diff options
author | Joe Slater <joe.slater@windriver.com> | 2019-11-06 10:45:54 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-11-18 14:42:13 +0000 |
commit | 58e85c53951077424e4215cea7f1443315477078 (patch) | |
tree | 34e07144aaaa29320cb7f91623c05ccf5e36dec6 /meta/recipes-support | |
parent | 3b86def5ed2a07d765ce7530afd4b8d7af7cba15 (diff) | |
download | poky-58e85c53951077424e4215cea7f1443315477078.tar.gz |
libxslt: fix CVE-2019-18197
Use patch from upstream after 1.1.33 release.
(From OE-Core rev: aa88f0f3b7f70ddc88f187c91860505b256aeda3)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2019-18197.patch | 33 | ||||
-rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.33.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch new file mode 100644 index 0000000000..5f2b620396 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | libxslt: fix CVE-2019-18197 | ||
2 | |||
3 | Added after 1.1.33 release. | ||
4 | |||
5 | CVE: CVE-2019-18197 | ||
6 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git] | ||
7 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
8 | |||
9 | commit 2232473733b7313d67de8836ea3b29eec6e8e285 | ||
10 | Author: Nick Wellnhofer <wellnhofer@aevum.de> | ||
11 | Date: Sat Aug 17 16:51:53 2019 +0200 | ||
12 | |||
13 | Fix dangling pointer in xsltCopyText | ||
14 | |||
15 | xsltCopyText didn't reset ctxt->lasttext in some cases which could | ||
16 | lead to various memory errors in relation with CDATA sections in input | ||
17 | documents. | ||
18 | |||
19 | Found by OSS-Fuzz. | ||
20 | |||
21 | diff --git a/libxslt/transform.c b/libxslt/transform.c | ||
22 | index 95ebd07..d7ab0b6 100644 | ||
23 | --- a/libxslt/transform.c | ||
24 | +++ b/libxslt/transform.c | ||
25 | @@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, | ||
26 | if ((copy->content = xmlStrdup(cur->content)) == NULL) | ||
27 | return NULL; | ||
28 | } | ||
29 | + | ||
30 | + ctxt->lasttext = NULL; | ||
31 | } else { | ||
32 | /* | ||
33 | * normal processing. keep counters to extend the text node | ||
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb index 92d3099fd8..f93c2537ad 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.33.bb | |||
@@ -12,6 +12,7 @@ SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ | |||
12 | file://0001-Fix-security-framework-bypass.patch \ | 12 | file://0001-Fix-security-framework-bypass.patch \ |
13 | file://CVE-2019-13117.patch \ | 13 | file://CVE-2019-13117.patch \ |
14 | file://CVE-2019-13118.patch \ | 14 | file://CVE-2019-13118.patch \ |
15 | file://CVE-2019-18197.patch \ | ||
15 | " | 16 | " |
16 | 17 | ||
17 | SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" | 18 | SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" |