summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-02-24 09:07:43 +0100
committerTudor Florea <tudor.florea@enea.com>2016-02-25 01:44:12 +0100
commit04f8b06b024193eb1473458b92dac16809c29e08 (patch)
tree054398fe723d7debb06ff347a0e80ad79e18d54d /meta
parent0abe94ddc51e964eec027d22637381f274f8b133 (diff)
downloadpoky-04f8b06b024193eb1473458b92dac16809c29e08.tar.gz
libxml2: CVE-2015-8242
Fixes buffer overread with HTML parser in push mode in xmlSAX2TextNode [NEEDINFO]. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch49
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 2dc4d575f6..87aa21e2d3 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
27 file://CVE-2015-8035.patch \ 27 file://CVE-2015-8035.patch \
28 file://CVE-2015-8241.patch \ 28 file://CVE-2015-8241.patch \
29 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ 29 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
30 file://CVE-2015-8242-Buffer-overead-with-HTML-parser.patch \
30 " 31 "
31 32
32BINCONFIG = "${bindir}/xml2-config" 33BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
new file mode 100644
index 0000000000..73531b3c1d
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
@@ -0,0 +1,49 @@
1From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
2From: Hugh Davenport <hugh@allthethings.co.nz>
3Date: Fri, 20 Nov 2015 17:16:06 +0800
4Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=756372
7Error in the code pointing to the codepoint in the stack for the
8current char value instead of the pointer in the input that the SAX
9callback expects
10Reported and fixed by Hugh Davenport
11
12Upstream-Status: Backport
13
14CVE-2015-8242
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 HTMLparser.c | 6 +++---
20 1 file changed, 3 insertions(+), 3 deletions(-)
21
22diff --git a/HTMLparser.c b/HTMLparser.c
23index bdf7807..b729197 100644
24--- a/HTMLparser.c
25+++ b/HTMLparser.c
26@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
27 if (ctxt->keepBlanks) {
28 if (ctxt->sax->characters != NULL)
29 ctxt->sax->characters(
30- ctxt->userData, &cur, 1);
31+ ctxt->userData, &in->cur[0], 1);
32 } else {
33 if (ctxt->sax->ignorableWhitespace != NULL)
34 ctxt->sax->ignorableWhitespace(
35- ctxt->userData, &cur, 1);
36+ ctxt->userData, &in->cur[0], 1);
37 }
38 } else {
39 htmlCheckParagraph(ctxt);
40 if (ctxt->sax->characters != NULL)
41 ctxt->sax->characters(
42- ctxt->userData, &cur, 1);
43+ ctxt->userData, &in->cur[0], 1);
44 }
45 }
46 ctxt->token = 0;
47--
482.3.5
49