summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVijay Anusuri <vanusuri@mvista.com>2024-03-07 11:33:11 +0530
committerSteve Sakoman <steve@sakoman.com>2024-03-25 04:02:32 -1000
commit8b77dd2bcfec627dc8bf013c62de5582bf224f8e (patch)
treed5fc25c00ad1264dc81f718f5ab96fc48cddc089
parent54d8a1f631543ce01ba513e7cdae756e2a8e1968 (diff)
downloadpoky-8b77dd2bcfec627dc8bf013c62de5582bf224f8e.tar.gz
libxml2: Backport fix for CVE-2024-25062
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 & https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] (From OE-Core rev: e4e621dc42be5dd158393fcadf5200f9eae613cb) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch38
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch33
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.10.bb2
3 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
new file mode 100644
index 0000000000..31183399f8
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
@@ -0,0 +1,38 @@
1From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Mon, 9 Nov 2020 17:55:44 +0100
4Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
5 XIncludes
6
7Don't process XIncludes in the result of another inclusion to avoid
8infinite recursion resulting in a call stack overflow.
9
10This is something the XInclude engine shouldn't allow but correct
11handling of intra-document includes would require major changes.
12
13Found by OSS-Fuzz.
14
15Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
16CVE: CVE-2024-25062 #Dependency Patch
17Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
18---
19 xmlreader.c | 3 ++-
20 1 file changed, 2 insertions(+), 1 deletion(-)
21
22diff --git a/xmlreader.c b/xmlreader.c
23index 01adf74f4..72e40b032 100644
24--- a/xmlreader.c
25+++ b/xmlreader.c
26@@ -1585,7 +1585,8 @@ node_found:
27 /*
28 * Handle XInclude if asked for
29 */
30- if ((reader->xinclude) && (reader->node != NULL) &&
31+ if ((reader->xinclude) && (reader->in_xinclude == 0) &&
32+ (reader->node != NULL) &&
33 (reader->node->type == XML_ELEMENT_NODE) &&
34 (reader->node->ns != NULL) &&
35 ((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
36--
37GitLab
38
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
new file mode 100644
index 0000000000..5365d5546a
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,33 @@
1From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Sat, 14 Oct 2023 22:45:54 +0200
4Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
5 backtracking
6
7Fixes a use-after-free if XML Reader if used with DTD validation and
8XInclude expansion.
9
10Fixes #604.
11
12Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
13CVE: CVE-2024-25062
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 xmlreader.c | 1 +
17 1 file changed, 1 insertion(+)
18
19diff --git a/xmlreader.c b/xmlreader.c
20index 979385a13..fefd68e0b 100644
21--- a/xmlreader.c
22+++ b/xmlreader.c
23@@ -1443,6 +1443,7 @@ node_found:
24 * Handle XInclude if asked for
25 */
26 if ((reader->xinclude) && (reader->in_xinclude == 0) &&
27+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
28 (reader->node != NULL) &&
29 (reader->node->type == XML_ELEMENT_NODE) &&
30 (reader->node->ns != NULL) &&
31--
32GitLab
33
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 90d30f1ea7..72f830b6d3 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -44,6 +44,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
44 file://CVE-2021-3516.patch \ 44 file://CVE-2021-3516.patch \
45 file://CVE-2023-45322-1.patch \ 45 file://CVE-2023-45322-1.patch \
46 file://CVE-2023-45322-2.patch \ 46 file://CVE-2023-45322-2.patch \
47 file://CVE-2024-25062-pre1.patch \
48 file://CVE-2024-25062.patch \
47 " 49 "
48 50
49SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" 51SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"