openembedded-core.git/meta/recipes-core/libxml/libxml2, branch thud Mirror of openembedded-core libxml2: refresh CVE-2017-8872 2018-10-04T13:30:40+00:00 Ross Burton ross.burton@intel.com 2018-10-04T09:20:20+00:00 512869aea6dde1bb2374601f7c4d793ac9edaa42 The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch associated with the CVE-2017-8872 report was never merged into
libxml2, but a slightly different patch for the same problem was.  Cherry-pick
that as a backport, which also fixes the failing test suite.

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2018-9251 and CVE-2018-14567 2018-08-20T10:59:44+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-08-17T07:22:41+00:00 b91b276696fb5e0b633b73be408bd750ac4e28ce Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Fix CVE-2018-14404 2018-08-14T10:36:22+00:00 Andrej Valek andrej.valek@siemens.com 2018-08-09T08:06:37+00:00 69315177732a1d260a3315fe8c4c4c44653ae0c8 Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fix nullptr deref with XPath logic ops

If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.

CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix CVE-2017-8872 2018-07-04T23:24:14+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-07-04T01:39:14+00:00 dac867dc63af70ae992c50697d2be95c3e7b58bb The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4
allows attackers to cause a denial of service (buffer over-read) or
information disclosure.

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: 2.9.7 -> 2.9.8 2018-05-04T08:54:49+00:00 Andrej Valek andrej.valek@siemens.com 2018-03-20T09:47:15+00:00 de24ead63802523daa19ce8528ac95d9e041eaf8 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml: refresh patches 2018-03-07T14:33:55+00:00 Ross Burton ross.burton@intel.com 2017-11-15T16:47:41+00:00 d71d6854fadc96fc3c75617af3beba02952fdef6 The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix makefile for ptests 2018-01-13T18:02:08+00:00 Anuj Mittal anuj.mittal@intel.com 2018-01-13T10:02:37+00:00 5cf92ca436e1a1ba60fec8b30b6cb3cfd4842bc8 Changes to Makefile in latest version mean when "make -k runtests" is executed, it leads to errors like: | make: *** No rule to make target 'runtest.c', needed by 'runtest.o'. | make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'. | make: *** No rule to make target 'entities.c', needed by 'entities.lo'. | make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'. Make sure that we don't try to check and compile the tests again on the target. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Changes to Makefile in latest version mean when "make -k runtests" is executed,
it leads to errors like:

| make: *** No rule to make target 'runtest.c', needed by 'runtest.o'.
| make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'.
| make: *** No rule to make target 'entities.c', needed by 'entities.lo'.
| make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'.

Make sure that we don't try to check and compile the tests again on the target.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: 2.9.4 -> 2.9.5 2017-11-05T13:44:54+00:00 Andrej Valek andrej.valek@siemens.com 2017-09-06T06:04:59+00:00 a0d2427bb86668215d7c9e1be07cb9a2d86f6755 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2-ptest: set LC_ALL=en_US.UTF-8 2017-10-06T11:22:45+00:00 Juro Bystricky juro.bystricky@intel.com 2017-09-25T23:33:46+00:00 d7f1fe6c8419b8c59e601c56245373d094cae298 We need to specify UTF-8 in the environment to avoid an error such as: UnicodeEncodeError: 'ascii' codec can't encode character '\xe4' Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
We need to specify UTF-8 in the environment to avoid an error
such as:

UnicodeEncodeError: 'ascii' codec can't encode character '\xe4'

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Fix CVE-2017-8872 2017-08-27T21:29:44+00:00 Hongxu Jia hongxu.jia@windriver.com 2017-08-23T08:30:45+00:00 a615b0825927a09a0aa8312d131c9acbaef8956d fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"

./configure --disable-shared

make clean all -j

wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc

./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0    #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d)    #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356)    #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504)    #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e)    #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)    #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>