diff options
| author |   Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-14 13:24:13 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-30 12:02:02 +0000 |
| commit | 84c6a67baaafee565ac4fad229bd8d07a21da09c (patch) | |
| tree | 3d6cda9120d818ef93e22bb8e7b823a5fff16368 | |
| parent | 09c3a0f01572a6a65e9f87ce16817ee7de3296f1 (diff) | |
| download | openembedded-core-contrib-84c6a67baaafee565ac4fad229bd8d07a21da09c.tar.gz | |
libxml2: CVE-2015-8241
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch | 41 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index d5e263bdf8..2dafeb446d 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -25,6 +25,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ file://CVE-2015-7942.patch \ file://CVE-2015-8035.patch \ + file://CVE-2015-8241.patch \ " BINCONFIG = "${bindir}/xml2-config" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch new file mode 100644 index 0000000000..98b30f037c --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch @@ -0,0 +1,41 @@ +From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001 +From: Hugh Davenport <hugh@allthethings.co.nz> +Date: Tue, 3 Nov 2015 20:40:49 +0800 +Subject: Avoid extra processing of MarkupDecl when EOF + +For https://bugzilla.gnome.org/show_bug.cgi?id=756263 + +One place where ctxt->instate == XML_PARSER_EOF whic was set up +by entity detection issues doesn't get noticed, and even overrided + +Fixes CVE-2015-8241. + +Upstream-Status: Backport + +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + parser.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/parser.c b/parser.c +index d67b300..134afe7 100644 +--- a/parser.c ++++ b/parser.c +@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) { + xmlParsePI(ctxt); + } + } ++ ++ /* ++ * detect requirement to exit there and act accordingly ++ * and avoid having instate overriden later on ++ */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ return; ++ + /* + * This is only for internal subset. On external entities, + * the replacement is done before parsing stage +-- +cgit v0.11.2 + |