libxml2: Backport fix for CVE-2021-3516

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539] (From OE-Core rev: 29c182375d91806d1e802b026f84b24e7c5d4b35) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-12-18 10:15:57 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-12-21 05:17:55 -1000
commit: 6b9d89ec0b8b1eed39d2c09de1f8b5e059292225 (patch)
tree: a5a0a73a9a24c472d1a6c6ea6dbf3f9e17af19dc
parent: c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a (diff)
download: poky-6b9d89ec0b8b1eed39d2c09de1f8b5e059292225.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch
new file mode 100644
index 0000000000..200f42091e
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch
@@ -0,0 +1,35 @@
+From 1358d157d0bd83be1dfe356a69213df9fac0b539 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 21 Apr 2021 13:23:27 +0200
+Subject: [PATCH] Fix use-after-free with `xmllint --html --push`
+Call htmlCtxtUseOptions to make sure that names aren't stored in
+dictionaries.
+Note that this issue only affects xmllint using the HTML push parser.
+Fixes #230.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539]
+CVE: CVE-2021-3516
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/xmllint.c b/xmllint.c
+index 6ca1bf54d..dbef273a8 100644
+--- a/xmllint.c
+++ b/xmllint.c
+@@ -2213,7 +2213,7 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) {
+             if (res > 0) {
+                 ctxt = htmlCreatePushParserCtxt(NULL, NULL,
+                             chars, res, filename, XML_CHAR_ENCODING_NONE);
+-                xmlCtxtUseOptions(ctxt, options);
+                htmlCtxtUseOptions(ctxt, options);
+                 while ((res = fread(chars, 1, pushsize, f)) > 0) {
+                     htmlParseChunk(ctxt, chars, res, 0);
+                 }
+-- 
+GitLab
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 5eac864098..aa17cd8cca 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -41,6 +41,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
           file://CVE-2023-39615-pre.patch \
           file://CVE-2023-39615-0001.patch \
           file://CVE-2023-39615-0002.patch \
+           file://CVE-2021-3516.patch \
           "
 SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"
author	Vijay Anusuri <vanusuri@mvista.com>	2023-12-18 10:15:57 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-12-21 05:17:55 -1000
commit	6b9d89ec0b8b1eed39d2c09de1f8b5e059292225 (patch)
tree	a5a0a73a9a24c472d1a6c6ea6dbf3f9e17af19dc
parent	c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a (diff)
download	poky-6b9d89ec0b8b1eed39d2c09de1f8b5e059292225.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch new file mode 100644 index 0000000000..200f42091e --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3516.patch
@@ -0,0 +1,35 @@
		1	From 1358d157d0bd83be1dfe356a69213df9fac0b539 Mon Sep 17 00:00:00 2001
		2	From: Nick Wellnhofer <wellnhofer@aevum.de>
		3	Date: Wed, 21 Apr 2021 13:23:27 +0200
		4	Subject: [PATCH] Fix use-after-free with `xmllint --html --push`
		5
		6	Call htmlCtxtUseOptions to make sure that names aren't stored in
		7	dictionaries.
		8
		9	Note that this issue only affects xmllint using the HTML push parser.
		10
		11	Fixes #230.
		12
		13	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539]
		14	CVE: CVE-2021-3516
		15	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		16	---
		17	xmllint.c \| 2 +-
		18	1 file changed, 1 insertion(+), 1 deletion(-)
		19
		20	diff --git a/xmllint.c b/xmllint.c
		21	index 6ca1bf54d..dbef273a8 100644
		22	--- a/xmllint.c
		23	+++ b/xmllint.c
		24	@@ -2213,7 +2213,7 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) {
		25	if (res > 0) {
		26	ctxt = htmlCreatePushParserCtxt(NULL, NULL,
		27	chars, res, filename, XML_CHAR_ENCODING_NONE);
		28	- xmlCtxtUseOptions(ctxt, options);
		29	+ htmlCtxtUseOptions(ctxt, options);
		30	while ((res = fread(chars, 1, pushsize, f)) > 0) {
		31	htmlParseChunk(ctxt, chars, res, 0);
		32	}
		33	--
		34	GitLab
		35


diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb index 5eac864098..aa17cd8cca 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -41,6 +41,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
41	file://CVE-2023-39615-pre.patch \	41	file://CVE-2023-39615-pre.patch \
42	file://CVE-2023-39615-0001.patch \	42	file://CVE-2023-39615-0001.patch \
43	file://CVE-2023-39615-0002.patch \	43	file://CVE-2023-39615-0002.patch \
		44	file://CVE-2021-3516.patch \
44	"	45	"
45		46
46	SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"	47	SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"