aboutsummaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-10-04 10:20:20 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-10-04 14:30:40 +0100
commit512869aea6dde1bb2374601f7c4d793ac9edaa42 (patch)
tree16b51e4e08b8b0d923d8bbe25b8c0a2b3681a12a /meta
parent18d6b668c52dc881cff7b107420e0de527eecce4 (diff)
downloadopenembedded-core-contrib-512869aea6dde1bb2374601f7c4d793ac9edaa42.tar.gz
openembedded-core-contrib-512869aea6dde1bb2374601f7c4d793ac9edaa42.tar.bz2
openembedded-core-contrib-512869aea6dde1bb2374601f7c4d793ac9edaa42.zip
libxml2: refresh CVE-2017-8872
The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch73
1 files changed, 50 insertions, 23 deletions
diff --git a/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
index b34479f318f..42a4b0ed602 100644
--- a/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
+++ b/meta/recipes-core/libxml/libxml2/fix-CVE-2017-8872.patch
@@ -1,38 +1,65 @@
-From b4bee17b158e289e5c4c9045e64e5374ccafe068 Mon Sep 17 00:00:00 2001
-From: Salvatore Bonaccorso <carnil@debian.org>
-Date: Tue, 3 Jul 2018 15:54:03 +0800
-Subject: [PATCH] Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
+Upstream-Status: Backport
+CVE: CVE-2017-8872
+Signed-off-by: Ross Burton <ross.burton@intel.com>
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Fixes bug 775200.
+From 123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 11 Sep 2018 14:52:07 +0200
+Subject: [PATCH] Free input buffer in xmlHaltParser
-Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+This avoids miscalculation of available bytes.
-Upstream-Status: Submitted
-https://bug775200.bugzilla-attachments.gnome.org/attachment.cgi?id=366193
-CVE: CVE-2017-8872
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Thanks to Yunho Kim for the report.
+
+Closes: #26
---
- parser.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
+ parser.c | 5 +++++
+ result/errors/759573.xml.err | 17 +++++++----------
+ 2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/parser.c b/parser.c
-index ca9fde2..fb4c889 100644
+index ca9fde2c..5813a664 100644
--- a/parser.c
+++ b/parser.c
-@@ -12464,7 +12464,11 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+@@ -12462,7 +12462,12 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
+ ctxt->input->free((xmlChar *) ctxt->input->base);
+ ctxt->input->free = NULL;
}
++ if (ctxt->input->buf != NULL) {
++ xmlFreeParserInputBuffer(ctxt->input->buf);
++ ctxt->input->buf = NULL;
++ }
ctxt->input->cur = BAD_CAST"";
++ ctxt->input->length = 0;
ctxt->input->base = ctxt->input->cur;
-- ctxt->input->end = ctxt->input->cur;
-+ ctxt->input->end = ctxt->input->cur;
-+ if (ctxt->input->buf)
-+ xmlBufEmpty (ctxt->input->buf->buffer);
-+ else
-+ ctxt->input->length = 0;
+ ctxt->input->end = ctxt->input->cur;
}
- }
+diff --git a/result/errors/759573.xml.err b/result/errors/759573.xml.err
+index 554039f6..38ef5c40 100644
+--- a/result/errors/759573.xml.err
++++ b/result/errors/759573.xml.err
+@@ -21,14 +21,11 @@ Entity: line 1:
+ ^
+ ./test/errors/759573.xml:1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+- ^
++
++^
+ ./test/errors/759573.xml:1: parser error : DOCTYPE improperly terminated
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+- ^
+-./test/errors/759573.xml:1: parser error : StartTag: invalid element name
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+- ^
+-./test/errors/759573.xml:1: parser error : Extra content at the end of the document
+-<?h?><!DOCTYPEt[<!ELEMENT t (A)><!ENTITY % xx '&#37;<![INCLUDE[000&#37;&#3000;00
+- ^
++
++^
++./test/errors/759573.xml:1: parser error : Start tag expected, '<' not found
++
++^
--
-2.7.4
+2.11.0