diff options
Diffstat (limited to 'recipes-core')
-rw-r--r-- | recipes-core/libxml/libxml2/CVE-2017-0663.patch | 47 | ||||
-rw-r--r-- | recipes-core/libxml/libxml2_%.bbappend | 3 |
2 files changed, 49 insertions, 1 deletions
diff --git a/recipes-core/libxml/libxml2/CVE-2017-0663.patch b/recipes-core/libxml/libxml2/CVE-2017-0663.patch new file mode 100644 index 0000000..a4f88b6 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2017-0663.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
3 | Date: Tue, 6 Jun 2017 12:56:28 +0200 | ||
4 | Subject: Fix type confusion in xmlValidateOneNamespace | ||
5 | |||
6 | Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on | ||
7 | namespace declarations make no practical sense anyway. | ||
8 | |||
9 | Fixes bug 780228. | ||
10 | |||
11 | Found with libFuzzer and ASan. | ||
12 | CVE: CVE-2017-0663 | ||
13 | Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] | ||
14 | |||
15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
16 | --- | ||
17 | valid.c | 7 +++++++ | ||
18 | 1 file changed, 7 insertions(+) | ||
19 | |||
20 | diff --git a/valid.c b/valid.c | ||
21 | index 8075d3a..c51ea29 100644 | ||
22 | --- a/valid.c | ||
23 | +++ b/valid.c | ||
24 | @@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { | ||
25 | } | ||
26 | } | ||
27 | |||
28 | + /* | ||
29 | + * Casting ns to xmlAttrPtr is wrong. We'd need separate functions | ||
30 | + * xmlAddID and xmlAddRef for namespace declarations, but it makes | ||
31 | + * no practical sense to use ID types anyway. | ||
32 | + */ | ||
33 | +#if 0 | ||
34 | /* Validity Constraint: ID uniqueness */ | ||
35 | if (attrDecl->atype == XML_ATTRIBUTE_ID) { | ||
36 | if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) | ||
37 | @@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { | ||
38 | if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) | ||
39 | ret = 0; | ||
40 | } | ||
41 | +#endif | ||
42 | |||
43 | /* Validity Constraint: Notation Attributes */ | ||
44 | if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { | ||
45 | -- | ||
46 | cgit v0.12 | ||
47 | |||
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend index c6e5705..01e59d3 100644 --- a/recipes-core/libxml/libxml2_%.bbappend +++ b/recipes-core/libxml/libxml2_%.bbappend | |||
@@ -1,7 +1,8 @@ | |||
1 | # look for files in the layer first | 1 | # look for files in the layer first |
2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" |
3 | 3 | ||
4 | SRC_URI += "file://CVE-2017-5969.patch \ | 4 | SRC_URI += "file://CVE-2017-0663.patch \ |
5 | file://CVE-2017-5969.patch \ | ||
5 | file://CVE-2017-9047_CVE-2017-9048.patch \ | 6 | file://CVE-2017-9047_CVE-2017-9048.patch \ |
6 | file://CVE-2017-9049_CVE-2017-9050.patch \ | 7 | file://CVE-2017-9049_CVE-2017-9050.patch \ |
7 | " | 8 | " |