| Age | Commit message (Collapse) | Author |
|---|
|
Upstream commit:
This is related to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.
CVE: CVE-2021-3541
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch fixes CVE-2021-3518. The fix for the CVE is the
following 3 lines in 1098c30a:
- (cur->children->type != XML_ENTITY_DECL) &&
- (cur->children->type != XML_XINCLUDE_START) &&
- (cur->children->type != XML_XINCLUDE_END)) {
+ ((cur->type == XML_DOCUMENT_NODE) ||
+ (cur->type == XML_ELEMENT_NODE))) {
This relies on an updated version of xinclude.c from upstream which
also adds several new tests. Those changes are brought in first so
that the CVE patch can be applied cleanly.
The first patch updates xinclude.c and adds the new tests from
upstream, and the second applies the fix for the CVE.
CVE: CVE-2021-3518
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Parsing specially crafted Mixed Content while parsing XML data may
lead to invalid data structure being created, as errors were not
propagated. This could lead to several NULL Pointer Dereference when
post-validating documents parsed in recovery mode.
CVE: CVE-2021-3537
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes use-after-free in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3516
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3517
Upstream-status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
see:
https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rename
Besides checking DISTRO_FEATURES for required or conflicting features,
being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also
be useful at times.
Temporarily support the old class name with a warning about future
deprecation.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Drop backported fix-CVE-2017-8872.patch,
fix-CVE-2018-14404.patch and
0001-Fix-infinite-loop-in-LZMA-decompression.patch
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After eglibc was merged into glibc, Kconfig support was also dropped so
these libc features therefore are not effective anymore and can be
removed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
PACKAGE_NO_GCONV is set in libc-package.bbclass if not all of
'libc-charsets libc-locale-code libc-locales' included in
DISTRO_FEATURES. And then no packages glibc-gconv-* glibc-charmap-* and
glibc-localedata-* is created. Update recipes and conf file which depend
on these packages to check required distro features.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fetch the test tar ball to a subdirectory in ${S}. This avoids the
following error after having done `devtool modify libxml2`:
| DEBUG: Executing shell function do_configure
| find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Packaging of libxml2-utils has been broken since 2011:
http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch associated with the CVE-2017-8872 report was never merged into
libxml2, but a slightly different patch for the same problem was. Cherry-pick
that as a backport, which also fixes the failing test suite.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix nullptr deref with XPath logic ops
If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.
CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
for core-image-minimal image, missing these two dependency
will cause below warning and error:
warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
./test/icu_parse_test.xml generated an error
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4
allows attackers to cause a denial of service (buffer over-read) or
information disclosure.
https://bugzilla.gnome.org/show_bug.cgi?id=775200
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The packaging has been altered slightly so ensure the dependencies are all still
valid.
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Changes to Makefile in latest version mean when "make -k runtests" is executed,
it leads to errors like:
| make: *** No rule to make target 'runtest.c', needed by 'runtest.o'.
| make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'.
| make: *** No rule to make target 'entities.c', needed by 'entities.lo'.
| make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'.
Make sure that we don't try to check and compile the tests again on the target.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
HTTP is more reliable in general so use it instead of FTP.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We need to specify UTF-8 in the environment to avoid an error
such as:
UnicodeEncodeError: 'ascii' codec can't encode character '\xe4'
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This fixes the error:
./test/errors/759398.xml:1: parser error : Unsupported encoding ISO-8859-5
<?xml version='1.0' encoding='ISO-8859-5' standalone='no'?>
^
./test/errors/759398.xml : failed to parse
FAIL: Error cases stream regression tests
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove various build host references from libxml-ptest package.
[YOCTO #11997]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)
https://bugzilla.gnome.org/show_bug.cgi?id=775200
Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"
./configure --disable-shared
make clean all -j
wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc
./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
even local"
The new flag doesn't work and the change even broke the XML_PARSE_NONET option.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix NULL pointer deref in xmlDumpElementContent
Can only be triggered in recovery mode.
Fixes bug 758422
CVE: CVE-2017-5969
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Fixes bug 781205 and bug 781361
CVE: CVE-2017-9049 CVE-2017-9050
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 and bug 781701
CVE: CVE-2017-9047 CVE-2017-9048
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Makefile.am: Disable LeakSanitizer when running API tests
The autogenerated API tests leak memory.
Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Since we go through the trouble of copying the Python tests, we may as
well actually run them...
This also avoids the following QA issue:
ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue:
/usr/lib/libxml2/ptest/python/tests/push.py contained in package
libxml2-ptest requires /usr/bin/python, but no providers found in
RDEPENDS_libxml2-ptest? [file-rdeps]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The library libxml2 can provide its own bindings for python2 in addition
to the third party python-lxml and python3-lxml packages if this
functionality is enabled in PACKAGECONFIG.
But in case the functionality is disabled there's no need to depend
on python2.
Make the dependency on python2 enabled only if the python feature
is added to PACKAGECONFIG. Also add missing run-time dependency on make
to libxml2-ptest.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With rss, moving these around was having an increasing overhead and we don't
need them in the native case so remove them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Tony Tascioglu
Alexander Kanavin
Ovidiu Panait
Jacob Kroon
Richard Purdie
Lee Chee Yang
Anuj Mittal
Denys Dmytriyenko
Hongxu Jia
Khem Raj
Kai Kang
Peter Kjellerstedt
Andre McCurdy
Ross Burton
Andrej Valek
Changqing Li
Alejandro Hernandez
Juro Bystricky
Alexander Kanavin
Catalin Enache
Dmitry Rozhkov
Joshua Lock