mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: Security fix for CVE-2016-1762

Browse Source 
(From OE-Core rev: 8a59dc853d2870bc33ef3cc5af202e33b3d7c6c2)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2016-07-09 14:27:44 -07:00
committed by Richard Purdie
parent c9e0efd1f7
commit f2688ed200
2 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2/CVE-2016-1762.patch
+84
View File
@@ -0,0 +1,84 @@
From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 9 Feb 2016 12:55:29 +0100
Subject: [PATCH] Heap-based buffer overread in xmlNextChar
For https://bugzilla.gnome.org/show_bug.cgi?id=759671
when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
Upstream-Status: Backport
CVE: CVE-2016-1762
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
parser.c | 1 +
result/errors/754946.xml.err | 10 +++++-----
result/errors/content1.xml.err | 2 +-
result/valid/t8.xml.err | 2 +-
result/valid/t8a.xml.err | 2 +-
5 files changed, 9 insertions(+), 8 deletions(-)
Index: libxml2-2.9.2/parser.c
===================================================================
--- libxml2-2.9.2.orig/parser.c
+++ libxml2-2.9.2/parser.c
@@ -8480,6 +8480,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr
*/
if (RAW != '>') {
xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+ return;
}
NEXT;
}
Index: libxml2-2.9.2/result/errors/754946.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/errors/754946.xml.err
+++ libxml2-2.9.2/result/errors/754946.xml.err
@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE i
Entity: line 1:
A<lbbbbbbbbbbbbbbbbbbb_
^
-./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
->%SYSTEM;<![
- ^
-./test/errors/754946.xml:1: parser error : Extra content at the end of the document
->%SYSTEM;<![
+Entity: line 1: parser error : Start tag expected, '<' not found
+ %SYSTEM;
^
+Entity: line 1:
+A<lbbbbbbbbbbbbbbbbbbb_
+^
Index: libxml2-2.9.2/result/errors/content1.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/errors/content1.xml.err
+++ libxml2-2.9.2/result/errors/content1.xml.err
@@ -13,4 +13,4 @@
^
./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
<!ELEMENT aElement (a |b * >
- ^
+ ^
Index: libxml2-2.9.2/result/valid/t8.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/valid/t8.xml.err
+++ libxml2-2.9.2/result/valid/t8.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
^
Entity: line 1:
&lt;!ELEMENT root (middle) >
- ^
+^
Index: libxml2-2.9.2/result/valid/t8a.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/valid/t8a.xml.err
+++ libxml2-2.9.2/result/valid/t8a.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
^
Entity: line 1:
&lt;!ELEMENT root (middle) >
- ^
+^
meta/recipes-core/libxml/libxml2_2.9.2.bb
+2
View File
@@ -4,6 +4,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch \
file://0001-threads-Define-pthread-definitions-for-glibc-complia.patch \
"
SRC_URI += "file://CVE-2016-1762.patch \
"
SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
SRC_URI[libtar.sha256sum] = "5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc"