diff options
| author | Ross Burton <ross.burton@intel.com> | 2013-09-17 10:22:17 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-10-10 12:31:14 +0100 |
| commit | a36c28943d749a64c968e827ac0c51b626c7d70e (patch) | |
| tree | 63a26ca4a59b20d842ba58166b04f90942ee42c1 | |
| parent | 1633edffc7c0e2f85efd93a502bbacf055aee8b5 (diff) | |
| download | poky-a36c28943d749a64c968e827ac0c51b626c7d70e.tar.gz | |
libxml2: remove patch for CVE-2012-2871
This CVE patch is actually against Chromium as they ship an internal fork of
libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and
we're shipping 1.1.28.
(From OE-Core rev: e6c60252ab4ba6842f63c6b8a519a85f2ff238fb)
(From OE-Core rev: 82b91d2484a4430a9b6689d0b6b07e6f62392266)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.0.bb | 2 |
2 files changed, 0 insertions, 36 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch deleted file mode 100644 index 3c66a9ca5e..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | libxml2 CVE-2012-2871 | ||
| 2 | |||
| 3 | the patch come from: | ||
| 4 | http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ | ||
| 5 | /include/libxml/tree.h?r1=56276&r2=149930 | ||
| 6 | |||
| 7 | libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, | ||
| 8 | does not properly support a cast of an unspecified variable during handling | ||
| 9 | of XSL transforms, which allows remote attackers to cause a denial of service | ||
| 10 | or possibly have unknown other impact via a crafted document, related to the | ||
| 11 | _xmlNs data structure in include/libxml/tree.h. | ||
| 12 | |||
| 13 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 | ||
| 14 | |||
| 15 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
| 16 | --- | ||
| 17 | include/libxml/tree.h | 1 + | ||
| 18 | 1 files changed, 1 insertions(+), 0 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/include/libxml/tree.h b/include/libxml/tree.h | ||
| 21 | index b733589..5422dda 100644 | ||
| 22 | --- a/include/libxml/tree.h | ||
| 23 | +++ b/include/libxml/tree.h | ||
| 24 | @@ -351,6 +351,7 @@ struct _xmlNs { | ||
| 25 | struct _xmlNs *next; /* next Ns link for this node */ | ||
| 26 | xmlNsType type; /* global or local */ | ||
| 27 | const xmlChar *href; /* URL for the namespace */ | ||
| 28 | + const char *dummy_children; /* lines up with node->children */ | ||
| 29 | const xmlChar *prefix; /* prefix for the namespace */ | ||
| 30 | void *_private; /* application data */ | ||
| 31 | struct _xmlDoc *context; /* normally an xmlDoc */ | ||
| 32 | -- | ||
| 33 | 1.7.0.5 | ||
| 34 | |||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.0.bb b/meta/recipes-core/libxml/libxml2_2.9.0.bb index ecc19fbcbb..55ecbeb7e4 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.0.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.0.bb | |||
| @@ -5,5 +5,3 @@ PR = "${INC_PR}.1" | |||
| 5 | SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7" | 5 | SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7" |
| 6 | SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82" | 6 | SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82" |
| 7 | 7 | ||
| 8 | SRC_URI += "file://libxml2-CVE-2012-2871.patch \ | ||
| 9 | " | ||