libxml2: CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Catalin Enache <catalin.enache@windriver.com> 2017-04-14 11:43:32 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-04-29 11:17:23 +0100
commit: d7ec005904b456c62a226efd5c6931e81459052a (patch)
tree: fbbb0318d9e97a4c8d29645bc2822ce8233c5c93
parent: 5970acb3fe28d4af59834b5cacb2d8d4d3511506 (diff)
download: poky-d7ec005904b456c62a226efd5c6931e81459052a.tar.gz
2 files changed, 208 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
new file mode 100644
index 0000000000..3581ab83df
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
@@ -0,0 +1,207 @@
+From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
+From: Doran Moppert <dmoppert@redhat.com>
+Date: Fri, 7 Apr 2017 16:45:56 +0200
+Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
+ even local
+For https://bugzilla.gnome.org/show_bug.cgi?id=772726
+* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
+* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
+* include/libxml/xmlerror.h: new error raised
+* xmllint.c: adds --noxxe flag to activate the option
+Upstream-Status: Backport
+CVE: CVE-2016-9318
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ elfgcchack.h              | 10 ++++++++++
+ include/libxml/parser.h   |  3 ++-
+ include/libxml/xmlIO.h    |  8 ++++++++
+ include/libxml/xmlerror.h |  1 +
+ parser.c                  |  4 ++++
+ xmlIO.c                   | 40 +++++++++++++++++++++++++++++++++++-----
+ xmllint.c                 |  5 +++++
+ 7 files changed, 65 insertions(+), 6 deletions(-)
+diff --git a/elfgcchack.h b/elfgcchack.h
+index 8c52884..1b81dcd 100644
+--- a/elfgcchack.h
+++ b/elfgcchack.h
+@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
+ #endif
+ #endif
+ 
+#ifdef bottom_xmlIO
+#undef xmlNoXxeExternalEntityLoader
+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
+#else
+#ifndef xmlNoXxeExternalEntityLoader
+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
+#endif
+#endif
+
+ #ifdef bottom_tree
+ #undef xmlNodeAddContent
+ extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
+diff --git a/include/libxml/parser.h b/include/libxml/parser.h
+index 47fbec0..63ca1b9 100644
+--- a/include/libxml/parser.h
+++ b/include/libxml/parser.h
+@@ -1111,7 +1111,8 @@ typedef enum {
+     XML_PARSE_HUGE      = 1<<19,/* relax any hardcoded limit from the parser */
+     XML_PARSE_OLDSAX    = 1<<20,/* parse using SAX2 interface before 2.7.0 */
+     XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
+-    XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
+    XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
+    XML_PARSE_NOXXE    = 1<<23 /* Forbid any external entity loading */
+ } xmlParserOption;
+ 
+ XMLPUBFUN void XMLCALL
+diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
+index 3e41744..8d3fdef 100644
+--- a/include/libxml/xmlIO.h
+++ b/include/libxml/xmlIO.h
+@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
+                                         xmlParserCtxtPtr ctxt);
+ 
+ /*
+ * A predefined entity loader external entity expansion
+ */
+XMLPUBFUN xmlParserInputPtr XMLCALL
+       xmlNoXxeExternalEntityLoader    (const char *URL,
+                                        const char *ID,
+                                        xmlParserCtxtPtr ctxt);
+
+/*
+  * xmlNormalizeWindowsPath is obsolete, don't use it.
+  * Check xmlCanonicPath in uri.h for a better alternative.
