diff options
author | Ross Burton <ross.burton@intel.com> | 2015-11-25 22:44:53 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-12-01 21:32:14 +0000 |
commit | ed318749f992058c4faafcd551df4e73ced2a793 (patch) | |
tree | 30590ad98fb7e132ca0e17df8bb8bd998cd8c495 /meta/recipes-core/libxml/libxml2 | |
parent | ecb1c717617b4c9068c65d0d6fc0329db1ef8a13 (diff) | |
download | poky-ed318749f992058c4faafcd551df4e73ced2a793.tar.gz |
libxml2: upgrade to 2.9.3
- Drop all the upstreamed patches
- Rework the ansidecl removal so it's contained in a single patch
(From OE-Core rev: 88e68f25e1756988692108d4c15dfa8efc94e5e5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2')
7 files changed, 11 insertions, 387 deletions
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch deleted file mode 100644 index 96d58f9dd6..0000000000 --- a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch +++ /dev/null | |||
@@ -1,181 +0,0 @@ | |||
1 | From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Veillard <veillard@redhat.com> | ||
3 | Date: Tue, 14 Apr 2015 17:41:48 +0800 | ||
4 | Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant memory | ||
5 | |||
6 | One of the operation on the reader could resolve entities | ||
7 | leading to the classic expansion issue. Make sure the | ||
8 | buffer used for xmlreader operation is bounded. | ||
9 | Introduce a new allocation type for the buffers for this effect. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Yue Tao <Yue.Tao@windriver.com> | ||
14 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
15 | --- | ||
16 | buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++- | ||
17 | include/libxml/tree.h | 3 ++- | ||
18 | xmlreader.c | 20 +++++++++++++++++++- | ||
19 | 3 files changed, 63 insertions(+), 3 deletions(-) | ||
20 | |||
21 | diff --git a/buf.c b/buf.c | ||
22 | index 6efc7b6..07922ff 100644 | ||
23 | --- a/buf.c | ||
24 | +++ b/buf.c | ||
25 | @@ -27,6 +27,7 @@ | ||
26 | #include <libxml/tree.h> | ||
27 | #include <libxml/globals.h> | ||
28 | #include <libxml/tree.h> | ||
29 | +#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */ | ||
30 | #include "buf.h" | ||
31 | |||
32 | #define WITH_BUFFER_COMPAT | ||
33 | @@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf, | ||
34 | if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) || | ||
35 | (scheme == XML_BUFFER_ALLOC_EXACT) || | ||
36 | (scheme == XML_BUFFER_ALLOC_HYBRID) || | ||
37 | - (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) { | ||
38 | + (scheme == XML_BUFFER_ALLOC_IMMUTABLE) || | ||
39 | + (scheme == XML_BUFFER_ALLOC_BOUNDED)) { | ||
40 | buf->alloc = scheme; | ||
41 | if (buf->buffer) | ||
42 | buf->buffer->alloc = scheme; | ||
43 | @@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) { | ||
44 | size = buf->use + len + 100; | ||
45 | #endif | ||
46 | |||
47 | + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { | ||
48 | + /* | ||
49 | + * Used to provide parsing limits | ||
50 | + */ | ||
51 | + if ((buf->use + len >= XML_MAX_TEXT_LENGTH) || | ||
52 | + (buf->size >= XML_MAX_TEXT_LENGTH)) { | ||
53 | + xmlBufMemoryError(buf, "buffer error: text too long\n"); | ||
54 | + return(0); | ||
55 | + } | ||
56 | + if (size >= XML_MAX_TEXT_LENGTH) | ||
57 | + size = XML_MAX_TEXT_LENGTH; | ||
58 | + } | ||
59 | if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { | ||
60 | size_t start_buf = buf->content - buf->contentIO; | ||
61 | |||
62 | @@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) | ||
63 | CHECK_COMPAT(buf) | ||
64 | |||
65 | if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); | ||
66 | + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { | ||
67 | + /* | ||
68 | + * Used to provide parsing limits | ||
69 | + */ | ||
