libxml2: Fix for CVE-2024-25062

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] (From OE-Core rev: 55027bc882cf6cab830f4e4f21fa9a2ffb4ad72e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2024-02-08 08:19:11 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-02-15 03:51:56 -1000
commit: 555dadb56e20c4f38a8b06eeb05b6a0a65bebd46 (patch)
tree: c40055315ada943bda5868e1005bf23b40fd9536 /meta
parent: db8608a8577b092ec8ee04f54329170f043fbdc2 (diff)
download: poky-555dadb56e20c4f38a8b06eeb05b6a0a65bebd46.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
new file mode 100644
index 0000000000..5365d5546a
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,33 @@
+From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 14 Oct 2023 22:45:54 +0200
+Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
+ backtracking
+Fixes a use-after-free if XML Reader if used with DTD validation and
+XInclude expansion.
+Fixes #604.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
+CVE: CVE-2024-25062
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xmlreader.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/xmlreader.c b/xmlreader.c
+index 979385a13..fefd68e0b 100644
+--- a/xmlreader.c
+++ b/xmlreader.c
+@@ -1443,6 +1443,7 @@ node_found:
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+        (reader->node->type == XML_ELEMENT_NODE) &&
+        (reader->node->ns != NULL) &&
+-- 
+GitLab
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 533a6dae01..2b7e9999d9 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -31,6 +31,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
           file://CVE-2023-39615-0002.patch \
           file://CVE-2023-45322-1.patch \
           file://CVE-2023-45322-2.patch \
+           file://CVE-2024-25062.patch \
           "
 SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
author	Vijay Anusuri <vanusuri@mvista.com>	2024-02-08 08:19:11 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-02-15 03:51:56 -1000
commit	555dadb56e20c4f38a8b06eeb05b6a0a65bebd46 (patch)
tree	c40055315ada943bda5868e1005bf23b40fd9536 /meta
parent	db8608a8577b092ec8ee04f54329170f043fbdc2 (diff)
download	poky-555dadb56e20c4f38a8b06eeb05b6a0a65bebd46.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch new file mode 100644 index 0000000000..5365d5546a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
@@ -0,0 +1,33 @@
		1	From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
		2	From: Nick Wellnhofer <wellnhofer@aevum.de>
		3	Date: Sat, 14 Oct 2023 22:45:54 +0200
		4	Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
		5	backtracking
		6
		7	Fixes a use-after-free if XML Reader if used with DTD validation and
		8	XInclude expansion.
		9
		10	Fixes #604.
		11
		12	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7]
		13	CVE: CVE-2024-25062
		14	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		15	---
		16	xmlreader.c \| 1 +
		17	1 file changed, 1 insertion(+)
		18
		19	diff --git a/xmlreader.c b/xmlreader.c
		20	index 979385a13..fefd68e0b 100644
		21	--- a/xmlreader.c
		22	+++ b/xmlreader.c
		23	@@ -1443,6 +1443,7 @@ node_found:
		24	* Handle XInclude if asked for
		25	*/
		26	if ((reader->xinclude) && (reader->in_xinclude == 0) &&
		27	+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
		28	(reader->node != NULL) &&
		29	(reader->node->type == XML_ELEMENT_NODE) &&
		30	(reader->node->ns != NULL) &&
		31	--
		32	GitLab
		33


diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 533a6dae01..2b7e9999d9 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -31,6 +31,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
31	file://CVE-2023-39615-0002.patch \	31	file://CVE-2023-39615-0002.patch \
32	file://CVE-2023-45322-1.patch \	32	file://CVE-2023-45322-1.patch \
33	file://CVE-2023-45322-2.patch \	33	file://CVE-2023-45322-2.patch \
		34	file://CVE-2024-25062.patch \
34	"	35	"
35		36
36	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"	37	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"