summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
authorJoe Slater <joe.slater@windriver.com>2019-11-06 10:45:54 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-11-13 22:02:15 +0000
commit5c73cd2707734fd48c28e0ed0e6ef88ffdc416a5 (patch)
tree6428478f81b63e7affa666bb177e4ff2a585cee6 /meta/recipes-support
parent6c5b31e7a686de2001ef3c883dd9cf983287ebfb (diff)
downloadpoky-5c73cd2707734fd48c28e0ed0e6ef88ffdc416a5.tar.gz
libxslt: fix CVE-2019-18197
Use patch from upstream after 1.1.33 release. (From OE-Core rev: 27969c5987d974ff10e5d0f00415b8a8576143e0) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/libxslt/files/CVE-2019-18197.patch33
-rw-r--r--meta/recipes-support/libxslt/libxslt_1.1.33.bb1
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch
new file mode 100644
index 0000000000..5f2b620396
--- /dev/null
+++ b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch
@@ -0,0 +1,33 @@
1libxslt: fix CVE-2019-18197
2
3Added after 1.1.33 release.
4
5CVE: CVE-2019-18197
6Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git]
7Signed-off-by: Joe Slater <joe.slater@windriver.com>
8
9commit 2232473733b7313d67de8836ea3b29eec6e8e285
10Author: Nick Wellnhofer <wellnhofer@aevum.de>
11Date: Sat Aug 17 16:51:53 2019 +0200
12
13 Fix dangling pointer in xsltCopyText
14
15 xsltCopyText didn't reset ctxt->lasttext in some cases which could
16 lead to various memory errors in relation with CDATA sections in input
17 documents.
18
19 Found by OSS-Fuzz.
20
21diff --git a/libxslt/transform.c b/libxslt/transform.c
22index 95ebd07..d7ab0b6 100644
23--- a/libxslt/transform.c
24+++ b/libxslt/transform.c
25@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
26 if ((copy->content = xmlStrdup(cur->content)) == NULL)
27 return NULL;
28 }
29+
30+ ctxt->lasttext = NULL;
31 } else {
32 /*
33 * normal processing. keep counters to extend the text node
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb
index abc00a09ea..9f268e7bb0 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.33.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
12 file://0001-Fix-security-framework-bypass.patch \ 12 file://0001-Fix-security-framework-bypass.patch \
13 file://CVE-2019-13117.patch \ 13 file://CVE-2019-13117.patch \
14 file://CVE-2019-13118.patch \ 14 file://CVE-2019-13118.patch \
15 file://CVE-2019-18197.patch \
15" 16"
16 17
17SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" 18SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f"