pyrox.dev / nixpkgs
lol
fork atom

libxml2_13: add patch for CVE-2025-6170

Gutyina Gergő 2da008e2 5d3c1810

options
unified split
Changed files
+115
pkgs
development
libraries
libxml2
CVE-2025-6170.patch
default.nix
+112
pkgs/development/libraries/libxml2/CVE-2025-6170.patch 
···

       

       
1

       
+

       
diff --git a/result/scripts/long_command b/result/scripts/long_command


     

       

       
2

       
+

       
new file mode 100644


     

       

       
3

       
+

       
index 000000000..e6f00708b


     

       

       
4

       
+

       
--- /dev/null


     

       

       
5

       
+

       
+++ b/result/scripts/long_command


     

       

       
6

       
+

       
@@ -0,0 +1,8 @@


     

       

       
7

       
+

       
+/ > b > b > Object is a Node Set :


     

       

       
8

       
+

       
+Set contains 1 nodes:


     

       

       
9

       
+

       
+1  ELEMENT a:c


     

       

       
10

       
+

       
+b > Unknown command This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_comm


     

       

       
11

       
+

       
+b > b > Unknown command ess_currents_of_time_and_existence


     

       

       
12

       
+

       
+b > <?xml version="1.0"?>


     

       

       
13

       
+

       
+<a xmlns:a="bar"><b xmlns:a="foo">Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_prof</b></a>


     

       

       
14

       
+

       
+b > 


     

       

       
15

       
+

       
\ No newline at end of file


     

       

       
16

       
+

       
diff --git a/debugXML.c b/debugXML.c


     

       

       
17

       
+

       
index ed56b0f8..aeeea3c0 100644


     

       

       
18

       
+

       
--- a/debugXML.c


     

       

       
19

       
+

       
+++ b/debugXML.c


     

       

       
20

       
+

       
@@ -2780,6 +2780,10 @@ xmlShellPwd(xmlShellCtxtPtr ctxt ATTRIBUTE_UNUSED, char *buffer,


     

       

       
21

       
+

       
     return (0);


     

       

       
22

       
+

       
 }


     

       

       
23

       
+

       
 


     

       

       
24

       
+

       
+#define MAX_PROMPT_SIZE     500


     

       

       
25

       
+

       
+#define MAX_ARG_SIZE        400


     

       

       
26

       
+

       
+#define MAX_COMMAND_SIZE    100


     

       

       
27

       
+

       
+


     

       

       
28

       
+

       
 /**


     

       

       
29

       
+

       
  * xmlShell:


     

       

       
30

       
+

       
  * @doc:  the initial document


     

       

       
31

       
+

       
@@ -2795,10 +2795,10 @@ void


     

       

       
32

       
+

       
 xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,


     

       

       
33

       
+

       
          FILE * output)


     

       

       
34

       
+

       
 {


     

       

       
35

       
+

       
-    char prompt[500] = "/ > ";


     

       

       
36

       
+

       
+    char prompt[MAX_PROMPT_SIZE] = "/ > ";


     

       

       
37

       
+

       
     char *cmdline = NULL, *cur;


     

       

       
38

       
+

       
-    char command[100];


     

       

       
39

       
+

       
-    char arg[400];


     

       

       
40

       
+

       
+    char command[MAX_COMMAND_SIZE];


     

       

       
41

       
+

       
+    char arg[MAX_ARG_SIZE];


     

       

       
42

       
+

       
     int i;


     

       

       
43

       
+

       
     xmlShellCtxtPtr ctxt;


     

       

       
44

       
+

       
     xmlXPathObjectPtr list;


     

       

       
45

       
+

       
@@ -2856,7 +2856,8 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,


     

       

       
46

       
+

       
             cur++;


     

       

       
47

       
+

       
         i = 0;


     

       

       
48

       
+

       
         while ((*cur != ' ') && (*cur != '\t') &&


     

       

       
49

       
+

       
-               (*cur != '\n') && (*cur != '\r')) {


     

       

       
50

       
+

       
+               (*cur != '\n') && (*cur != '\r') &&


     

       

       
51

       
+

       
+               (i < (MAX_COMMAND_SIZE - 1))) {


     

       

       
52

       
+

       
             if (*cur == 0)


     

       

       
53

       
+

       
                 break;


     

       

       
54

       
+

       
             command[i++] = *cur++;


     

       

       
55

       
+

       
@@ -2871,7 +2872,7 @@ xmlShell(xmlDocPtr doc, const char *filename, xmlShellReadlineFunc input,


     

       

       
56

       
+

       
         while ((*cur == ' ') || (*cur == '\t'))


     

       

       
57

       
+

       
             cur++;


     

       

       
58

       
+

       
         i = 0;


     

       

       
59

       
+

       
-        while ((*cur != '\n') && (*cur != '\r') && (*cur != 0)) {


     

       

       
60

       
+

       
+        while ((*cur != '\n') && (*cur != '\r') && (*cur != 0) && (i < (MAX_ARG_SIZE-1))) {


     

       

       
61

       
+

       
             if (*cur == 0)


     

       

       
62

       
+

       
                 break;


     

       

       
63

       
+

       
             arg[i++] = *cur++;


     

       

       
64

       
+

       
diff --git a/xmllint.c b/xmllint.c


     

       

       
65

       
+

       
index c6273477..3d90272c 100644


     

       

       
66

       
+

       
--- a/xmllint.c


     

       

       
67

       
+

       
+++ b/xmllint.c


     

       

       
68

       
+

       
@@ -724,6 +724,9 @@ xmlHTMLValidityWarning(void *ctx, const char *msg, ...)


