summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-12-05 18:59:55 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-20 17:08:29 (GMT)
commit436e2044451bf25bcac3d17e3dd85dc8ea99e7d0 (patch)
tree7e5d0a167c7603299a17ecc9f2aa541ecd6a7390
parent389549c0bbffa6a956e584fde60db5f0cab5cc1d (diff)
downloadpoky-436e2044451bf25bcac3d17e3dd85dc8ea99e7d0.tar.gz
libxml2: security fix CVE-2015-8242
(From OE-Core rev: acbd71fe7d0571b78bbecb7464d99823411a7b22) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch49
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index c0ed2d1..8127377 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -35,6 +35,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
35 file://CVE-2015-7499-2-Detect-incoherency-on-GROW.patch \ 35 file://CVE-2015-7499-2-Detect-incoherency-on-GROW.patch \
36 file://0001-Fix-a-bug-on-name-parsing-at-the-end-of-current-inpu.patch \ 36 file://0001-Fix-a-bug-on-name-parsing-at-the-end-of-current-inpu.patch \
37 file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \ 37 file://0001-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch \
38 file://0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch \
38 " 39 "
39 40
40BINCONFIG = "${bindir}/xml2-config" 41BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch
new file mode 100644
index 0000000..73531b3
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch
@@ -0,0 +1,49 @@
1From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
2From: Hugh Davenport <hugh@allthethings.co.nz>
3Date: Fri, 20 Nov 2015 17:16:06 +0800
4Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=756372
7Error in the code pointing to the codepoint in the stack for the
8current char value instead of the pointer in the input that the SAX
9callback expects
10Reported and fixed by Hugh Davenport
11
12Upstream-Status: Backport
13
14CVE-2015-8242
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 HTMLparser.c | 6 +++---
20 1 file changed, 3 insertions(+), 3 deletions(-)
21
22diff --git a/HTMLparser.c b/HTMLparser.c
23index bdf7807..b729197 100644
24--- a/HTMLparser.c
25+++ b/HTMLparser.c
26@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
27 if (ctxt->keepBlanks) {
28 if (ctxt->sax->characters != NULL)
29 ctxt->sax->characters(
30- ctxt->userData, &cur, 1);
31+ ctxt->userData, &in->cur[0], 1);
32 } else {
33 if (ctxt->sax->ignorableWhitespace != NULL)
34 ctxt->sax->ignorableWhitespace(
35- ctxt->userData, &cur, 1);
36+ ctxt->userData, &in->cur[0], 1);
37 }
38 } else {
39 htmlCheckParagraph(ctxt);
40 if (ctxt->sax->characters != NULL)
41 ctxt->sax->characters(
42- ctxt->userData, &cur, 1);
43+ ctxt->userData, &in->cur[0], 1);
44 }
45 }
46 ctxt->token = 0;
47--
482.3.5
49