest entries

---
 .../resources/manifests/package/pkggen_core_aarch64.txt   | 4 ++--
 .../resources/manifests/package/pkggen_core_x86_64.txt    | 4 ++--
 toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++----
 toolkit/resources/manifests/package/toolchain_x86_64.txt  | 8 ++++----
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index b04e61167ba..9c0e8caabb9 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -194,8 +194,8 @@ curl-8.8.0-2.cm2.aarch64.rpm
 curl-devel-8.8.0-2.cm2.aarch64.rpm
 curl-libs-8.8.0-2.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
-libxml2-2.10.4-3.cm2.aarch64.rpm
-libxml2-devel-2.10.4-3.cm2.aarch64.rpm
+libxml2-2.10.4-4.cm2.aarch64.rpm
+libxml2-devel-2.10.4-4.cm2.aarch64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 3e29ff56617..889e7fc0f32 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -194,8 +194,8 @@ curl-8.8.0-2.cm2.x86_64.rpm
 curl-devel-8.8.0-2.cm2.x86_64.rpm
 curl-libs-8.8.0-2.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
-libxml2-2.10.4-3.cm2.x86_64.rpm
-libxml2-devel-2.10.4-3.cm2.x86_64.rpm
+libxml2-2.10.4-4.cm2.x86_64.rpm
+libxml2-devel-2.10.4-4.cm2.x86_64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 9fe530e7113..003a6f43b49 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -209,9 +209,9 @@ libtasn1-debuginfo-4.19.0-1.cm2.aarch64.rpm
 libtasn1-devel-4.19.0-1.cm2.aarch64.rpm
 libtool-2.4.6-8.cm2.aarch64.rpm
 libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm
-libxml2-2.10.4-3.cm2.aarch64.rpm
-libxml2-debuginfo-2.10.4-3.cm2.aarch64.rpm
-libxml2-devel-2.10.4-3.cm2.aarch64.rpm
+libxml2-2.10.4-4.cm2.aarch64.rpm
+libxml2-debuginfo-2.10.4-4.cm2.aarch64.rpm
+libxml2-devel-2.10.4-4.cm2.aarch64.rpm
 libxslt-1.1.34-7.cm2.aarch64.rpm
 libxslt-debuginfo-1.1.34-7.cm2.aarch64.rpm
 libxslt-devel-1.1.34-7.cm2.aarch64.rpm
@@ -521,7 +521,7 @@ python3-gpg-1.16.0-2.cm2.aarch64.rpm
 python3-jinja2-3.0.3-4.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
 python3-libs-3.9.19-4.cm2.aarch64.rpm
-python3-libxml2-2.10.4-3.cm2.aarch64.rpm
+python3-libxml2-2.10.4-4.cm2.aarch64.rpm
 python3-lxml-4.9.1-1.cm2.aarch64.rpm
 python3-magic-5.40-2.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index c803aafac3c..8fd08c9990d 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -215,9 +215,9 @@ libtasn1-debuginfo-4.19.0-1.cm2.x86_64.rpm
 libtasn1-devel-4.19.0-1.cm2.x86_64.rpm
 libtool-2.4.6-8.cm2.x86_64.rpm
 libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm
-libxml2-2.10.4-3.cm2.x86_64.rpm
-libxml2-debuginfo-2.10.4-3.cm2.x86_64.rpm
-libxml2-devel-2.10.4-3.cm2.x86_64.rpm
+libxml2-2.10.4-4.cm2.x86_64.rpm
+libxml2-debuginfo-2.10.4-4.cm2.x86_64.rpm
+libxml2-devel-2.10.4-4.cm2.x86_64.rpm
 libxslt-1.1.34-7.cm2.x86_64.rpm
 libxslt-debuginfo-1.1.34-7.cm2.x86_64.rpm
 libxslt-devel-1.1.34-7.cm2.x86_64.rpm
@@ -527,7 +527,7 @@ python3-gpg-1.16.0-2.cm2.x86_64.rpm
 python3-jinja2-3.0.3-4.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
 python3-libs-3.9.19-4.cm2.x86_64.rpm
-python3-libxml2-2.10.4-3.cm2.x86_64.rpm
+python3-libxml2-2.10.4-4.cm2.x86_64.rpm
 python3-lxml-4.9.1-1.cm2.x86_64.rpm
 python3-magic-5.40-2.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.x86_64.rpm