summaryrefslogtreecommitdiff
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2015-01-15 09:37:16 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-01-15 16:55:12 +0000
commitaf501bd51f9a86edd34e0405bc32dabe21312229 (patch)
tree5fd09d39ffaddabd14f759aefafd5efe9a629db7 /meta/recipes-core
parentb61a2acc321489c3427f0afa3059486dc144a13b (diff)
downloadopenembedded-core-af501bd51f9a86edd34e0405bc32dabe21312229.tar.gz
openembedded-core-af501bd51f9a86edd34e0405bc32dabe21312229.tar.bz2
openembedded-core-af501bd51f9a86edd34e0405bc32dabe21312229.zip
libxml2: Backport fix for CVE introduced entity issues
The CVE fix introduced problems with entity issues, we observed this when building the Yocto Docs in particular. Backport the fix from upstream so we can build our docs correctly. [YOCTO #7134] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch30
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.2.bb3
2 files changed, 32 insertions, 1 deletions
diff --git a/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch b/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch
new file mode 100644
index 0000000000..10a8112b58
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch
@@ -0,0 +1,30 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+Upstream-Status: Backport
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ * far more secure as the parser will only process data coming from
+ * the document entity by default.
+ */
+- if ((ent->checked == 0) &&
++ if (((ent->checked == 0) ||
++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ unsigned long oldnbent = ctxt->nbentities;
+--
+cgit v0.10.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb b/meta/recipes-core/libxml/libxml2_2.9.2.bb
index f0cfa59309..1affff12ae 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
@@ -1,6 +1,7 @@
require libxml2.inc
-SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar"
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
+ file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch"
SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
SRC_URI[libtar.sha256sum] = "5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc"