diff options
| author | Siddharth Doshi <sdoshi@mvista.com> | 2024-06-17 21:00:27 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-06-26 05:04:39 -0700 |
| commit | e2366b9d09a8d68b0f4b9b98c4ddda6767352ad9 (patch) | |
| tree | 31a6289d5dc02cfd098263c6b4eae18edbad2948 | |
| parent | f27a1997b6f48f77c5085ce9b6572494e7dd864e (diff) | |
| download | poky-e2366b9d09a8d68b0f4b9b98c4ddda6767352ad9.tar.gz | |
libxml2: Security fix for CVE-2024-34459
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]
CVE's Fixed:
CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
(From OE-Core rev: b9f46d058854c0a6104a928b7b0b30d65fb87c2e)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch new file mode 100644 index 0000000000..96e3d3cfaf --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From 78fce372041d53cfeaaf2c11c71d07eef55ecfd1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
| 3 | Date: Wed, 8 May 2024 11:49:31 +0200 | ||
| 4 | Subject: [PATCH] Fix buffer overread with `xmllint --htmlout` | ||
| 5 | |||
| 6 | Add a missing bounds check. | ||
| 7 | |||
| 8 | Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce] | ||
| 9 | CVE: CVE-2024-34459 | ||
| 10 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
| 11 | --- | ||
| 12 | xmllint.c | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/xmllint.c b/xmllint.c | ||
| 16 | index ee6bfdc..2f792f1 100644 | ||
| 17 | --- a/xmllint.c | ||
| 18 | +++ b/xmllint.c | ||
| 19 | @@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { | ||
| 20 | len = strlen(buffer); | ||
| 21 | snprintf(&buffer[len], sizeof(buffer) - len, "\n"); | ||
| 22 | cur = input->cur; | ||
| 23 | - while ((*cur == '\n') || (*cur == '\r')) | ||
| 24 | + while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) | ||
| 25 | cur--; | ||
| 26 | n = 0; | ||
| 27 | while ((cur != base) && (n++ < 80)) { | ||
| 28 | -- | ||
| 29 | 2.25.1 | ||
| 30 | |||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 2b7e9999d9..94b3b510ae 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb | |||
| @@ -32,6 +32,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt | |||
| 32 | file://CVE-2023-45322-1.patch \ | 32 | file://CVE-2023-45322-1.patch \ |
| 33 | file://CVE-2023-45322-2.patch \ | 33 | file://CVE-2023-45322-2.patch \ |
| 34 | file://CVE-2024-25062.patch \ | 34 | file://CVE-2024-25062.patch \ |
| 35 | file://CVE-2024-34459.patch \ | ||
| 35 | " | 36 | " |
| 36 | 37 | ||
| 37 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" | 38 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" |