From 9a3178b4d3c454e76a0af59afc7b326589c4c666 Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Mon, 27 Apr 2015 20:43:23 -0700 Subject: libxml2: remove libxml2-CVE-2014-3660.patch It is a backport patch, and verified that the patch is in the source. Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- .../libxml/libxml2/libxml2-CVE-2014-3660.patch | 147 --------------------- 1 file changed, 147 deletions(-) delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch (limited to 'meta/recipes-core/libxml') diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch deleted file mode 100644 index b9621c93eb..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch +++ /dev/null @@ -1,147 +0,0 @@ -From be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Thu, 16 Oct 2014 13:59:47 +0800 -Subject: Fix for CVE-2014-3660 - -Issues related to the billion laugh entity expansion which happened to -escape the initial set of fixes - -Upstream-status: Backport -Reference: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230&context=3&ignorews=0&ss=0 - -Signed-off-by: Joe MacDonald - -diff --git a/parser.c b/parser.c -index f51e8d2..1d93967 100644 ---- a/parser.c -+++ b/parser.c -@@ -130,6 +130,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - return (0); - if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) - return (1); -+ -+ /* -+ * This may look absurd but is needed to detect -+ * entities problems -+ */ -+ if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) && -+ (ent->content != NULL) && (ent->checked == 0)) { -+ unsigned long oldnbent = ctxt->nbentities; -+ xmlChar *rep; -+ -+ ent->checked = 1; -+ -+ rep = xmlStringDecodeEntities(ctxt, ent->content, -+ XML_SUBSTITUTE_REF, 0, 0, 0); -+ -+ ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; -+ if (rep != NULL) { -+ if (xmlStrchr(rep, '<')) -+ ent->checked |= 1; -+ xmlFree(rep); -+ rep = NULL; -+ } -+ } - if (replacement != 0) { - if (replacement < XML_MAX_TEXT_LENGTH) - return(0); -@@ -189,9 +212,12 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - return (0); - } else { - /* -- * strange we got no data for checking just return -+ * strange we got no data for checking - */ -- return (0); -+ if (((ctxt->lastError.code != XML_ERR_UNDECLARED_ENTITY) && -+ (ctxt->lastError.code != XML_WAR_UNDECLARED_ENTITY)) || -+ (ctxt->nbentities <= 10000)) -+ return (0); - } - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); - return (1); -@@ -2589,6 +2615,7 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - name, NULL); - ctxt->valid = 0; - } -+ xmlParserEntityCheck(ctxt, 0, NULL, 0); - } else if (ctxt->input->free != deallocblankswrapper) { - input = xmlNewBlanksWrapperInputStream(ctxt, entity); - if (xmlPushInput(ctxt, input) < 0) -@@ -2759,6 +2786,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) || - (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR)) - goto int_error; -+ xmlParserEntityCheck(ctxt, 0, ent, 0); - if (ent != NULL) - ctxt->nbentities += ent->checked / 2; - if ((ent != NULL) && -@@ -2810,6 +2838,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - ent = xmlParseStringPEReference(ctxt, &str); - if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) - goto int_error; -+ xmlParserEntityCheck(ctxt, 0, ent, 0); - if (ent != NULL) - ctxt->nbentities += ent->checked / 2; - if (ent != NULL) { -@@ -7312,6 +7341,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - (ret != XML_WAR_UNDECLARED_ENTITY)) { - xmlFatalErrMsgStr(ctxt, XML_ERR_UNDECLARED_ENTITY, - "Entity '%s' failed to parse\n", ent->name); -+ xmlParserEntityCheck(ctxt, 0, ent, 0); - } else if (list != NULL) { - xmlFreeNodeList(list); - list = NULL; -@@ -7418,7 +7448,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - /* - * We are copying here, make sure there is no abuse - */ -- ctxt->sizeentcopy += ent->length; -+ ctxt->sizeentcopy += ent->length + 5; - if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) - return; - -@@ -7466,7 +7496,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - /* - * We are copying here, make sure there is no abuse - */ -- ctxt->sizeentcopy += ent->length; -+ ctxt->sizeentcopy += ent->length + 5; - if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) - return; - -@@ -7652,6 +7682,7 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) { - ctxt->sax->reference(ctxt->userData, name); - } - } -+ xmlParserEntityCheck(ctxt, 0, ent, 0); - ctxt->valid = 0; - } - -@@ -7845,6 +7876,7 @@ xmlParseStringEntityRef(xmlParserCtxtPtr ctxt, const xmlChar ** str) { - "Entity '%s' not defined\n", - name); - } -+ xmlParserEntityCheck(ctxt, 0, ent, 0); - /* TODO ? check regressions ctxt->valid = 0; */ - } - -@@ -8004,6 +8036,7 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) - name, NULL); - ctxt->valid = 0; - } -+ xmlParserEntityCheck(ctxt, 0, NULL, 0); - } else { - /* - * Internal checking in case the entity quest barfed -@@ -8243,6 +8276,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) { - name, NULL); - ctxt->valid = 0; - } -+ xmlParserEntityCheck(ctxt, 0, NULL, 0); - } else { - /* - * Internal checking in case the entity quest barfed --- -cgit v0.10.1 - -- cgit 1.2.3-korg