2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
new file mode 100644
index 0000000000..0108265855
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,40 @@
+libxml2: Fix CVE-2017-0663
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
+valid: Fix type confusion in xmlValidateOneNamespace
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
+on namespace declarations make no practical sense anyway.
+Fixes bug 780228
+Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
+CVE: CVE-2017-0663
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+diff --git a/valid.c b/valid.c
+index 19f84b8..e03d35e 100644
+--- a/valid.c
+++ b/valid.c
+@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+        }
+     }
+ 
+    /*
+     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
+     * xmlAddID and xmlAddRef for namespace declarations, but it makes
+     * no practical sense to use ID types anyway.
+     */
+#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+            ret = 0;
+     }
+#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 5776f0f8d3..3b081dd2fe 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
           file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
           file://libxml2-CVE-2017-5969.patch \
+           file://libxml2-CVE-2017-0663.patch \
           file://CVE-2016-9318.patch \
          "

diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch new file mode 100644 index 0000000000..0108265855 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,40 @@
		1	libxml2: Fix CVE-2017-0663
		2
		3	[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
		4
		5	valid: Fix type confusion in xmlValidateOneNamespace
		6
		7	Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
		8	on namespace declarations make no practical sense anyway.
		9
		10	Fixes bug 780228
		11
		12	Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
		13	CVE: CVE-2017-0663
		14	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
		15
		16	diff --git a/valid.c b/valid.c
		17	index 19f84b8..e03d35e 100644
		18	--- a/valid.c
		19	+++ b/valid.c
		20	@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar prefix, xmlNsPtr ns, const xmlChar value) {
		21	}
		22	}
		23
		24	+ /*
		25	+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
		26	+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
		27	+ * no practical sense to use ID types anyway.
		28	+ */
		29	+#if 0
		30	/* Validity Constraint: ID uniqueness */
		31	if (attrDecl->atype == XML_ATTRIBUTE_ID) {
		32	if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
		33	@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar prefix, xmlNsPtr ns, const xmlChar value) {
		34	if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
		35	ret = 0;
		36	}
		37	+#endif
		38
		39	/* Validity Constraint: Notation Attributes */
		40	if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {


diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 5776f0f8d3..3b081dd2fe 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
27	file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \	27	file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
28	file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \	28	file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
29	file://libxml2-CVE-2017-5969.patch \	29	file://libxml2-CVE-2017-5969.patch \
		30	file://libxml2-CVE-2017-0663.patch \
30	file://CVE-2016-9318.patch \	31	file://CVE-2016-9318.patch \
31	"	32	"
32		33