Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
|
0744477aa5 |
2 changed files with 43 additions and 1 deletions
36
9621.patch
Normal file
36
9621.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
From 72119ea71422d2892f2a0475fc282835310f8d9e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Cory Quammen <cory.quammen@kitware.com>
|
||||||
|
Date: Thu, 29 Sep 2022 13:10:00 -0400
|
||||||
|
Subject: [PATCH] vtkXMLTreeReader: protect against possible nullptr
|
||||||
|
dereference
|
||||||
|
|
||||||
|
Vulnerability reported at
|
||||||
|
https://nvd.nist.gov/vuln/detail/CVE-2021-42521.
|
||||||
|
|
||||||
|
Fixes #17818
|
||||||
|
|
||||||
|
(cherry picked from commit 9a2fe8ef2ecbf04f811b2e02b71eae8b94aae089)
|
||||||
|
---
|
||||||
|
IO/Infovis/vtkXMLTreeReader.cxx | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/IO/Infovis/vtkXMLTreeReader.cxx b/IO/Infovis/vtkXMLTreeReader.cxx
|
||||||
|
index 64abca37e96..af64572b27f 100644
|
||||||
|
--- a/IO/Infovis/vtkXMLTreeReader.cxx
|
||||||
|
+++ b/IO/Infovis/vtkXMLTreeReader.cxx
|
||||||
|
@@ -217,6 +217,12 @@ int vtkXMLTreeReader::RequestData(
|
||||||
|
|
||||||
|
// Get the root element node
|
||||||
|
xmlNode* rootElement = xmlDocGetRootElement(doc);
|
||||||
|
+ if (!rootElement)
|
||||||
|
+ {
|
||||||
|
+ vtkErrorMacro(<< "Could not get root element of document.");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
vtkXMLTreeReaderProcessElement(builder, -1, rootElement, this->ReadCharData, this->MaskArrays);
|
||||||
|
|
||||||
|
xmlFreeDoc(doc);
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
8
vtk.spec
8
vtk.spec
|
|
@ -40,7 +40,7 @@
|
||||||
Summary: The Visualization Toolkit - A high level 3D visualization library
|
Summary: The Visualization Toolkit - A high level 3D visualization library
|
||||||
Name: vtk
|
Name: vtk
|
||||||
Version: 9.1.0
|
Version: 9.1.0
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
# This is a variant BSD license, a cross between BSD and ZLIB.
|
# This is a variant BSD license, a cross between BSD and ZLIB.
|
||||||
# For all intents, it has the same rights and restrictions as BSD.
|
# For all intents, it has the same rights and restrictions as BSD.
|
||||||
# http://fedoraproject.org/wiki/Licensing/BSD#VTKBSDVariant
|
# http://fedoraproject.org/wiki/Licensing/BSD#VTKBSDVariant
|
||||||
|
|
@ -58,6 +58,8 @@ Patch2: vtk-netcdf.patch
|
||||||
# Duplicate define conflict with Xutil, see:
|
# Duplicate define conflict with Xutil, see:
|
||||||
# https://gitlab.kitware.com/vtk/vtk/-/issues/18048
|
# https://gitlab.kitware.com/vtk/vtk/-/issues/18048
|
||||||
Patch3: vtk-AllValues.patch
|
Patch3: vtk-AllValues.patch
|
||||||
|
# CVE-2021-42521 - vtkXMLTreeReader: possible nullptr dereference
|
||||||
|
Patch4: https://gitlab.kitware.com/vtk/vtk/-/merge_requests/9621.patch
|
||||||
|
|
||||||
URL: https://vtk.org/
|
URL: https://vtk.org/
|
||||||
|
|
||||||
|
|
@ -844,6 +846,10 @@ cat xorg.log
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 25 2023 Orion Poplawski <orion@nwra.com> - 9.1.0-18
|
||||||
|
- Add upstream patch for CVE-2021-42521 - vtkXMLTreeReader: possible nullptr
|
||||||
|
dereference (bz#2189654)
|
||||||
|
|
||||||
* Thu Jul 28 2022 Orion Poplawski <orion@nwra.com> - 9.1.0-17
|
* Thu Jul 28 2022 Orion Poplawski <orion@nwra.com> - 9.1.0-17
|
||||||
- Remove all of vtkdata/Wrapping to keep vtk-data noarch
|
- Remove all of vtkdata/Wrapping to keep vtk-data noarch
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue