1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
new file mode 100644
index 0000000000..1252668577
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
+From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+Found by OSS-Fuzz.
+Fixes #510.
+CVE: CVE-2023-29469
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/dict.c b/dict.c
+index 86c3f6d7..d7fd1a06 100644
+--- a/dict.c
+++ b/dict.c
+@@ -451,7 +451,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+     unsigned long value = seed;
+ 
+-    if (name == NULL) return(0);
+    if ((name == NULL) || (namelen <= 0))
+        return(value);
+     value = *name;
+     value <<= 5;
+     if (namelen > 10) {
+-- 
+GitLab

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch new file mode 100644 index 0000000000..1252668577 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
	1	From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
	2	From: Nick Wellnhofer <wellnhofer@aevum.de>
	3	Date: Fri, 7 Apr 2023 11:49:27 +0200
	4	Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
	5	deterministic
	6
	7	When hashing empty strings which aren't null-terminated,
	8	xmlDictComputeFastKey could produce inconsistent results. This could
	9	lead to various logic or memory errors, including double frees.
	10
	11	For consistency the seed is also taken into account, but this shouldn't
	12	have an impact on security.
	13
	14	Found by OSS-Fuzz.
	15
	16	Fixes #510.
	17
	18	CVE: CVE-2023-29469
	19	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
	20
	21	Signed-off-by: Peter Marko <peter.marko@siemens.com>
	22	---
	23	dict.c \| 3 ++-
	24	1 file changed, 2 insertions(+), 1 deletion(-)
	25
	26	diff --git a/dict.c b/dict.c
	27	index 86c3f6d7..d7fd1a06 100644
	28	--- a/dict.c
	29	+++ b/dict.c
	30	@@ -451,7 +451,8 @@ static unsigned long
	31	xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
	32	unsigned long value = seed;
	33
	34	- if (name == NULL) return(0);
	35	+ if ((name == NULL) \|\| (namelen <= 0))
	36	+ return(value);
	37	value = *name;
	38	value <<= 5;
	39	if (namelen > 10) {
	40	--
	41	GitLab
	42