libxml2: security fix CVE-2015-7941

includes: CVE-2015-7941-1 CVE-2015-7941-2 (From OE-Core rev: e06312c71209b2e1d19c7df1434e409ad96b58be) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2015-12-05 10:52:42 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-20 17:08:28 +0000
commit: 9d44210c74d3bd34d1dce59b59744ddf7e73b7b2 (patch)
tree: 00ba5a0be67359b38d50914ec43f28d599511eb0 /meta/recipes-core/libxml
parent: d3ad918a712769e6e3ead7ad590f6a9fdac0c3dc (diff)
download: poky-9d44210c74d3bd34d1dce59b59744ddf7e73b7b2.tar.gz
3 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 9d1d2bd257..9ebb8bbeab 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,6 +23,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml-m4-use-pkgconfig.patch \
           file://configure.ac-fix-cross-compiling-warning.patch \
           file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
+           file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
+           file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
          "
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
new file mode 100644
index 0000000000..11da9f9bd9
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
@@ -0,0 +1,39 @@
+From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:17:35 +0800
+Subject: [PATCH] Stop parsing on entities boundaries errors
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+There are times, like on unterminated entities that it's preferable to
+stop parsing, even if that means less error reporting. Entities are
+feeding the parser on further processing, and if they are ill defined
+then it's possible to get the parser to bug. Also do the same on
+Conditional Sections if the input is broken, as the structure of
+the document can't be guessed.
+Upstream-Status: Backport
+CVE-2015-7941-1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/parser.c b/parser.c
+index a8d1b67..bbe97eb 100644
+--- a/parser.c
+++ b/parser.c
+@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
+        if (RAW != '>') {
+            xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+                    "xmlParseEntityDecl: entity %s not terminated\n", name);
+           xmlStopParser(ctxt);
+        } else {
+            if (input != ctxt->input) {
+                xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+-- 
+2.3.5
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
new file mode 100644
index 0000000000..b7bd960531
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
@@ -0,0 +1,56 @@
+From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: [PATCH] Cleanup conditional section error handling
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+Upstream-Status: Backport
+CVE-2015-7941-2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/parser.c b/parser.c
+index bbe97eb..fe603ac 100644
+--- a/parser.c
+++ b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+        SKIP_BLANKS;
+        if (RAW != '[') {
+            xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+           xmlStopParser(ctxt);
+           return;
+        } else {
+            if (ctxt->input->id != id) {
+                xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+        SKIP_BLANKS;
+        if (RAW != '[') {
+            xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
+           xmlStopParser(ctxt);
+           return;
+        } else {
+            if (ctxt->input->id != id) {
+                xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 
+     } else {
+        xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
+       xmlStopParser(ctxt);
+       return;
+     }
+ 
+     if (RAW == 0)
+-- 
+2.3.5
author	Armin Kuster <akuster@mvista.com>	2015-12-05 10:52:42 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +0000
commit	9d44210c74d3bd34d1dce59b59744ddf7e73b7b2 (patch)
tree	00ba5a0be67359b38d50914ec43f28d599511eb0 /meta/recipes-core/libxml
parent	d3ad918a712769e6e3ead7ad590f6a9fdac0c3dc (diff)
download	poky-9d44210c74d3bd34d1dce59b59744ddf7e73b7b2.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 9d1d2bd257..9ebb8bbeab 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,6 +23,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23	file://libxml-m4-use-pkgconfig.patch \	23	file://libxml-m4-use-pkgconfig.patch \
24	file://configure.ac-fix-cross-compiling-warning.patch \	24	file://configure.ac-fix-cross-compiling-warning.patch \
25	file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \	25	file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
		26	file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
		27	file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
26	"	28	"
27		29
28	BINCONFIG = "${bindir}/xml2-config"	30	BINCONFIG = "${bindir}/xml2-config"


diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch new file mode 100644 index 0000000000..11da9f9bd9 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
@@ -0,0 +1,39 @@
		1	From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
		2	From: Daniel Veillard <veillard@redhat.com>
		3	Date: Mon, 23 Feb 2015 11:17:35 +0800
		4	Subject: [PATCH] Stop parsing on entities boundaries errors
		5
		6	For https://bugzilla.gnome.org/show_bug.cgi?id=744980
		7
		8	There are times, like on unterminated entities that it's preferable to
		9	stop parsing, even if that means less error reporting. Entities are
		10	feeding the parser on further processing, and if they are ill defined
		11	then it's possible to get the parser to bug. Also do the same on
		12	Conditional Sections if the input is broken, as the structure of
		13	the document can't be guessed.
		14
		15	Upstream-Status: Backport
		16
		17	CVE-2015-7941-1
		18
		19	Signed-off-by: Armin Kuster <akuster@mvista.com>
		20
		21	---
		22	parser.c \| 1 +
		23	1 file changed, 1 insertion(+)
		24
		25	diff --git a/parser.c b/parser.c
		26	index a8d1b67..bbe97eb 100644
		27	--- a/parser.c
		28	+++ b/parser.c
		29	@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
		30	if (RAW != '>') {
		31	xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
		32	"xmlParseEntityDecl: entity %s not terminated\n", name);
		33	+ xmlStopParser(ctxt);
		34	} else {
		35	if (input != ctxt->input) {
		36	xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
		37	--
		38	2.3.5
		39


diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch new file mode 100644 index 0000000000..b7bd960531 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
@@ -0,0 +1,56 @@
		1	From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
		2	From: Daniel Veillard <veillard@redhat.com>
		3	Date: Mon, 23 Feb 2015 11:29:20 +0800
		4	Subject: [PATCH] Cleanup conditional section error handling
		5
		6	For https://bugzilla.gnome.org/show_bug.cgi?id=744980
		7
		8	The error handling of Conditional Section also need to be
		9	straightened as the structure of the document can't be
		10	guessed on a failure there and it's better to stop parsing
		11	as further errors are likely to be irrelevant.
		12
		13	Upstream-Status: Backport
		14
		15	CVE-2015-7941-2
		16
		17	Signed-off-by: Armin Kuster <akuster@mvista.com>
		18
		19	---
		20	parser.c \| 6 ++++++
		21	1 file changed, 6 insertions(+)
		22
		23	diff --git a/parser.c b/parser.c
		24	index bbe97eb..fe603ac 100644
		25	--- a/parser.c
		26	+++ b/parser.c
		27	@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
		28	SKIP_BLANKS;
		29	if (RAW != '[') {
		30	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
		31	+ xmlStopParser(ctxt);
		32	+ return;
		33	} else {
		34	if (ctxt->input->id != id) {
		35	xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
		36	@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
		37	SKIP_BLANKS;
		38	if (RAW != '[') {
		39	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
		40	+ xmlStopParser(ctxt);
		41	+ return;
		42	} else {
		43	if (ctxt->input->id != id) {
		44	xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
		45	@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
		46
		47	} else {
		48	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
		49	+ xmlStopParser(ctxt);
		50	+ return;
		51	}
		52
		53	if (RAW == 0)
		54	--
		55	2.3.5
		56