diff options
| author | Tony Tascioglu <tony.tascioglu@windriver.com> | 2021-05-20 17:13:04 -0400 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-21 15:18:23 +0100 |
| commit | 91ffc0a96c2b01442ba5009eb17ed14fb55831ed (patch) | |
| tree | d75978dfbf816a68aa453b197b3d0f2166a0b785 /meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch | |
| parent | d2ddc7020f070640ac1f2b7639fff028b400052c (diff) | |
| download | poky-91ffc0a96c2b01442ba5009eb17ed14fb55831ed.tar.gz | |
libxml2: Update to 2.9.12
Drop CVE patches which are fixed by the new upstream version.
Modify conflicting patches to apply to the new versions:
libxml2/libxml-m4-use-pkgconfig.patch
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
Drop fix-python39, which is merged upstream.
Removed hunk for tstLastError.py from
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
since it has been fixed upstream by:
8c3e52e: Updated python/tests/tstLastError.py
libxml2.registerErrorHandler(None,None):
None is not acceptable as first argument
failUnlessEqual replaced by assertEqual
The checksums for the licence file changed because a typo was fixed
across the files. The licence remains the same.
The obsolete MD5 checksums for the tar files have been dropped in
favor of SHA256.
The new release also adds fuzz tests, which are removed from the
makefile to allow the ptests to run. Fuzz testing is done upstream
and there is no need to run them as part of ptests which are
intended for functionality testing.
(From OE-Core rev: c7c429d05ca51b0404f09981f6c9bcad7dc33222)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch deleted file mode 100644 index facfefd362..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2020-7595.patch +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Zhipeng Xie <xiezhipeng1@huawei.com> | ||
| 3 | Date: Thu, 12 Dec 2019 17:30:55 +0800 | ||
| 4 | Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities | ||
| 5 | |||
| 6 | When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef | ||
| 7 | return NULL which cause a infinite loop in xmlStringLenDecodeEntities | ||
| 8 | |||
| 9 | Found with libFuzzer. | ||
| 10 | |||
| 11 | Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076] | ||
| 14 | CVE: CVE-2020-7595 | ||
| 15 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
| 16 | --- | ||
| 17 | parser.c | 3 ++- | ||
| 18 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/parser.c b/parser.c | ||
| 21 | index d1c31963..a34bb6cd 100644 | ||
| 22 | --- a/parser.c | ||
| 23 | +++ b/parser.c | ||
| 24 | @@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, | ||
| 25 | else | ||
| 26 | c = 0; | ||
| 27 | while ((c != 0) && (c != end) && /* non input consuming loop */ | ||
| 28 | - (c != end2) && (c != end3)) { | ||
| 29 | + (c != end2) && (c != end3) && | ||
| 30 | + (ctxt->instate != XML_PARSER_EOF)) { | ||
| 31 | |||
| 32 | if (c == 0) break; | ||
| 33 | if ((c == '&') && (str[1] == '#')) { | ||
| 34 | -- | ||
| 35 | 2.24.1 | ||
| 36 | |||