summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2_2.9.10.bb
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: Fix CVE-2021-3541Tony Tascioglu2021-05-301-0/+1
| | | | | | | | | | | | | | | | Upstream commit: This is related to parameter entities expansion and following the line of the billion laugh attack. Somehow in that path the counting of parameters was missed and the normal algorithm based on entities "density" was useless. CVE: CVE-2021-3541 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e] (From OE-Core rev: e1e04de65e24d1596d800d7f8e85f98bb7f72632) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2021-3518Tony Tascioglu2021-05-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes CVE-2021-3518. The fix for the CVE is the following 3 lines in 1098c30a: - (cur->children->type != XML_ENTITY_DECL) && - (cur->children->type != XML_XINCLUDE_START) && - (cur->children->type != XML_XINCLUDE_END)) { + ((cur->type == XML_DOCUMENT_NODE) || + (cur->type == XML_ELEMENT_NODE))) { This relies on an updated version of xinclude.c from upstream which also adds several new tests. Those changes are brought in first so that the CVE patch can be applied cleanly. The first patch updates xinclude.c and adds the new tests from upstream, and the second applies the fix for the CVE. CVE: CVE-2021-3518 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7] (From OE-Core rev: 6c59d33ee158129d5c0cca3cce65824f9bc4e7e3) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2021-3537Tony Tascioglu2021-05-221-0/+1
| | | | | | | | | | | | | | | Parsing specially crafted Mixed Content while parsing XML data may lead to invalid data structure being created, as errors were not propagated. This could lead to several NULL Pointer Dereference when post-validating documents parsed in recovery mode. CVE: CVE-2021-3537 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61] (From OE-Core rev: 6d69f7453f78dcb19f472dcea183e859648c5243) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2021-3516Tony Tascioglu2021-05-221-0/+1
| | | | | | | | | | | | Fixes use-after-free in xmlEncodeEntitiesInternal() in entities.c CVE: CVE-2021-3516 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539] (From OE-Core rev: 490cddd7baf1aacb814128b611aabf82fda3e77b) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2021-3517Tony Tascioglu2021-05-221-0/+1
| | | | | | | | | | | | Fixes heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c CVE: CVE-2021-3517 Upstream-status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2] (From OE-Core rev: 16ad173ba0e8f88b23c62aa8357b8afca36c2161) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: add a patch to fix python 3.9 supportAlexander Kanavin2020-10-301-0/+1
| | | | | | | (From OE-Core rev: 0d0acc5fefc96ee0f0a856f7fa34caf92e03138f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2020-24977Ovidiu Panait2020-09-101-0/+1
| | | | | | | | | | | | | | | | | GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 (From OE-Core rev: 92dc02b8f03f3586de0a2ec1463b189a3918e303) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Don't inherit 'features_check' in recipes that don't utilize itJacob Kroon2020-06-121-1/+1
| | | | | | | (From OE-Core rev: e5591eb5165b1b7287a12928e2b179ae2b5ce5d6) Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2019-20388Lee Chee Yang2020-02-151-0/+1
| | | | | | | | | | see: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 (From OE-Core rev: 12a5eb0ea6f530ad7be2e58d4091b4edadbf461b) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2020-7595Anuj Mittal2020-02-051-0/+1
| | | | | | | (From OE-Core rev: f2f7aa9a495774fe5a2e3947584cb3503bd1eaf1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: update to 2.9.10Alexander Kanavin2019-12-161-0/+110
(From OE-Core rev: de72e0440bc36fab09a7e3c13d3967c97dcda66b) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-19 05:29:09 +0000