From 7403e3f1bb5ea7ec5113b850bbb35cc7c7ff2d04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=92=8B=E5=AE=8F=E5=8D=9A?= <xdhbj0022@163.com>
Date: Wed, 7 Feb 2024 09:39:44 +0800
Subject: [PATCH] fix cve-2024-25062

---
 dependency/libxml2/CVE-2024-25062.patch | 11 +++++++++++
 dependency/libxml2/build_component.sh   |  1 +
 2 files changed, 12 insertions(+)
 create mode 100644 dependency/libxml2/CVE-2024-25062.patch

diff --git a/dependency/libxml2/CVE-2024-25062.patch b/dependency/libxml2/CVE-2024-25062.patch
new file mode 100644
index 000000000..682d9096f
--- /dev/null
+++ b/dependency/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,11 @@
+diff -Naur a/xmlreader.c b/xmlreader.c
+--- a/xmlreader.c	2024-02-06 17:29:16.285516854 +0800
++++ b/xmlreader.c	2024-02-06 17:28:15.592980289 +0800
+@@ -1586,6 +1586,7 @@
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
++        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+ 	(reader->node->type == XML_ELEMENT_NODE) &&
+ 	(reader->node->ns != NULL) &&
diff --git a/dependency/libxml2/build_component.sh b/dependency/libxml2/build_component.sh
index 3cbc08209..2f1bd921b 100644
--- a/dependency/libxml2/build_component.sh
+++ b/dependency/libxml2/build_component.sh
@@ -28,6 +28,7 @@ function build_component()
     patch -p1 < ../libxml2.patch
     patch -p1 < ../libxml2-CVE-2022-40303.patch
     patch -p1 < ../libxml2-CVE-2022-40304.patch
+    patch -p1 < ../CVE-2024-25062.patch
     tmp_cpus=$(grep -w processor /proc/cpuinfo|wc -l)
     ./autogen.sh
     chmod +x configure        
-- 
Gitee