!242 fix CVE-2024-34459

From: @cenhuilin 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-CVE-2024-34459.patch

@@ -0,0 +1,26 @@
+From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 16 May 2024 17:38:11 +0800
+Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
+
+Add a missing bounds check.
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmllint.c b/xmllint.c
+index 084c24a..1cfda99 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -599,7 +599,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
+     len = strlen(buffer);
+     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
+     cur = input->cur;
+-    while ((*cur == '\n') || (*cur == '\r'))
++    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
+ 	cur--;
+     n = 0;
+     while ((cur != base) && (n++ < 80)) {
+-- 
+2.33.0
+

libxml2.spec

@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.9.14
-Release: 11
+Release: 12
 License: MIT
 Group: Development/Libraries
 Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz
@@ -222,6 +222,7 @@ Patch6197:	backport-malloc-fail-Fix-use-after-free-in-xmlBufBackToBuffer.patch
 Patch6198:	backport-entities-Don-t-allow-null-name-in-xmlNewEntity.patch
 Patch6199:	backport-save-Check-for-NULL-node-name-in-xhtmlIsEmpty.patch
 Patch6200:	backport-valid-Check-for-NULL-node-name-in-xmlSnprintfElement.patch
+Patch6201:	backport-CVE-2024-34459.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: python3-devel
@@ -377,6 +378,12 @@ rm -fr %{buildroot}
 
 
 %changelog
+* Thu May 16 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.9.14-12
+- Type:CVE
+- CVE:CVE-2024-34459
+- SUG:NA
+- DESC:fix CVE-2024-34459
+
 * Mon May 06 2024 zhuofeng <zhuofeng2@huawei.com> - 2.9.14-11
 - Type:bugfix
 - CVE:NA