70 | + if (size >= XML_MAX_TEXT_LENGTH) { | ||
71 | + xmlBufMemoryError(buf, "buffer error: text too long\n"); | ||
72 | + return(0); | ||
73 | + } | ||
74 | + } | ||
75 | |||
76 | /* Don't resize if we don't have to */ | ||
77 | if (size < buf->size) | ||
78 | @@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { | ||
79 | |||
80 | needSize = buf->use + len + 2; | ||
81 | if (needSize > buf->size){ | ||
82 | + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { | ||
83 | + /* | ||
84 | + * Used to provide parsing limits | ||
85 | + */ | ||
86 | + if (needSize >= XML_MAX_TEXT_LENGTH) { | ||
87 | + xmlBufMemoryError(buf, "buffer error: text too long\n"); | ||
88 | + return(-1); | ||
89 | + } | ||
90 | + } | ||
91 | if (!xmlBufResize(buf, needSize)){ | ||
92 | xmlBufMemoryError(buf, "growing buffer"); | ||
93 | return XML_ERR_NO_MEMORY; | ||
94 | @@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) { | ||
95 | } | ||
96 | needSize = buf->use + len + 2; | ||
97 | if (needSize > buf->size){ | ||
98 | + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { | ||
99 | + /* | ||
100 | + * Used to provide parsing limits | ||
101 | + */ | ||
102 | + if (needSize >= XML_MAX_TEXT_LENGTH) { | ||
103 | + xmlBufMemoryError(buf, "buffer error: text too long\n"); | ||
104 | + return(-1); | ||
105 | + } | ||
106 | + } | ||
107 | if (!xmlBufResize(buf, needSize)){ | ||
108 | xmlBufMemoryError(buf, "growing buffer"); | ||
109 | return XML_ERR_NO_MEMORY; | ||
110 | diff --git a/include/libxml/tree.h b/include/libxml/tree.h | ||
111 | index 2f90717..4a9b3bc 100644 | ||
112 | --- a/include/libxml/tree.h | ||
113 | +++ b/include/libxml/tree.h | ||
114 | @@ -76,7 +76,8 @@ typedef enum { | ||
115 | XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */ | ||
116 | XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */ | ||
117 | XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */ | ||
118 | - XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */ | ||
119 | + XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */ | ||
120 | + XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */ | ||
121 | } xmlBufferAllocationScheme; | ||
122 | |||
123 | /** | ||
124 | diff --git a/xmlreader.c b/xmlreader.c | ||
125 | index f19e123..471e7e2 100644 | ||
126 | --- a/xmlreader.c | ||
127 | +++ b/xmlreader.c | ||
128 | @@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) { | ||
129 | "xmlNewTextReader : malloc failed\n"); | ||
130 | return(NULL); | ||
131 | } | ||
132 | + /* no operation on a reader should require a huge buffer */ | ||
133 | + xmlBufSetAllocationScheme(ret->buffer, | ||
134 | + XML_BUFFER_ALLOC_BOUNDED); | ||
135 | ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); | ||
136 | if (ret->sax == NULL) { | ||
137 | xmlBufFree(ret->buffer); | ||
138 | @@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) { | ||
139 | return(((xmlNsPtr) node)->href); | ||
140 | case XML_ATTRIBUTE_NODE:{ | ||
141 | xmlAttrPtr attr = (xmlAttrPtr) node; | ||
142 | + const xmlChar *ret; | ||
143 | |||
144 | if ((attr->children != NULL) && | ||
145 | (attr->children->type == XML_TEXT_NODE) && | ||
146 | @@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) { | ||
147 | "xmlTextReaderSetup : malloc failed\n"); | ||
148 | return (NULL); | ||
149 | } | ||
150 | + xmlBufSetAllocationScheme(reader->buffer, | ||
151 | + XML_BUFFER_ALLOC_BOUNDED); | ||
152 | } else | ||
153 | xmlBufEmpty(reader->buffer); | ||
154 | xmlBufGetNodeContent(reader->buffer, node); | ||
155 | - return(xmlBufContent(reader->buffer)); | ||
156 | + ret = xmlBufContent(reader->buffer); | ||
157 | + if (ret == NULL) { | ||
158 | + /* error on the buffer best to reallocate */ | ||
159 | + xmlBufFree(reader->buffer); | ||