     

       

       
69

       
+

       
  ************************************************************************/


     

       

       
70

       
+

       
 #ifdef LIBXML_DEBUG_ENABLED


     

       

       
71

       
+

       
 #ifdef LIBXML_XPATH_ENABLED


     

       

       
72

       
+

       
+


     

       

       
73

       
+

       
+#define MAX_PROMPT_SIZE     500


     

       

       
74

       
+

       
+


     

       

       
75

       
+

       
 /**


     

       

       
76

       
+

       
  * xmlShellReadline:


     

       

       
77

       
+

       
  * @prompt:  the prompt value


     

       

       
78

       
+

       
@@ -754,9 +754,9 @@ xmlShellReadline(char *prompt) {


     

       

       
79

       
+

       
     if (prompt != NULL)


     

       

       
80

       
+

       
 	fprintf(stdout, "%s", prompt);


     

       

       
81

       
+

       
     fflush(stdout);


     

       

       
82

       
+

       
-    if (!fgets(line_read, 500, stdin))


     

       

       
83

       
+

       
+    if (!fgets(line_read, MAX_PROMPT_SIZE, stdin))


     

       

       
84

       
+

       
         return(NULL);


     

       

       
85

       
+

       
-    line_read[500] = 0;


     

       

       
86

       
+

       
+    line_read[MAX_PROMPT_SIZE] = 0;


     

       

       
87

       
+

       
     len = strlen(line_read);


     

       

       
88

       
+

       
     ret = (char *) malloc(len + 1);


     

       

       
89

       
+

       
     if (ret != NULL) {


     

       

       
90

       
+

       
-- 


     

       

       
91

       
+

       
diff --git a/test/scripts/long_command.script b/test/scripts/long_command.script


     

       

       
92

       
+

       
new file mode 100644


     

       

       
93

       
+

       
index 000000000..00f6df09f


     

       

       
94

       
+

       
--- /dev/null


     

       

       
95

       
+

       
+++ b/test/scripts/long_command.script


     

       

       
96

       
+

       
@@ -0,0 +1,6 @@


     

       

       
97

       
+

       
+cd a/b


     

       

       
98

       
+

       
+set <a:c/>


     

       

       
99

       
+

       
+xpath //*[namespace-uri()="foo"]


     

       

       
100

       
+

       
+This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_command_please_dont_crash foo


     

       

       
101

       
+

       
+set Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_profound_emotion_and_every_grand_aspiration_that_propels_our_species_ever_onward_through_the_relentless_currents_of_time_and_existence


     

       

       
102

       
+

       
+save -


     

       

       
103

       
+

       
diff --git a/test/scripts/long_command.xml b/test/scripts/long_command.xml


     

       

       
104

       
+

       
new file mode 100644


     

       

       
105

       
+

       
index 000000000..1ba44016e


     

       

       
106

       
+

       
--- /dev/null


     

       

       
107

       
+

       
+++ b/test/scripts/long_command.xml


     

       

       
108

       
+

       
@@ -0,0 +1 @@


     

       

       
109

       
+

       
+<a xmlns:a="bar"><b xmlns:a="foo"/></a>


     

       

       
110

       
+

       
-- 


     

       

       
111

       
+

       
GitLab


     

       

       
112

       
+
+3
pkgs/development/libraries/libxml2/default.nix 
···

       
31

       
31

       
 

       
          hash = "sha256-r7PYKr5cDDNNMtM3ogNLsucPFTwP/uoC7McijyLl4kU=";


     

       
32

       
32

       
 

       
          excludes = [ "runtest.c" ]; # tests were rewritten in C and are on schematron for 2.13.x, meaning this does not apply


     

       
33

       
33

       
 

       
        })


     

       

       
34

       
+

       
        # same as upstream, fixed conflicts


     

       

       
35

       
+

       
        # https://gitlab.gnome.org/GNOME/libxml2/-/commit/c340e419505cf4bf1d9ed7019a87cc00ec200434


     

       

       
36

       
+

       
        ./CVE-2025-6170.patch


     

       
34

       
37

       
 

       
      ];


     

       
35

       
38

       
 

       
      freezeUpdateScript = true;


     

       
36

       
39

       
 

       
      extraMeta = {