libxml2: fix CVE-2015-7942 and CVE-2015-8035

CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] (From OE-Core rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2015-11-11 14:21:46 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-11-25 08:08:08 +0000
commit: 8514d21e6a8fef634d6f361bdfd19ef87a3e5567 (patch)
tree: 20cbd370438bf21329766267072452ac1121c7e1 /meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
parent: e864f71f4cc2e1cedfd36a8b9ab526fdb76fbb7d (diff)
download: poky-8514d21e6a8fef634d6f361bdfd19ef87a3e5567.tar.gz
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
new file mode 100644
index 0000000000..a5930ed29b
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
@@ -0,0 +1,55 @@
+libxml2: CVE-2015-7942
+From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: Cleanup conditional section error handling
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+Upstream-Status: Backport
+https://git.gnome.org/browse/libxml2/patch/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
+[YOCTO #8641]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+Index: libxml2-2.9.2/parser.c
+===================================================================
+--- libxml2-2.9.2.orig/parser.c
+++ libxml2-2.9.2/parser.c
+@@ -6783,6 +6783,8 @@ xmlParseConditionalSections(xmlParserCtx
+        SKIP_BLANKS;
+        if (RAW != '[') {
+            xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+           xmlStopParser(ctxt);
+           return;
+        } else {
+            if (ctxt->input->id != id) {
+                xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6843,6 +6845,8 @@ xmlParseConditionalSections(xmlParserCtx
+        SKIP_BLANKS;
+        if (RAW != '[') {
+            xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+           xmlStopParser(ctxt);
+           return;
+        } else {
+            if (ctxt->input->id != id) {
+                xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6898,6 +6902,8 @@ xmlParseConditionalSections(xmlParserCtx
+ 
+     } else {
+        xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
+       xmlStopParser(ctxt);
+       return;
+     }
+ 
+     if (RAW == 0)
author	Armin Kuster <akuster@mvista.com>	2015-11-11 14:21:46 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-11-25 08:08:08 +0000
commit	8514d21e6a8fef634d6f361bdfd19ef87a3e5567 (patch)
tree	20cbd370438bf21329766267072452ac1121c7e1 /meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
parent	e864f71f4cc2e1cedfd36a8b9ab526fdb76fbb7d (diff)
download	poky-8514d21e6a8fef634d6f361bdfd19ef87a3e5567.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch new file mode 100644 index 0000000000..a5930ed29b --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
@@ -0,0 +1,55 @@
	1	libxml2: CVE-2015-7942
	2
	3	From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
	4	From: Daniel Veillard <veillard@redhat.com>
	5	Date: Mon, 23 Feb 2015 11:29:20 +0800
	6	Subject: Cleanup conditional section error handling
	7
	8	For https://bugzilla.gnome.org/show_bug.cgi?id=744980
	9
	10	The error handling of Conditional Section also need to be
	11	straightened as the structure of the document can't be
	12	guessed on a failure there and it's better to stop parsing
	13	as further errors are likely to be irrelevant.
	14
	15	Upstream-Status: Backport
	16	https://git.gnome.org/browse/libxml2/patch/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
	17
	18	[YOCTO #8641]
	19	Signed-off-by: Armin Kuster <akuster@mvista.com>
	20
	21	---
	22	parser.c \| 6 ++++++
	23	1 file changed, 6 insertions(+)
	24
	25	Index: libxml2-2.9.2/parser.c
	26	===================================================================
	27	--- libxml2-2.9.2.orig/parser.c
	28	+++ libxml2-2.9.2/parser.c
	29	@@ -6783,6 +6783,8 @@ xmlParseConditionalSections(xmlParserCtx
	30	SKIP_BLANKS;
	31	if (RAW != '[') {
	32	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
	33	+ xmlStopParser(ctxt);
	34	+ return;
	35	} else {
	36	if (ctxt->input->id != id) {
	37	xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
	38	@@ -6843,6 +6845,8 @@ xmlParseConditionalSections(xmlParserCtx
	39	SKIP_BLANKS;
	40	if (RAW != '[') {
	41	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
	42	+ xmlStopParser(ctxt);
	43	+ return;
	44	} else {
	45	if (ctxt->input->id != id) {
	46	xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
	47	@@ -6898,6 +6902,8 @@ xmlParseConditionalSections(xmlParserCtx
	48
	49	} else {
	50	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
	51	+ xmlStopParser(ctxt);
	52	+ return;
	53	}
	54
	55	if (RAW == 0)