160 | + reader->buffer = xmlBufCreateSize(100); | ||
161 | + xmlBufSetAllocationScheme(reader->buffer, | ||
162 | + XML_BUFFER_ALLOC_BOUNDED); | ||
163 | + ret = BAD_CAST ""; | ||
164 | + } | ||
165 | + return(ret); | ||
166 | } | ||
167 | break; | ||
168 | } | ||
169 | @@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader, | ||
170 | "xmlTextReaderSetup : malloc failed\n"); | ||
171 | return (-1); | ||
172 | } | ||
173 | + /* no operation on a reader should require a huge buffer */ | ||
174 | + xmlBufSetAllocationScheme(reader->buffer, | ||
175 | + XML_BUFFER_ALLOC_BOUNDED); | ||
176 | if (reader->sax == NULL) | ||
177 | reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); | ||
178 | if (reader->sax == NULL) { | ||
179 | -- | ||
180 | 1.7.9.5 | ||
181 | |||
diff --git a/meta/recipes-core/libxml/libxml2/0001-threads-Define-pthread-definitions-for-glibc-complia.patch b/meta/recipes-core/libxml/libxml2/0001-threads-Define-pthread-definitions-for-glibc-complia.patch deleted file mode 100644 index c653a81af3..0000000000 --- a/meta/recipes-core/libxml/libxml2/0001-threads-Define-pthread-definitions-for-glibc-complia.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | From 6750cc564a17c812555cca587660240ccffaaed3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sat, 4 Apr 2015 08:50:40 -0700 | ||
4 | Subject: [PATCH] threads: Define pthread* definitions for glibc compliant libs | ||
5 | |||
6 | This code is assuming glibc but not explicitly saying it | ||
7 | so lets make it so. Fixes following on musl | ||
8 | |||
9 | threads.c:80:27: error: macro "pthread_equal" requires 2 arguments, but | ||
10 | only 1 given | ||
11 | | extern int pthread_equal () | ||
12 | |||
13 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
14 | |||
15 | Upstream-Status: Pending | ||
16 | --- | ||
17 | threads.c | 2 +- | ||
18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
19 | |||
20 | Index: libxml2-2.9.2/threads.c | ||
21 | =================================================================== | ||
22 | --- libxml2-2.9.2.orig/threads.c | ||
23 | +++ libxml2-2.9.2/threads.c | ||
24 | @@ -47,7 +47,7 @@ | ||
25 | #ifdef HAVE_PTHREAD_H | ||
26 | |||
27 | static int libxml_is_threaded = -1; | ||
28 | -#ifdef __GNUC__ | ||
29 | +#if defined(__GNUC__) && defined(__GLIBC__) | ||
30 | #ifdef linux | ||
31 | #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3) | ||
32 | extern int pthread_once (pthread_once_t *__once_control, | ||
diff --git a/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch b/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch deleted file mode 100644 index 10a8112b58..0000000000 --- a/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Veillard <veillard@redhat.com> | ||
3 | Date: Thu, 23 Oct 2014 11:35:36 +0800 | ||
4 | Subject: Fix missing entities after CVE-2014-3660 fix | ||
5 | |||
6 | For https://bugzilla.gnome.org/show_bug.cgi?id=738805 | ||
7 | |||
8 | The fix for CVE-2014-3660 introduced a regression in some case | ||
9 | where entity substitution is required and the entity is used | ||
10 | first in anotther entity referenced from an attribute value | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | |||
14 | diff --git a/parser.c b/parser.c | ||
15 | index 67c9dfd..a8d1b67 100644 | ||
16 | --- a/parser.c | ||
17 | +++ b/parser.c | ||
18 | @@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { | ||
19 | * far more secure as the parser will only process data coming from | ||
20 | * the document entity by default. | ||
21 | */ | ||
22 | - if ((ent->checked == 0) && | ||
23 | + if (((ent->checked == 0) || | ||
24 | + ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && | ||
25 | ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || | ||
