1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
new file mode 100644
index 0000000000..89a46ad173
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
@@ -0,0 +1,40 @@
+From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
+From: Hugh Davenport <hugh@allthethings.co.nz>
+Date: Tue, 3 Nov 2015 20:40:49 +0800
+Subject: [PATCH] Avoid extra processing of MarkupDecl when EOF
+For https://bugzilla.gnome.org/show_bug.cgi?id=756263
+One place where ctxt->instate == XML_PARSER_EOF whic was set up
+by entity detection issues doesn't get noticed, and even overrided
+Upstream-status: Backport
+https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
+CVE: CVE-2015-8241
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ parser.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+Index: libxml2-2.9.2/parser.c
+===================================================================
+--- libxml2-2.9.2.orig/parser.c
+++ libxml2-2.9.2/parser.c
+@@ -6999,6 +6999,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt
+            xmlParsePI(ctxt);
+        }
+     }
+
+    /*
+     * detect requirement to exit there and act accordingly
+     * and avoid having instate overriden later on
+     */
+    if (ctxt->instate == XML_PARSER_EOF)
+        return;
+
+     /*
+      * This is only for internal subset. On external entities,
+      * the replacement is done before parsing stage

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch new file mode 100644 index 0000000000..89a46ad173 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
@@ -0,0 +1,40 @@
	1	From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
	2	From: Hugh Davenport <hugh@allthethings.co.nz>
	3	Date: Tue, 3 Nov 2015 20:40:49 +0800
	4	Subject: [PATCH] Avoid extra processing of MarkupDecl when EOF
	5
	6	For https://bugzilla.gnome.org/show_bug.cgi?id=756263
	7
	8	One place where ctxt->instate == XML_PARSER_EOF whic was set up
	9	by entity detection issues doesn't get noticed, and even overrided
	10
	11	Upstream-status: Backport
	12
	13	https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
	14
	15	CVE: CVE-2015-8241
	16	Signed-off-by: Armin Kuster <akuster@mvista.com>
	17
	18	---
	19	parser.c \| 8 ++++++++
	20	1 file changed, 8 insertions(+)
	21
	22	Index: libxml2-2.9.2/parser.c
	23	===================================================================
	24	--- libxml2-2.9.2.orig/parser.c
	25	+++ libxml2-2.9.2/parser.c
	26	@@ -6999,6 +6999,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt
	27	xmlParsePI(ctxt);
	28	}
	29	}
	30	+
	31	+ /*
	32	+ * detect requirement to exit there and act accordingly
	33	+ * and avoid having instate overriden later on
	34	+ */
	35	+ if (ctxt->instate == XML_PARSER_EOF)
	36	+ return;
	37	+
	38	/*
	39	* This is only for internal subset. On external entities,
	40	* the replacement is done before parsing stage