summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch62
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.4.bb1
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
new file mode 100644
index 0000000000..571b05c087
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
@@ -0,0 +1,62 @@
1libxml2-2.9.4: Fix CVE-2017-5969
2
3[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
4
5valid: Fix NULL pointer deref in xmlDumpElementContent
6
7Can only be triggered in recovery mode.
8
9Fixes bug 758422
10
11Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
12CVE: CVE-2017-5969
13Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
14
15diff --git a/valid.c b/valid.c
16index 19f84b8..0a8e58a 100644
17--- a/valid.c
18+++ b/valid.c
19@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
20 xmlBufferWriteCHAR(buf, content->name);
21 break;
22 case XML_ELEMENT_CONTENT_SEQ:
23- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
24- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
25+ if ((content->c1 != NULL) &&
26+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
27+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
28 xmlDumpElementContent(buf, content->c1, 1);
29 else
30 xmlDumpElementContent(buf, content->c1, 0);
31 xmlBufferWriteChar(buf, " , ");
32- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
33- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
34- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
35+ if ((content->c2 != NULL) &&
36+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
37+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
38+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
39 xmlDumpElementContent(buf, content->c2, 1);
40 else
41 xmlDumpElementContent(buf, content->c2, 0);
42 break;
43 case XML_ELEMENT_CONTENT_OR:
44- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
45- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
46+ if ((content->c1 != NULL) &&
47+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
48+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
49 xmlDumpElementContent(buf, content->c1, 1);
50 else
51 xmlDumpElementContent(buf, content->c1, 0);
52 xmlBufferWriteChar(buf, " | ");
53- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
54- ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
55- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
56+ if ((content->c2 != NULL) &&
57+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
58+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
59+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
60 xmlDumpElementContent(buf, content->c2, 1);
61 else
62 xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 3f78c2de63..2996809e4a 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
26 file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \ 26 file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
27 file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ 27 file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
28 file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ 28 file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
29 file://libxml2-CVE-2017-5969.patch \
29 file://CVE-2016-9318.patch \ 30 file://CVE-2016-9318.patch \
30 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ 31 file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
31 " 32 "