summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2015-11-25 22:44:53 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-12-01 21:32:14 (GMT)
commited318749f992058c4faafcd551df4e73ced2a793 (patch)
tree30590ad98fb7e132ca0e17df8bb8bd998cd8c495 /meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch
parentecb1c717617b4c9068c65d0d6fc0329db1ef8a13 (diff)
downloadpoky-ed318749f992058c4faafcd551df4e73ced2a793.tar.gz
libxml2: upgrade to 2.9.3
- Drop all the upstreamed patches - Rework the ansidecl removal so it's contained in a single patch (From OE-Core rev: 88e68f25e1756988692108d4c15dfa8efc94e5e5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch')
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch37
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch
deleted file mode 100644
index 1c05ae6..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From: Daniel Veillard <veillard@redhat.com>
2Date: Tue, 22 Apr 2014 15:30:56 +0800
3Subject: Do not fetch external parameter entities
4
5Unless explicitely asked for when validating or replacing entities
6with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>
7
8Upstream-Status: Backport
9Reference: https://access.redhat.com/security/cve/CVE-2014-0191
10
11Signed-off-by: Daniel Veillard <veillard@redhat.com>
12Signed-off-by: Maxin B. John <maxin.john@enea.com>
13---
14diff -Naur libxml2-2.9.1-orig/parser.c libxml2-2.9.1/parser.c
15--- libxml2-2.9.1-orig/parser.c 2013-04-16 15:39:18.000000000 +0200
16+++ libxml2-2.9.1/parser.c 2014-05-07 13:35:46.883687946 +0200
17@@ -2595,6 +2595,20 @@
18 xmlCharEncoding enc;
19
20 /*
21+ * Note: external parsed entities will not be loaded, it is
22+ * not required for a non-validating parser, unless the
23+ * option of validating, or substituting entities were
24+ * given. Doing so is far more secure as the parser will
25+ * only process data coming from the document entity by
26+ * default.
27+ */
28+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
29+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
30+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
31+ (ctxt->validate == 0))
32+ return;
33+
34+ /*
35 * handle the extra spaces added before and after
36 * c.f. http://www.w3.org/TR/REC-xml#as-PE
37 * this is done independently.