openembedded-core.git/meta/recipes-core/libxml/libxml2, branch master Mirror of openembedded-core libxml2: CVE-2016-9318 2017-04-28T10:26:07+00:00 Catalin Enache catalin.enache@windriver.com 2017-04-14T08:43:32+00:00 0dd44c00e3b2fbc3befc3f361624a3a60161d979 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Fix more NULL pointer derefs 2016-12-16T08:30:02+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:21+00:00 8f3008114d5000a0865f50833db7c3a3f9808601 The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges 2016-12-16T08:30:01+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:20+00:00 00e928bd1c2aed9caeaf9e411743805d2139a023 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Necessary changes before fixing CVE-2016-5131 2016-12-16T08:30:01+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:19+00:00 96ef568f75dded56a2123b63dcc8b443f796afe0 xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
xpath:
 - Check for errors after evaluating first operand.
 - Add sanity check for empty stack.
 - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Security fix CVE-2016-5131 2016-11-30T15:47:15+00:00 Yi Zhao yi.zhao@windriver.com 2016-11-28T09:55:40+00:00 640bd2b98ff33e49b42f1087650ebe20d92259a4 CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through
2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131

Patch from:
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: upgrade to 2.9.4 2016-06-14T11:56:33+00:00 Hongxu Jia hongxu.jia@windriver.com 2016-06-13T09:16:32+00:00 323c7cec65603476994dde196f4c2c151d0e0d31 - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
- Drop configure.ac-fix-cross-compiling-warning.patch,
  libxml2 2.9.4 has fixed it

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix AM_PATH_XML2 2016-04-09T06:50:25+00:00 Robert Yang liezhi.yang@windriver.com 2016-04-08T10:14:21+00:00 190b57a5f130f8a48d417ad472c0131c49302ee1 The code: suppose $1 == 2.7: verdep=ifelse([$1], [], [], [>= $1]) results in: verdep=>= 2.7 This is wrong in shell: bash: 2.7: command not found Use quotation marks to fix the problem. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The code: suppose $1 == 2.7:
verdep=ifelse([$1], [], [], [>= $1])
results in:
verdep=>= 2.7
This is wrong in shell:
bash: 2.7: command not found

Use quotation marks to fix the problem.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: upgrade to 2.9.3 2015-12-01T21:31:03+00:00 Ross Burton ross.burton@intel.com 2015-11-25T22:44:53+00:00 88e68f25e1756988692108d4c15dfa8efc94e5e5 - Drop all the upstreamed patches - Rework the ansidecl removal so it's contained in a single patch Signed-off-by: Ross Burton <ross.burton@intel.com> 
- Drop all the upstreamed patches
- Rework the ansidecl removal so it's contained in a single patch

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2015-7942 and CVE-2015-8035 2015-11-25T07:56:57+00:00 Armin Kuster akuster@mvista.com 2015-11-11T22:21:46+00:00 27de51f4ad21d9b896e7d48041e7cdf20c564a38 CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled

[YOCTO #8641]

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Security Advisory - libxml2 - CVE-2015-1819 2015-06-18T08:12:02+00:00 Yue Tao Yue.Tao@windriver.com 2015-06-15T01:18:52+00:00 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7 for CVE-2015-1819 Enforce the reader to run in constant memory Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
for CVE-2015-1819 Enforce the reader to run in constant memory

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>