1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch b/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch
new file mode 100644
index 0000000..252929c
--- /dev/null
+++ b/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch
@@ -0,0 +1,40 @@
+From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: [PATCH] Prevent unwanted external entity reference
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+* parser.c: add a specific check to avoid PE reference
+CVE: CVE-2018-7375
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+diff --git a/parser.c b/parser.c
+index 609a270..c2c812d 100644
+--- a/parser.c
+++ b/parser.c
+@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+            if (xmlPushInput(ctxt, input) < 0)
+                return;
+        } else {
+           if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+               ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+               ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+               ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
+               ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
+               (ctxt->replaceEntities == 0) &&
+               (ctxt->validate == 0))
+               return;
+
+            /*
+             * TODO !!!
+             * handle the extra spaces added before and after
+-- 
+2.7.4

diff --git a/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch b/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch new file mode 100644 index 0000000..252929c --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2017-7375-Prevent-unwanted-external-entity-reference.patch
@@ -0,0 +1,40 @@
	1	From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
	2	From: Neel Mehta <nmehta@google.com>
	3	Date: Fri, 7 Apr 2017 17:43:02 +0200
	4	Subject: [PATCH] Prevent unwanted external entity reference
	5
	6	For https://bugzilla.gnome.org/show_bug.cgi?id=780691
	7
	8	* parser.c: add a specific check to avoid PE reference
	9
	10	CVE: CVE-2018-7375
	11	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e]
	12
	13	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	14	---
	15	parser.c \| 9 +++++++++
	16	1 file changed, 9 insertions(+)
	17
	18	diff --git a/parser.c b/parser.c
	19	index 609a270..c2c812d 100644
	20	--- a/parser.c
	21	+++ b/parser.c
	22	@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
	23	if (xmlPushInput(ctxt, input) < 0)
	24	return;
	25	} else {
	26	+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
	27	+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
	28	+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
	29	+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
	30	+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
	31	+ (ctxt->replaceEntities == 0) &&
	32	+ (ctxt->validate == 0))
	33	+ return;
	34	+
	35	/*
	36	* TODO !!!
	37	* handle the extra spaces added before and after
	38	--
	39	2.7.4
	40