summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch41
-rw-r--r--recipes-core/libxml/libxml2_%.bbappend1
2 files changed, 42 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 0000000..6319280
--- /dev/null
+++ b/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,41 @@
1From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Wed, 23 Aug 2017 16:04:49 +0800
4Subject: [PATCH] fix CVE-2017-8872
5
6this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
7il too here.
8
9this seems to cure this specific issue, and also passes the testsuite
10
11Signed-off-by: Marcus Meissner <meissner@suse.de>
12
13https://bugzilla.gnome.org/show_bug.cgi?id=775200
14
15CVE: CVE-2017-8872
16Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
17
18Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
19Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
20---
21 parser.c | 4 ++++
22 1 file changed, 4 insertions(+)
23
24diff --git a/parser.c b/parser.c
25index 9506ead..6c07ffd 100644
26--- a/parser.c
27+++ b/parser.c
28@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
29 }
30 ctxt->input->cur = BAD_CAST"";
31 ctxt->input->base = ctxt->input->cur;
32+ if (ctxt->input->buf) {
33+ xmlBufEmpty (ctxt->input->buf->buffer);
34+ } else
35+ ctxt->input->length = 0;
36 }
37 }
38
39--
402.7.4
41
diff --git a/recipes-core/libxml/libxml2_%.bbappend b/recipes-core/libxml/libxml2_%.bbappend
index 01e59d3..b4f5d38 100644
--- a/recipes-core/libxml/libxml2_%.bbappend
+++ b/recipes-core/libxml/libxml2_%.bbappend
@@ -5,5 +5,6 @@ SRC_URI += "file://CVE-2017-0663.patch \
5 file://CVE-2017-5969.patch \ 5 file://CVE-2017-5969.patch \
6 file://CVE-2017-9047_CVE-2017-9048.patch \ 6 file://CVE-2017-9047_CVE-2017-9048.patch \
7 file://CVE-2017-9049_CVE-2017-9050.patch \ 7 file://CVE-2017-9049_CVE-2017-9050.patch \
8 file://libxml2-CVE-2017-8872.patch \
8 " 9 "
9 10