summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-12-05 10:54:29 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-20 17:08:29 +0000
commit7aaf773d3243203b11592f92442f68009c476541 (patch)
treeccfdaaf4ce2c2652b9b08ad07631418f4b948c06
parent9d44210c74d3bd34d1dce59b59744ddf7e73b7b2 (diff)
downloadpoky-7aaf773d3243203b11592f92442f68009c476541.tar.gz
libxml2: security fix CVE-2015-8317
(From OE-Core rev: 34379b38919d535cd787bde4493fff61bd17f37a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch42
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 9ebb8bbeab..180dd66bce 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -25,6 +25,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ 25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
26 file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \ 26 file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
27 file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \ 27 file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
28 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
28 " 29 "
29 30
30BINCONFIG = "${bindir}/xml2-config" 31BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
new file mode 100644
index 0000000000..59425cbfc3
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch
@@ -0,0 +1,42 @@
1From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 29 Jun 2015 16:10:26 +0800
4Subject: [PATCH] Fail parsing early on if encoding conversion failed
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=751631
7
8If we fail conversing the current input stream while
9processing the encoding declaration of the XMLDecl
10then it's safer to just abort there and not try to
11report further errors.
12
13Upstream-Status: Backport
14
15CVE-2015-8317
16
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 parser.c | 6 +++++-
21 1 file changed, 5 insertions(+), 1 deletion(-)
22
23diff --git a/parser.c b/parser.c
24index a3a9568..0edd53b 100644
25--- a/parser.c
26+++ b/parser.c
27@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) {
28
29 handler = xmlFindCharEncodingHandler((const char *) encoding);
30 if (handler != NULL) {
31- xmlSwitchToEncoding(ctxt, handler);
32+ if (xmlSwitchToEncoding(ctxt, handler) < 0) {
33+ /* failed to convert */
34+ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING;
35+ return(NULL);
36+ }
37 } else {
38 xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING,
39 "Unsupported encoding %s\n", encoding);
40--
412.3.5
42