+  */
+diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
+index 037c16d..3036062 100644
+--- a/include/libxml/xmlerror.h
+++ b/include/libxml/xmlerror.h
+@@ -470,6 +470,7 @@ typedef enum {
+     XML_IO_EADDRINUSE, /* 1554 */
+     XML_IO_EALREADY, /* 1555 */
+     XML_IO_EAFNOSUPPORT, /* 1556 */
+    XML_IO_ILLEGAL_XXE, /* 1557 */
+     XML_XINCLUDE_RECURSION=1600,
+     XML_XINCLUDE_PARSE_VALUE, /* 1601 */
+     XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
+diff --git a/parser.c b/parser.c
+index 53a6b7f..609a270 100644
+--- a/parser.c
+++ b/parser.c
+@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
+        ctxt->options |= XML_PARSE_NONET;
+         options -= XML_PARSE_NONET;
+     }
+    if (options & XML_PARSE_NOXXE) {
+       ctxt->options |= XML_PARSE_NOXXE;
+        options -= XML_PARSE_NOXXE;
+    }
+     if (options & XML_PARSE_COMPACT) {
+        ctxt->options |= XML_PARSE_COMPACT;
+         options -= XML_PARSE_COMPACT;
+diff --git a/xmlIO.c b/xmlIO.c
+index 1a79c09..304f822 100644
+--- a/xmlIO.c
+++ b/xmlIO.c
+@@ -210,6 +210,7 @@ static const char *IOerr[] = {
+     "adddress in use",         /* EADDRINUSE */
+     "already in use",          /* EALREADY */
+     "unknown address familly", /* EAFNOSUPPORT */
+    "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
+ };
+ 
+ #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
+@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID,
+     xmlGenericError(xmlGenericErrorContext,
+                     "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
+ #endif
+-    if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
+    if (ctxt != NULL) {
+         int options = ctxt->options;
+ 
+-       ctxt->options -= XML_PARSE_NONET;
+-        ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+-       ctxt->options = options;
+-       return(ret);
+        if (options & XML_PARSE_NOXXE) {
+            ctxt->options -= XML_PARSE_NOXXE;
+            ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
+            ctxt->options = options;
+            return(ret);
+        }
+ 
+        if (options & XML_PARSE_NONET) {
+            ctxt->options -= XML_PARSE_NONET;
+            ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
+            ctxt->options = options;
+            return(ret);
+        }
+     }
+ #ifdef LIBXML_CATALOG_ENABLED
+     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+     xmlParserInputPtr input = NULL;
+     xmlChar *resource = NULL;
+ 
+    if (ctxt == NULL) {
+        return(NULL);
+    }
+    if (ctxt->input_id == 1) {
+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
+    }
+
+ #ifdef LIBXML_CATALOG_ENABLED
+     resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
+ #endif
+@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID,
+     return(input);
+ }
+ 
+xmlParserInputPtr
+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID,
+                          xmlParserCtxtPtr ctxt) {
+    if (ctxt == NULL) {
+        return(NULL);
+    }
+    if (ctxt->input_id == 1) {
+        return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
+    }
+    xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
+    return(NULL);
+}
+
+ #define bottom_xmlIO
+ #include "elfgcchack.h"
+diff --git a/xmllint.c b/xmllint.c
+index 67f7adb..d9368c1 100644
+--- a/xmllint.c
+++ b/xmllint.c
+@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
+     printf("\t--path 'paths': provide a set of paths for resources\n");
+     printf("\t--load-trace : print trace of all external entities loaded\n");
+     printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
+    printf("\t--noxxe : forbid any external entity loading\n");
+     printf("\t--nocompact : do not generate compact text nodes\n");
+     printf("\t--htmlout : output results as HTML\n");
+     printf("\t--nowrap : do not put HTML doc wrapper\n");
+@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
+                    (!strcmp(argv[i], "--nonet"))) {
+            options |= XML_PARSE_NONET;
+            xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
+        } else if ((!strcmp(argv[i], "-noxxe")) ||
+                   (!strcmp(argv[i], "--noxxe"))) {
+           options |= XML_PARSE_NOXXE;
+           xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
+         } else if ((!strcmp(argv[i], "-nocompact")) ||
+                    (!strcmp(argv[i], "--nocompact"))) {
+            options &= ~XML_PARSE_COMPACT;
+-- 
+2.10.2
