From bc872bd77923210831de67cfdc50e753bfa9f1e5 Mon Sep 17 00:00:00 2001
From: Tony Tascioglu <tony.tascioglu@windriver.com>
Date: Thu, 20 May 2021 17:45:42 -0400
Subject: libxml2: Fix CVE-2021-3541

Upstream commit:
This is related to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.

CVE: CVE-2021-3541
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]

(From OE-Core rev: e1e04de65e24d1596d800d7f8e85f98bb7f72632)

Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/libxml/libxml2_2.9.10.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/libxml/libxml2_2.9.10.bb')

diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index a9bff74b55..ce4f9a3340 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -29,6 +29,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://CVE-2021-3518-0001.patch \
            file://CVE-2021-3518-0002.patch \
            file://CVE-2021-3537.patch \
+           file://CVE-2021-3541.patch \
            "
 
 SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
-- 
cgit v1.2.3-54-g00ecf