summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2017-06-14 15:07:56 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-23 11:44:13 +0100
commit80aac29b3845cd5e415fe4a30eb7daad10764e90 (patch)
treee4a2ff91a6b9930b0367b80f410af7d97ad5058a /meta/recipes-core
parente1a7eb810f9648fa4aed4a4df2ea1d646fbb3c62 (diff)
downloadpoky-80aac29b3845cd5e415fe4a30eb7daad10764e90.tar.gz
libxml2: Fix CVE-2017-0663
Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch40
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
new file mode 100644
index 0000000000..0108265855
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,40 @@
1libxml2: Fix CVE-2017-0663
2
3[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
4
5valid: Fix type confusion in xmlValidateOneNamespace
6
7Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
8on namespace declarations make no practical sense anyway.
9
10Fixes bug 780228
11
12Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
13CVE: CVE-2017-0663
14Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
15
16diff --git a/valid.c b/valid.c
17index 19f84b8..e03d35e 100644
18--- a/valid.c
19+++ b/valid.c
20@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
21 }
22 }
23
24+ /*
25+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
26+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
27+ * no practical sense to use ID types anyway.
28+ */
29+#if 0
30 /* Validity Constraint: ID uniqueness */
31 if (attrDecl->atype == XML_ATTRIBUTE_ID) {
32 if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
33@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
34 if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
35 ret = 0;
36 }
37+#endif
38
39 /* Validity Constraint: Notation Attributes */
40 if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 2996809e4a..677d8c9bb5 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
27 file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ 27 file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
28 file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ 28 file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
29 file://libxml2-CVE-2017-5969.patch \ 29 file://libxml2-CVE-2017-5969.patch \
30 file://libxml2-CVE-2017-0663.patch \
30 file://CVE-2016-9318.patch \ 31 file://CVE-2016-9318.patch \
31 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ 32 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
32 " 33 "