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 0c3d683623..7d0e121be1 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml2-CVE-2016-5131.patch \
           file://libxml2-CVE-2016-4658.patch \
           file://libxml2-fix_NULL_pointer_derefs.patch \
+           file://CVE-2016-9318.patch \
          "
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
author	Catalin Enache <catalin.enache@windriver.com>	2017-04-14 11:43:32 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-04-29 11:17:23 +0100
commit	d7ec005904b456c62a226efd5c6931e81459052a (patch)
tree	fbbb0318d9e97a4c8d29645bc2822ce8233c5c93
parent	5970acb3fe28d4af59834b5cacb2d8d4d3511506 (diff)
download	poky-d7ec005904b456c62a226efd5c6931e81459052a.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch new file mode 100644 index 0000000000..3581ab83df --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2016-9318.patch
@@ -0,0 +1,207 @@
		1	From 7fa1cd31552d52d50a9101f07c816ff6dd2d9f19 Mon Sep 17 00:00:00 2001
		2	From: Doran Moppert <dmoppert@redhat.com>
		3	Date: Fri, 7 Apr 2017 16:45:56 +0200
		4	Subject: [PATCH] Add an XML_PARSE_NOXXE flag to block all entities loading
		5	even local
		6
		7	For https://bugzilla.gnome.org/show_bug.cgi?id=772726
		8
		9	* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE
		10	* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine
		11	* include/libxml/xmlerror.h: new error raised
		12	* xmllint.c: adds --noxxe flag to activate the option
		13
		14	Upstream-Status: Backport
		15	CVE: CVE-2016-9318
		16
		17	Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
		18	---
		19	elfgcchack.h \| 10 ++++++++++
		20	include/libxml/parser.h \| 3 ++-
		21	include/libxml/xmlIO.h \| 8 ++++++++
		22	include/libxml/xmlerror.h \| 1 +
		23	parser.c \| 4 ++++
		24	xmlIO.c \| 40 +++++++++++++++++++++++++++++++++++-----
		25	xmllint.c \| 5 +++++
		26	7 files changed, 65 insertions(+), 6 deletions(-)
		27
		28	diff --git a/elfgcchack.h b/elfgcchack.h
		29	index 8c52884..1b81dcd 100644
		30	--- a/elfgcchack.h
		31	+++ b/elfgcchack.h
		32	@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int
		33	#endif
		34	#endif
		35
		36	+#ifdef bottom_xmlIO
		37	+#undef xmlNoXxeExternalEntityLoader
		38	+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias")));
		39	+#else
		40	+#ifndef xmlNoXxeExternalEntityLoader
		41	+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden")));
		42	+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias
		43	+#endif
		44	+#endif
		45	+
		46	#ifdef bottom_tree
		47	#undef xmlNodeAddContent
		48	extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias")));
		49	diff --git a/include/libxml/parser.h b/include/libxml/parser.h
		50	index 47fbec0..63ca1b9 100644
		51	--- a/include/libxml/parser.h
		52	+++ b/include/libxml/parser.h
		53	@@ -1111,7 +1111,8 @@ typedef enum {
		54	XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */
		55	XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */
		56	XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */
		57	- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */
		58	+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */
		59	+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */
		60	} xmlParserOption;
		61
		62	XMLPUBFUN void XMLCALL
		63	diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h
		64	index 3e41744..8d3fdef 100644
		65	--- a/include/libxml/xmlIO.h
		66	+++ b/include/libxml/xmlIO.h
		67	@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL
		68	xmlParserCtxtPtr ctxt);
		69
		70	/*
		71	+ * A predefined entity loader external entity expansion
		72	+ */
		73	+XMLPUBFUN xmlParserInputPtr XMLCALL
		74	+ xmlNoXxeExternalEntityLoader (const char *URL,
		75	+ const char *ID,
		76	+ xmlParserCtxtPtr ctxt);
		77	+
		78	+/*
		79	* xmlNormalizeWindowsPath is obsolete, don't use it.
		80	* Check xmlCanonicPath in uri.h for a better alternative.
		81	*/
		82	diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h
		83	index 037c16d..3036062 100644
		84	--- a/include/libxml/xmlerror.h
		85	+++ b/include/libxml/xmlerror.h
		86	@@ -470,6 +470,7 @@ typedef enum {
		87	XML_IO_EADDRINUSE, /* 1554 */
		88	XML_IO_EALREADY, /* 1555 */
		89	XML_IO_EAFNOSUPPORT, /* 1556 */
		90	+ XML_IO_ILLEGAL_XXE, /* 1557 */
		91	XML_XINCLUDE_RECURSION=1600,
		92	XML_XINCLUDE_PARSE_VALUE, /* 1601 */
		93	XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */
		94	diff --git a/parser.c b/parser.c
		95	index 53a6b7f..609a270 100644
		96	--- a/parser.c
		97	+++ b/parser.c
		98	@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi
		99	ctxt->options \|= XML_PARSE_NONET;
		100	options -= XML_PARSE_NONET;
