mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: security fix CVE-2015-7942

Browse Source 
includes:
CVE-2015-7942
CVE-2015-7942-2

(From OE-Core rev: 66c7e97f8687c1b656c322282ee7cdc200945616)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2015-12-05 10:54:57 -08:00
committed by Richard Purdie
parent fdea03df12
commit c4b71e1a6a
3 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2.inc
+2
View File
@@ -24,6 +24,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \ file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \ file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
" "
BINCONFIG = "${bindir}/xml2-config" BINCONFIG = "${bindir}/xml2-config"
meta/recipes-core/libxml/libxml2/CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch
+35
View File
@@ -0,0 +1,35 @@
From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 27 Oct 2015 10:53:44 +0800
Subject: [PATCH] Fix an error in previous Conditional section patch
an off by one mistake in the change, led to error on correct
document where the end of the included entity was exactly
the end of the conditional section, leading to regtest failure
Upstream-Status: Backport
CVE-2015-7942-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index b9217ff..d67b300 100644
--- a/parser.c
+++ b/parser.c
@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
NULL, NULL);
}
if ((ctxt-> instate != XML_PARSER_EOF) &&
- ((ctxt->input->cur + 3) < ctxt->input->end))
+ ((ctxt->input->cur + 3) <= ctxt->input->end))
SKIP(3);
}
}
--
2.3.5
meta/recipes-core/libxml/libxml2/CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch
+39
View File
@@ -0,0 +1,39 @@
From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 23 Oct 2015 19:02:28 +0800
Subject: [PATCH] Another variation of overflow in Conditional sections
Which happen after the previous fix to
https://bugzilla.gnome.org/show_bug.cgi?id=756456
But stopping the parser and exiting we didn't pop the intermediary entities
and doing the SKIP there applies on an input which may be too small
Upstream-Status: Backport
CVE-2015-7942
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
parser.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index a65e4cc..b9217ff 100644
--- a/parser.c
+++ b/parser.c
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
"All markup of the conditional section is not in the same entity\n",
NULL, NULL);
}
- SKIP(3);
+ if ((ctxt-> instate != XML_PARSER_EOF) &&
+ ((ctxt->input->cur + 3) < ctxt->input->end))
+ SKIP(3);
}
}
--
2.3.5