diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-02-19 21:17:16 +0100 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-02-28 06:51:35 -0800 |
| commit | ccfa191e396a804f63b62518bb452b45700194c0 (patch) | |
| tree | 3f56d3589a4dced4bf52f8ebf129beca318ab452 /meta/recipes-core | |
| parent | f765c28fb3358645ea405dbb990165ea8fd47564 (diff) | |
| download | poky-ccfa191e396a804f63b62518bb452b45700194c0.tar.gz | |
libxml2: patch CVE-2025-24928
Pick commit fomr 2.12 branch.
(From OE-Core rev: 3ccd936adb928612c9721768708534350aeee351)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2025-24928.patch | 58 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 |
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-24928.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-24928.patch new file mode 100644 index 0000000000..6da43f81a5 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-24928.patch | |||
| @@ -0,0 +1,58 @@ | |||
| 1 | From 858ca26c0689161a6b903a6682cc8a1cc10a0ea8 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Wellnhofer <wellnhofer@aevum.de> | ||
| 3 | Date: Tue, 11 Feb 2025 17:30:40 +0100 | ||
| 4 | Subject: [PATCH] [CVE-2025-24928] Fix stack-buffer-overflow in | ||
| 5 | xmlSnprintfElements | ||
| 6 | |||
| 7 | Fixes #847. | ||
| 8 | |||
| 9 | CVE: CVE-2025-24928 | ||
| 10 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8] | ||
| 11 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 12 | --- | ||
| 13 | valid.c | 25 +++++++++++++------------ | ||
| 14 | 1 file changed, 13 insertions(+), 12 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/valid.c b/valid.c | ||
| 17 | index ed3c8503..36a0435b 100644 | ||
| 18 | --- a/valid.c | ||
| 19 | +++ b/valid.c | ||
| 20 | @@ -5259,25 +5259,26 @@ xmlSnprintfElements(char *buf, int size, xmlNodePtr node, int glob) { | ||
| 21 | return; | ||
| 22 | } | ||
| 23 | switch (cur->type) { | ||
| 24 | - case XML_ELEMENT_NODE: | ||
| 25 | + case XML_ELEMENT_NODE: { | ||
| 26 | + int qnameLen = xmlStrlen(cur->name); | ||
| 27 | + | ||
| 28 | + if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) | ||
| 29 | + qnameLen += xmlStrlen(cur->ns->prefix) + 1; | ||
| 30 | + if (size - len < qnameLen + 10) { | ||
| 31 | + if ((size - len > 4) && (buf[len - 1] != '.')) | ||
| 32 | + strcat(buf, " ..."); | ||
| 33 | + return; | ||
| 34 | + } | ||
| 35 | if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) { | ||
| 36 | - if (size - len < xmlStrlen(cur->ns->prefix) + 10) { | ||
| 37 | - if ((size - len > 4) && (buf[len - 1] != '.')) | ||
| 38 | - strcat(buf, " ..."); | ||
| 39 | - return; | ||
| 40 | - } | ||
| 41 | strcat(buf, (char *) cur->ns->prefix); | ||
| 42 | strcat(buf, ":"); | ||
| 43 | } | ||
| 44 | - if (size - len < xmlStrlen(cur->name) + 10) { | ||
| 45 | - if ((size - len > 4) && (buf[len - 1] != '.')) | ||
| 46 | - strcat(buf, " ..."); | ||
| 47 | - return; | ||
| 48 | - } | ||
| 49 | - strcat(buf, (char *) cur->name); | ||
| 50 | + if (cur->name != NULL) | ||
| 51 | + strcat(buf, (char *) cur->name); | ||
| 52 | if (cur->next != NULL) | ||
| 53 | strcat(buf, " "); | ||
| 54 | break; | ||
| 55 | + } | ||
| 56 | case XML_TEXT_NODE: | ||
| 57 | if (xmlIsBlankNode(cur)) | ||
| 58 | break; | ||
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index e9578ceb59..8f1d882505 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb | |||
| @@ -36,6 +36,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt | |||
| 36 | file://CVE-2022-49043.patch \ | 36 | file://CVE-2022-49043.patch \ |
| 37 | file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ | 37 | file://0001-pattern-Fix-compilation-of-explicit-child-axis.patch \ |
| 38 | file://CVE-2024-56171.patch \ | 38 | file://CVE-2024-56171.patch \ |
| 39 | file://CVE-2025-24928.patch \ | ||
| 39 | " | 40 | " |
| 40 | 41 | ||
| 41 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" | 42 | SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" |
