libxml2: Fix CVE-2021-3518 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Tony Tascioglu <tony.tascioglu@windriver.com>	2021-05-20 17:45:40 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-30 08:19:35 +0100
commit	ad30955575ccfcb07db11e7d42b5500c605aacbc (patch)
tree	64f296482c4f26cbd60402b04a896636f764014c /LICENSE.MIT
parent	fd33741e279702d8498fce47450cb1ea275e5e6b (diff)
download	poky-ad30955575ccfcb07db11e7d42b5500c605aacbc.tar.gz

libxml2: Fix CVE-2021-3518

This patch fixes CVE-2021-3518. The fix for the CVE is the following 3 lines in 1098c30a: - (cur->children->type != XML_ENTITY_DECL) && - (cur->children->type != XML_XINCLUDE_START) && - (cur->children->type != XML_XINCLUDE_END)) { + ((cur->type == XML_DOCUMENT_NODE) || + (cur->type == XML_ELEMENT_NODE))) { This relies on an updated version of xinclude.c from upstream which also adds several new tests. Those changes are brought in first so that the CVE patch can be applied cleanly. The first patch updates xinclude.c and adds the new tests from upstream, and the second applies the fix for the CVE. CVE: CVE-2021-3518 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7] (From OE-Core rev: 6c59d33ee158129d5c0cca3cce65824f9bc4e7e3) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'LICENSE.MIT')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: