libxml2: remove patch for CVE-2012-2871

This CVE patch is actually against Chromium as they ship an internal fork of libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and we're shipping 1.1.28. (From OE-Core rev: e6c60252ab4ba6842f63c6b8a519a85f2ff238fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2013-09-17 10:22:17 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-09-17 14:35:17 +0100
commit: 06078af4cabefcd3a861821bd2f72b524a99c114 (patch)
tree: f8c6c0e6386be79e367ed4797abfe0ca227db82c /meta/recipes-core/libxml
parent: 1bf8d83d5a570e06e00b4ed47f268d522647e6ed (diff)
download: poky-06078af4cabefcd3a861821bd2f72b524a99c114.tar.gz
2 files changed, 1 insertions, 37 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch
deleted file mode 100644
index 3c66a9ca5e..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-libxml2 CVE-2012-2871
-the patch come from:
-http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
-/include/libxml/tree.h?r1=56276&r2=149930
-libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
-does not properly support a cast of an unspecified variable during handling
-of XSL transforms, which allows remote attackers to cause a denial of service
-or possibly have unknown other impact via a crafted document, related to the
-_xmlNs data structure in include/libxml/tree.h.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
-Signed-off-by: Li Wang <li.wang@windriver.com>
---
- include/libxml/tree.h |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-diff --git a/include/libxml/tree.h b/include/libxml/tree.h
-index b733589..5422dda 100644
--- a/include/libxml/tree.h
-+++ b/include/libxml/tree.h
-@@ -351,6 +351,7 @@ struct _xmlNs {
-     struct _xmlNs  *next;      /* next Ns link for this node  */
-     xmlNsType      type;       /* global or local */
-     const xmlChar *href;       /* URL for the namespace */
-+    const char *dummy_children;        /* lines up with node->children */
-     const xmlChar *prefix;     /* prefix for the namespace */
-     void           *_private;   /* application data */
-     struct _xmlDoc *context;           /* normally an xmlDoc */
-- 
-1.7.0.5
diff --git a/meta/recipes-core/libxml/libxml2_2.9.1.bb b/meta/recipes-core/libxml/libxml2_2.9.1.bb
index fa9c65752d..0b6ac5d5c6 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.1.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.1.bb
@@ -1,8 +1,6 @@
 require libxml2.inc
-SRC_URI += "file://libxml2-CVE-2012-2871.patch \
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar"
-            http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
-           "
 SRC_URI[libtar.md5sum] = "9c0cfef285d5c4a5c80d00904ddab380"
 SRC_URI[libtar.sha256sum] = "fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb"
author	Ross Burton <ross.burton@intel.com>	2013-09-17 10:22:17 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-09-17 14:35:17 +0100
commit	06078af4cabefcd3a861821bd2f72b524a99c114 (patch)
tree	f8c6c0e6386be79e367ed4797abfe0ca227db82c /meta/recipes-core/libxml
parent	1bf8d83d5a570e06e00b4ed47f268d522647e6ed (diff)
download	poky-06078af4cabefcd3a861821bd2f72b524a99c114.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch deleted file mode 100644 index 3c66a9ca5e..0000000000 --- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch +++ /dev/null
@@ -1,34 +0,0 @@
1	libxml2 CVE-2012-2871
2
3	the patch come from:
4	http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
5	/include/libxml/tree.h?r1=56276&r2=149930
6
7	libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
8	does not properly support a cast of an unspecified variable during handling
9	of XSL transforms, which allows remote attackers to cause a denial of service
10	or possibly have unknown other impact via a crafted document, related to the
11	_xmlNs data structure in include/libxml/tree.h.
12
13	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
14
15	Signed-off-by: Li Wang <li.wang@windriver.com>
16	---
17	include/libxml/tree.h \| 1 +
18	1 files changed, 1 insertions(+), 0 deletions(-)
19
20	diff --git a/include/libxml/tree.h b/include/libxml/tree.h
21	index b733589..5422dda 100644
22	--- a/include/libxml/tree.h
23	+++ b/include/libxml/tree.h
24	@@ -351,6 +351,7 @@ struct _xmlNs {
25	struct _xmlNs next; / next Ns link for this node */
26	xmlNsType type; /* global or local */
27	const xmlChar href; / URL for the namespace */
28	+ const char dummy_children; / lines up with node->children */
29	const xmlChar prefix; / prefix for the namespace */
30	void _private; / application data */
31	struct _xmlDoc context; / normally an xmlDoc */
32	--
33	1.7.0.5
34


diff --git a/meta/recipes-core/libxml/libxml2_2.9.1.bb b/meta/recipes-core/libxml/libxml2_2.9.1.bb index fa9c65752d..0b6ac5d5c6 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.1.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.1.bb
@@ -1,8 +1,6 @@
1	require libxml2.inc	1	require libxml2.inc
2		2
3	SRC_URI += "file://libxml2-CVE-2012-2871.patch \	3	SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar"
4	http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
5	"
6		4
7	SRC_URI[libtar.md5sum] = "9c0cfef285d5c4a5c80d00904ddab380"	5	SRC_URI[libtar.md5sum] = "9c0cfef285d5c4a5c80d00904ddab380"
8	SRC_URI[libtar.sha256sum] = "fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb"	6	SRC_URI[libtar.sha256sum] = "fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb"