libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2016-12-12 14:20:20 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-12-16 10:23:23 +0000
commit: aa346581fd60d3e4ee2ce6d899594c238ebf0560 (patch)
tree: 1c95cb29251b44dcc5904c938100772088138b03 /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent: c7f90071327a5a9026de547bbd881d6d608dcc0b (diff)
download: poky-aa346581fd60d3e4ee2ce6d899594c238ebf0560.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 66a89400e5..a1d1e9e12d 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -21,6 +21,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml-m4-use-pkgconfig.patch \
           file://libxml2-fix_node_comparison.patch \
           file://libxml2-CVE-2016-5131.patch \
+           file://libxml2-CVE-2016-4658.patch \
          "
 SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
author	Andrej Valek <andrej.valek@siemens.com>	2016-12-12 14:20:20 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-12-16 10:23:23 +0000
commit	aa346581fd60d3e4ee2ce6d899594c238ebf0560 (patch)
tree	1c95cb29251b44dcc5904c938100772088138b03 /meta/recipes-core/libxml/libxml2_2.9.4.bb
parent	c7f90071327a5a9026de547bbd881d6d608dcc0b (diff)
download	poky-aa346581fd60d3e4ee2ce6d899594c238ebf0560.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 66a89400e5..a1d1e9e12d 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -21,6 +21,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
21	file://libxml-m4-use-pkgconfig.patch \	21	file://libxml-m4-use-pkgconfig.patch \
22	file://libxml2-fix_node_comparison.patch \	22	file://libxml2-fix_node_comparison.patch \
23	file://libxml2-CVE-2016-5131.patch \	23	file://libxml2-CVE-2016-5131.patch \
		24	file://libxml2-CVE-2016-4658.patch \
24	"	25	"
25		26
26	SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"	27	SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"