26 | (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { | ||
27 | unsigned long oldnbent = ctxt->nbentities; | ||
28 | -- | ||
29 | cgit v0.10.1 | ||
30 | |||
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch deleted file mode 100644 index a5930ed29b..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | libxml2: CVE-2015-7942 | ||
2 | |||
3 | From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001 | ||
4 | From: Daniel Veillard <veillard@redhat.com> | ||
5 | Date: Mon, 23 Feb 2015 11:29:20 +0800 | ||
6 | Subject: Cleanup conditional section error handling | ||
7 | |||
8 | For https://bugzilla.gnome.org/show_bug.cgi?id=744980 | ||
9 | |||
10 | The error handling of Conditional Section also need to be | ||
11 | straightened as the structure of the document can't be | ||
12 | guessed on a failure there and it's better to stop parsing | ||
13 | as further errors are likely to be irrelevant. | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | https://git.gnome.org/browse/libxml2/patch/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 | ||
17 | |||
18 | [YOCTO #8641] | ||
19 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
20 | |||
21 | --- | ||
22 | parser.c | 6 ++++++ | ||
23 | 1 file changed, 6 insertions(+) | ||
24 | |||
25 | Index: libxml2-2.9.2/parser.c | ||
26 | =================================================================== | ||
27 | --- libxml2-2.9.2.orig/parser.c | ||
28 | +++ libxml2-2.9.2/parser.c | ||
29 | @@ -6783,6 +6783,8 @@ xmlParseConditionalSections(xmlParserCtx | ||
30 | SKIP_BLANKS; | ||
31 | if (RAW != '[') { | ||
32 | xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); | ||
33 | + xmlStopParser(ctxt); | ||
34 | + return; | ||
35 | } else { | ||
36 | if (ctxt->input->id != id) { | ||
37 | xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, | ||
38 | @@ -6843,6 +6845,8 @@ xmlParseConditionalSections(xmlParserCtx | ||
39 | SKIP_BLANKS; | ||
40 | if (RAW != '[') { | ||
41 | xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); | ||
42 | + xmlStopParser(ctxt); | ||
43 | + return; | ||
44 | } else { | ||
45 | if (ctxt->input->id != id) { | ||
46 | xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, | ||
47 | @@ -6898,6 +6902,8 @@ xmlParseConditionalSections(xmlParserCtx | ||
48 | |||
49 | } else { | ||
50 | xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL); | ||
51 | + xmlStopParser(ctxt); | ||
52 | + return; | ||
53 | } | ||
54 | |||
55 | if (RAW == 0) | ||
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch deleted file mode 100644 index d175f7453c..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | libxml2: CVE-2015-8035 | ||
2 | |||
3 | From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 | ||
4 | From: Daniel Veillard <veillard@redhat.com> | ||
5 | Date: Tue, 3 Nov 2015 15:31:25 +0800 | ||
6 | Subject: CVE-2015-8035 Fix XZ compression support loop | ||
7 | |||
8 | For https://bugzilla.gnome.org/show_bug.cgi?id=757466 | ||
9 | DoS when parsing specially crafted XML document if XZ support | ||
10 | is compiled in (which wasn't the case for 2.9.2 and master since | ||
11 | Nov 2013, fixed in next commit !) | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | https://git.gnome.org/browse/libxml2/patch/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 | ||
15 | |||
16 | [YOCTO #8641] | ||
17 | |||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | --- | ||
21 | xzlib.c | 4 ++++ | ||
22 | 1 file changed, 4 insertions(+) | ||
23 | |||
24 | diff --git a/xzlib.c b/xzlib.c | ||
25 | index 0dcb9f4..1fab546 100644 | ||
26 | --- a/xzlib.c | ||
27 | +++ b/xzlib.c | ||
28 | @@ -581,6 +581,10 @@ xz_decomp(xz_statep state) | ||
29 | xz_error(state, LZMA_DATA_ERROR, "compressed data error"); | ||
30 | return -1; | ||
