diff options
-rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2019-18197.patch | 33 | ||||
-rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.33.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch new file mode 100644 index 0000000000..5f2b620396 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | libxslt: fix CVE-2019-18197 | ||
2 | |||
3 | Added after 1.1.33 release. | ||
4 | |||
5 | CVE: CVE-2019-18197 | ||
6 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git] | ||
7 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
8 | |||
9 | commit 2232473733b7313d67de8836ea3b29eec6e8e285 | ||
10 | Author: Nick Wellnhofer <wellnhofer@aevum.de> | ||
11 | Date: Sat Aug 17 16:51:53 2019 +0200 | ||
12 | |||
13 | Fix dangling pointer in xsltCopyText | ||
14 | |||
15 | xsltCopyText didn't reset ctxt->lasttext in some cases which could | ||
16 | lead to various memory errors in relation with CDATA sections in input | ||
17 | documents. | ||
18 | |||
19 | Found by OSS-Fuzz. | ||
20 | |||
21 | diff --git a/libxslt/transform.c b/libxslt/transform.c | ||
22 | index 95ebd07..d7ab0b6 100644 | ||
23 | --- a/libxslt/transform.c | ||
24 | +++ b/libxslt/transform.c | ||
25 | @@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, | ||
26 | if ((copy->content = xmlStrdup(cur->content)) == NULL) | ||
27 | return NULL; | ||
28 | } | ||
29 | + | ||
30 | + ctxt->lasttext = NULL; | ||
31 | } else { | ||
32 | /* | ||
33 | * normal processing. keep counters to extend the text node | ||
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb index abc00a09ea..9f268e7bb0 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.33.bb | |||
@@ -12,6 +12,7 @@ SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ | |||
12 | file://0001-Fix-security-framework-bypass.patch \ | 12 | file://0001-Fix-security-framework-bypass.patch \ |
13 | file://CVE-2019-13117.patch \ | 13 | file://CVE-2019-13117.patch \ |
14 | file://CVE-2019-13118.patch \ | 14 | file://CVE-2019-13118.patch \ |
15 | file://CVE-2019-18197.patch \ | ||
15 | " | 16 | " |
16 | 17 | ||
17 | SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" | 18 | SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" |