libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Andrej Valek <andrej.valek@siemens.com> 2016-12-12 14:20:20 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-12-16 08:30:01 +0000
commit: 00e928bd1c2aed9caeaf9e411743805d2139a023 (patch)
tree: 82ad7f61ead5a71f39effc480b27f8248c1ac3ed /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent: 96ef568f75dded56a2123b63dcc8b443f796afe0 (diff)
download: openembedded-core-contrib-00e928bd1c2aed9caeaf9e411743805d2139a023.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 66a89400e5..a1d1e9e12d 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -21,6 +21,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml-m4-use-pkgconfig.patch \
            file://libxml2-fix_node_comparison.patch \
            file://libxml2-CVE-2016-5131.patch \
+           file://libxml2-CVE-2016-4658.patch \
           "
 
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
author	Andrej Valek <andrej.valek@siemens.com>	2016-12-12 14:20:20 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-12-16 08:30:01 +0000
commit	00e928bd1c2aed9caeaf9e411743805d2139a023 (patch)
tree	82ad7f61ead5a71f39effc480b27f8248c1ac3ed /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent	96ef568f75dded56a2123b63dcc8b443f796afe0 (diff)
download	openembedded-core-contrib-00e928bd1c2aed9caeaf9e411743805d2139a023.tar.gz