summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-12-05 18:52:42 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-20 17:08:28 (GMT)
commit9d44210c74d3bd34d1dce59b59744ddf7e73b7b2 (patch)
tree00ba5a0be67359b38d50914ec43f28d599511eb0
parentd3ad918a712769e6e3ead7ad590f6a9fdac0c3dc (diff)
downloadpoky-9d44210c74d3bd34d1dce59b59744ddf7e73b7b2.tar.gz
libxml2: security fix CVE-2015-7941
includes: CVE-2015-7941-1 CVE-2015-7941-2 (From OE-Core rev: e06312c71209b2e1d19c7df1434e409ad96b58be) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc2
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch39
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch56
3 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 9d1d2bd..9ebb8bb 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,6 +23,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
23 file://libxml-m4-use-pkgconfig.patch \ 23 file://libxml-m4-use-pkgconfig.patch \
24 file://configure.ac-fix-cross-compiling-warning.patch \ 24 file://configure.ac-fix-cross-compiling-warning.patch \
25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ 25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
26 file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
27 file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
26 " 28 "
27 29
28BINCONFIG = "${bindir}/xml2-config" 30BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
new file mode 100644
index 0000000..11da9f9
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
@@ -0,0 +1,39 @@
1From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 23 Feb 2015 11:17:35 +0800
4Subject: [PATCH] Stop parsing on entities boundaries errors
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=744980
7
8There are times, like on unterminated entities that it's preferable to
9stop parsing, even if that means less error reporting. Entities are
10feeding the parser on further processing, and if they are ill defined
11then it's possible to get the parser to bug. Also do the same on
12Conditional Sections if the input is broken, as the structure of
13the document can't be guessed.
14
15Upstream-Status: Backport
16
17CVE-2015-7941-1
18
19Signed-off-by: Armin Kuster <akuster@mvista.com>
20
21---
22 parser.c | 1 +
23 1 file changed, 1 insertion(+)
24
25diff --git a/parser.c b/parser.c
26index a8d1b67..bbe97eb 100644
27--- a/parser.c
28+++ b/parser.c
29@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
30 if (RAW != '>') {
31 xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
32 "xmlParseEntityDecl: entity %s not terminated\n", name);
33+ xmlStopParser(ctxt);
34 } else {
35 if (input != ctxt->input) {
36 xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
37--
382.3.5
39
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
new file mode 100644
index 0000000..b7bd960
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
@@ -0,0 +1,56 @@
1From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Mon, 23 Feb 2015 11:29:20 +0800
4Subject: [PATCH] Cleanup conditional section error handling
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=744980
7
8The error handling of Conditional Section also need to be
9straightened as the structure of the document can't be
10guessed on a failure there and it's better to stop parsing
11as further errors are likely to be irrelevant.
12
13Upstream-Status: Backport
14
15CVE-2015-7941-2
16
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 parser.c | 6 ++++++
21 1 file changed, 6 insertions(+)
22
23diff --git a/parser.c b/parser.c
24index bbe97eb..fe603ac 100644
25--- a/parser.c
26+++ b/parser.c
27@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
28 SKIP_BLANKS;
29 if (RAW != '[') {
30 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
31+ xmlStopParser(ctxt);
32+ return;
33 } else {
34 if (ctxt->input->id != id) {
35 xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
36@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
37 SKIP_BLANKS;
38 if (RAW != '[') {
39 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
40+ xmlStopParser(ctxt);
41+ return;
42 } else {
43 if (ctxt->input->id != id) {
44 xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
45@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
46
47 } else {
48 xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
49+ xmlStopParser(ctxt);
50+ return;
51 }
52
53 if (RAW == 0)
54--
552.3.5
56