31 | } | ||
32 | + if (ret == LZMA_PROG_ERROR) { | ||
33 | + xz_error(state, LZMA_PROG_ERROR, "compression error"); | ||
34 | + return -1; | ||
35 | + } | ||
36 | } while (strm->avail_out && ret != LZMA_STREAM_END); | ||
37 | |||
38 | /* update available output and crc check value */ | ||
39 | -- | ||
40 | cgit v0.11.2 | ||
41 | |||
diff --git a/meta/recipes-core/libxml/libxml2/ansidecl.patch b/meta/recipes-core/libxml/libxml2/ansidecl.patch index 2452d780d5..1085c680b6 100644 --- a/meta/recipes-core/libxml/libxml2/ansidecl.patch +++ b/meta/recipes-core/libxml/libxml2/ansidecl.patch | |||
@@ -9,17 +9,17 @@ RP 2012/7/10 | |||
9 | 9 | ||
10 | Upstream-Status: Inappropriate [its really a cmake bug] | 10 | Upstream-Status: Inappropriate [its really a cmake bug] |
11 | 11 | ||
12 | Index: libxml2-2.8.0/include/libxml/xmlversion.h.in | 12 | diff --git a/configure.ac b/configure.ac |
13 | =================================================================== | 13 | index 0260281..fdb58e9 100644 |
14 | --- libxml2-2.8.0.orig/include/libxml/xmlversion.h.in 2012-07-10 11:51:52.460750573 +0000 | 14 | --- a/configure.ac |
15 | +++ libxml2-2.8.0/include/libxml/xmlversion.h.in 2012-07-10 11:52:41.436749397 +0000 | 15 | +++ b/configure.ac |
16 | @@ -401,9 +401,6 @@ | 16 | @@ -484 +483,0 @@ AC_CHECK_HEADERS([time.h]) |
17 | #endif | 17 | -AC_CHECK_HEADERS([ansidecl.h]) |
18 | 18 | diff --git a/include/libxml/xmlversion.h.in b/include/libxml/xmlversion.h.in | |
19 | #ifdef __GNUC__ | 19 | index b173be9..d10f975 100644 |
20 | --- a/include/libxml/xmlversion.h.in | ||
21 | +++ b/include/libxml/xmlversion.h.in | ||
22 | @@ -413,3 +412,0 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); | ||
20 | -#ifdef HAVE_ANSIDECL_H | 23 | -#ifdef HAVE_ANSIDECL_H |
21 | -#include <ansidecl.h> | 24 | -#include <ansidecl.h> |
22 | -#endif | 25 | -#endif |
23 | |||
24 | /** | ||
25 | * ATTRIBUTE_UNUSED: | ||
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch deleted file mode 100644 index 1c05ae649e..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | From: Daniel Veillard <veillard@redhat.com> | ||
2 | Date: Tue, 22 Apr 2014 15:30:56 +0800 | ||
3 | Subject: Do not fetch external parameter entities | ||
4 | |||
5 | Unless explicitely asked for when validating or replacing entities | ||
6 | with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com> | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | Reference: https://access.redhat.com/security/cve/CVE-2014-0191 | ||
10 | |||
11 | Signed-off-by: Daniel Veillard <veillard@redhat.com> | ||
12 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
13 | --- | ||
14 | diff -Naur libxml2-2.9.1-orig/parser.c libxml2-2.9.1/parser.c | ||
15 | --- libxml2-2.9.1-orig/parser.c 2013-04-16 15:39:18.000000000 +0200 | ||
16 | +++ libxml2-2.9.1/parser.c 2014-05-07 13:35:46.883687946 +0200 | ||
17 | @@ -2595,6 +2595,20 @@ | ||
18 | xmlCharEncoding enc; | ||
19 | |||
20 | /* | ||
21 | + * Note: external parsed entities will not be loaded, it is | ||
22 | + * not required for a non-validating parser, unless the | ||
23 | + * option of validating, or substituting entities were | ||
24 | + * given. Doing so is far more secure as the parser will | ||
25 | + * only process data coming from the document entity by | ||
26 | + * default. | ||
27 | + */ | ||
28 | + if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && | ||
29 | + ((ctxt->options & XML_PARSE_NOENT) == 0) && | ||
30 | + ((ctxt->options & XML_PARSE_DTDVALID) == 0) && | ||
31 | + (ctxt->validate == 0)) | ||
32 | + return; | ||
33 | + | ||
34 | + /* | ||
35 | * handle the extra spaces added before and after | ||
36 | * c.f. http://www.w3.org/TR/REC-xml#as-PE | ||
37 | * this is done independently. | ||