[oe-commits] [openembedded-core] 03/17: libxml2: Security fix for CVE-2016-1762
git at git.openembedded.org
git at git.openembedded.org
Wed Jul 27 07:34:08 UTC 2016
rpurdie pushed a commit to branch jethro
in repository openembedded-core.
commit 8a59dc853d2870bc33ef3cc5af202e33b3d7c6c2
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Sat Jul 9 14:27:44 2016 -0700
libxml2: Security fix for CVE-2016-1762
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
.../libxml/libxml2/CVE-2016-1762.patch | 84 ++++++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.2.bb | 2 +
2 files changed, 86 insertions(+)
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2016-1762.patch b/meta/recipes-core/libxml/libxml2/CVE-2016-1762.patch
new file mode 100644
index 0000000..8fff179
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2016-1762.patch
@@ -0,0 +1,84 @@
+From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Tue, 9 Feb 2016 12:55:29 +0100
+Subject: [PATCH] Heap-based buffer overread in xmlNextChar
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=759671
+
+when the end of the internal subset isn't properly detected
+xmlParseInternalSubset should just return instead of trying
+to process input further.
+
+Upstream-Status: Backport
+CVE: CVE-2016-1762
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ parser.c | 1 +
+ result/errors/754946.xml.err | 10 +++++-----
+ result/errors/content1.xml.err | 2 +-
+ result/valid/t8.xml.err | 2 +-
+ result/valid/t8a.xml.err | 2 +-
+ 5 files changed, 9 insertions(+), 8 deletions(-)
+
+Index: libxml2-2.9.2/parser.c
+===================================================================
+--- libxml2-2.9.2.orig/parser.c
++++ libxml2-2.9.2/parser.c
+@@ -8480,6 +8480,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr
+ */
+ if (RAW != '>') {
+ xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
++ return;
+ }
+ NEXT;
+ }
+Index: libxml2-2.9.2/result/errors/754946.xml.err
+===================================================================
+--- libxml2-2.9.2.orig/result/errors/754946.xml.err
++++ libxml2-2.9.2/result/errors/754946.xml.err
+@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE i
+ Entity: line 1:
+ A<lbbbbbbbbbbbbbbbbbbb_
+ ^
+-./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
+->%SYSTEM;<![
+- ^
+-./test/errors/754946.xml:1: parser error : Extra content at the end of the document
+->%SYSTEM;<![
++Entity: line 1: parser error : Start tag expected, '<' not found
++ %SYSTEM;
+ ^
++Entity: line 1:
++A<lbbbbbbbbbbbbbbbbbbb_
++^
+Index: libxml2-2.9.2/result/errors/content1.xml.err
+===================================================================
+--- libxml2-2.9.2.orig/result/errors/content1.xml.err
++++ libxml2-2.9.2/result/errors/content1.xml.err
+@@ -13,4 +13,4 @@
+ ^
+ ./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
+ <!ELEMENT aElement (a |b * >
+- ^
++ ^
+Index: libxml2-2.9.2/result/valid/t8.xml.err
+===================================================================
+--- libxml2-2.9.2.orig/result/valid/t8.xml.err
++++ libxml2-2.9.2/result/valid/t8.xml.err
+@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
+ ^
+ Entity: line 1:
+ <!ELEMENT root (middle) >
+- ^
++^
+Index: libxml2-2.9.2/result/valid/t8a.xml.err
+===================================================================
+--- libxml2-2.9.2.orig/result/valid/t8a.xml.err
++++ libxml2-2.9.2/result/valid/t8a.xml.err
+@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
+ ^
+ Entity: line 1:
+ <!ELEMENT root (middle) >
+- ^
++^
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb
index 79a395c..7f2ded7 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
@@ -4,6 +4,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch \
file://0001-threads-Define-pthread-definitions-for-glibc-complia.patch \
"
+SRC_URI += "file://CVE-2016-1762.patch \
+ "
SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
SRC_URI[libtar.sha256sum] = "5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list