		101	}
		102	+ if (options & XML_PARSE_NOXXE) {
		103	+ ctxt->options \|= XML_PARSE_NOXXE;
		104	+ options -= XML_PARSE_NOXXE;
		105	+ }
		106	if (options & XML_PARSE_COMPACT) {
		107	ctxt->options \|= XML_PARSE_COMPACT;
		108	options -= XML_PARSE_COMPACT;
		109	diff --git a/xmlIO.c b/xmlIO.c
		110	index 1a79c09..304f822 100644
		111	--- a/xmlIO.c
		112	+++ b/xmlIO.c
		113	@@ -210,6 +210,7 @@ static const char *IOerr[] = {
		114	"adddress in use", /* EADDRINUSE */
		115	"already in use", /* EALREADY */
		116	"unknown address familly", /* EAFNOSUPPORT */
		117	+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */
		118	};
		119
		120	#if defined(_WIN32) \|\| defined (__DJGPP__) && !defined (__CYGWIN__)
		121	@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char URL, const char ID,
		122	xmlGenericError(xmlGenericErrorContext,
		123	"xmlDefaultExternalEntityLoader(%s, xxx)\n", URL);
		124	#endif
		125	- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) {
		126	+ if (ctxt != NULL) {
		127	int options = ctxt->options;
		128
		129	- ctxt->options -= XML_PARSE_NONET;
		130	- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
		131	- ctxt->options = options;
		132	- return(ret);
		133	+ if (options & XML_PARSE_NOXXE) {
		134	+ ctxt->options -= XML_PARSE_NOXXE;
		135	+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt);
		136	+ ctxt->options = options;
		137	+ return(ret);
		138	+ }
		139	+
		140	+ if (options & XML_PARSE_NONET) {
		141	+ ctxt->options -= XML_PARSE_NONET;
		142	+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt);
		143	+ ctxt->options = options;
		144	+ return(ret);
		145	+ }
		146	}
		147	#ifdef LIBXML_CATALOG_ENABLED
		148	resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
		149	@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char URL, const char ID,
		150	xmlParserInputPtr input = NULL;
		151	xmlChar *resource = NULL;
		152
		153	+ if (ctxt == NULL) {
		154	+ return(NULL);
		155	+ }
		156	+ if (ctxt->input_id == 1) {
		157	+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
		158	+ }
		159	+
		160	#ifdef LIBXML_CATALOG_ENABLED
		161	resource = xmlResolveResourceFromCatalog(URL, ID, ctxt);
		162	#endif
		163	@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char URL, const char ID,
		164	return(input);
		165	}
		166
		167	+xmlParserInputPtr
		168	+xmlNoXxeExternalEntityLoader(const char URL, const char ID,
		169	+ xmlParserCtxtPtr ctxt) {
		170	+ if (ctxt == NULL) {
		171	+ return(NULL);
		172	+ }
		173	+ if (ctxt->input_id == 1) {
		174	+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt);
		175	+ }
		176	+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL);
		177	+ return(NULL);
		178	+}
		179	+
		180	#define bottom_xmlIO
		181	#include "elfgcchack.h"
		182	diff --git a/xmllint.c b/xmllint.c
		183	index 67f7adb..d9368c1 100644
		184	--- a/xmllint.c
		185	+++ b/xmllint.c
		186	@@ -3019,6 +3019,7 @@ static void usage(const char *name) {
		187	printf("\t--path 'paths': provide a set of paths for resources\n");
		188	printf("\t--load-trace : print trace of all external entities loaded\n");
		189	printf("\t--nonet : refuse to fetch DTDs or entities over network\n");
		190	+ printf("\t--noxxe : forbid any external entity loading\n");
		191	printf("\t--nocompact : do not generate compact text nodes\n");
		192	printf("\t--htmlout : output results as HTML\n");
		193	printf("\t--nowrap : do not put HTML doc wrapper\n");
		194	@@ -3461,6 +3462,10 @@ main(int argc, char **argv) {
		195	(!strcmp(argv[i], "--nonet"))) {
		196	options \|= XML_PARSE_NONET;
		197	xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader);
		198	+ } else if ((!strcmp(argv[i], "-noxxe")) \|\|
		199	+ (!strcmp(argv[i], "--noxxe"))) {
		200	+ options \|= XML_PARSE_NOXXE;
		201	+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader);
		202	} else if ((!strcmp(argv[i], "-nocompact")) \|\|
		203	(!strcmp(argv[i], "--nocompact"))) {
		204	options &= ~XML_PARSE_COMPACT;
		205	--
		206	2.10.2
		207


diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 0c3d683623..7d0e121be1 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23	file://libxml2-CVE-2016-5131.patch \	23	file://libxml2-CVE-2016-5131.patch \
24	file://libxml2-CVE-2016-4658.patch \	24	file://libxml2-CVE-2016-4658.patch \
25	file://libxml2-fix_NULL_pointer_derefs.patch \	25	file://libxml2-fix_NULL_pointer_derefs.patch \
		26	file://CVE-2016-9318.patch \
26	"	27	"
27		28
28	SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"	29	SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"