diff options
| author |   Andrej Valek <andrej.valek@siemens.com> | 2017-06-14 15:07:56 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-23 11:43:39 +0100 |
| commit | a965be7b6a1d730851b4a3bc8fd534b9b2334227 (patch) | |
| tree | 625ae75fdeea3a33ce4fe5cfd47966f11df45f1f /meta/recipes-core/libxml | |
| parent | 0cae039cbe513b7998e067f4f3958af2ec65ed1a (diff) | |
| download | openembedded-core-contrib-a965be7b6a1d730851b4a3bc8fd534b9b2334227.tar.gz | |
libxml2: Fix CVE-2017-0663
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Diffstat (limited to 'meta/recipes-core/libxml')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch new file mode 100644 index 0000000000..0108265855 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch @@ -0,0 +1,40 @@ +libxml2: Fix CVE-2017-0663 + +[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228 + +valid: Fix type confusion in xmlValidateOneNamespace + +Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types +on namespace declarations make no practical sense anyway. + +Fixes bug 780228 + +Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] +CVE: CVE-2017-0663 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/valid.c b/valid.c +index 19f84b8..e03d35e 100644 +--- a/valid.c ++++ b/valid.c +@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + } + } + ++ /* ++ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions ++ * xmlAddID and xmlAddRef for namespace declarations, but it makes ++ * no practical sense to use ID types anyway. ++ */ ++#if 0 + /* Validity Constraint: ID uniqueness */ + if (attrDecl->atype == XML_ATTRIBUTE_ID) { + if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) +@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + ret = 0; + } ++#endif + + /* Validity Constraint: Notation Attributes */ + if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 2996809e4a..677d8c9bb5 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb @@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ file://libxml2-CVE-2017-5969.patch \ + file://libxml2-CVE-2017-0663.patch \ file://CVE-2016-9318.patch \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ " |