diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2017-06-14 15:07:56 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-07-27 22:36:44 +0100 |
| commit | 9dee4e5650520c5a863d04de92dd1cf90a8750aa (patch) | |
| tree | 0fcb7a47dadcb9e04600eafb920744bdb4380870 | |
| parent | 9d59e7d739fe48cf99c894dc3f9dd79a252084f3 (diff) | |
| download | poky-9dee4e5650520c5a863d04de92dd1cf90a8750aa.tar.gz | |
libxml2: Fix CVE-2017-0663
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
(From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227)
(From OE-Core rev: e442e7105ba39ddaed0749614b5ee552f9df2d5a)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch new file mode 100644 index 0000000000..0108265855 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | libxml2: Fix CVE-2017-0663 | ||
| 2 | |||
| 3 | [No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228 | ||
| 4 | |||
| 5 | valid: Fix type confusion in xmlValidateOneNamespace | ||
| 6 | |||
| 7 | Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types | ||
| 8 | on namespace declarations make no practical sense anyway. | ||
| 9 | |||
| 10 | Fixes bug 780228 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66] | ||
| 13 | CVE: CVE-2017-0663 | ||
| 14 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
| 15 | |||
| 16 | diff --git a/valid.c b/valid.c | ||
| 17 | index 19f84b8..e03d35e 100644 | ||
| 18 | --- a/valid.c | ||
| 19 | +++ b/valid.c | ||
| 20 | @@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { | ||
| 21 | } | ||
| 22 | } | ||
| 23 | |||
| 24 | + /* | ||
| 25 | + * Casting ns to xmlAttrPtr is wrong. We'd need separate functions | ||
| 26 | + * xmlAddID and xmlAddRef for namespace declarations, but it makes | ||
| 27 | + * no practical sense to use ID types anyway. | ||
| 28 | + */ | ||
| 29 | +#if 0 | ||
| 30 | /* Validity Constraint: ID uniqueness */ | ||
| 31 | if (attrDecl->atype == XML_ATTRIBUTE_ID) { | ||
| 32 | if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) | ||
| 33 | @@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { | ||
| 34 | if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) | ||
| 35 | ret = 0; | ||
| 36 | } | ||
| 37 | +#endif | ||
| 38 | |||
| 39 | /* Validity Constraint: Notation Attributes */ | ||
| 40 | if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { | ||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index 5776f0f8d3..3b081dd2fe 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb | |||
| @@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ | |||
| 27 | file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ | 27 | file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \ |
| 28 | file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ | 28 | file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \ |
| 29 | file://libxml2-CVE-2017-5969.patch \ | 29 | file://libxml2-CVE-2017-5969.patch \ |
| 30 | file://libxml2-CVE-2017-0663.patch \ | ||
| 30 | file://CVE-2016-9318.patch \ | 31 | file://CVE-2016-9318.patch \ |
| 31 | " | 32 | " |
| 32 | 33 | ||