mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-06 23:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

libxml2: Backport fix for CVE introduced entity issues

Browse Source 
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.

[YOCTO #7134]

(From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Richard Purdie
2015-01-15 09:37:16 +00:00
parent 2b92504587
commit 10837473b2
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
meta/recipes-core/libxml/libxml2/72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch Normal file
View File

@@ -0,0 +1,30 @@
From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 23 Oct 2014 11:35:36 +0800
Subject: Fix missing entities after CVE-2014-3660 fix
For https://bugzilla.gnome.org/show_bug.cgi?id=738805
The fix for CVE-2014-3660 introduced a regression in some case
where entity substitution is required and the entity is used
first in anotther entity referenced from an attribute value
Upstream-Status: Backport
diff --git a/parser.c b/parser.c
index 67c9dfd..a8d1b67 100644
--- a/parser.c
+++ b/parser.c
@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
* far more secure as the parser will only process data coming from
* the document entity by default.
*/
- if ((ent->checked == 0) &&
+ if (((ent->checked == 0) ||
+ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
(ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
unsigned long oldnbent = ctxt->nbentities;
--
cgit v0.10.1

3
meta/recipes-core/libxml/libxml2_2.9.2.bb
View File

@@ -1,6 +1,7 @@
require libxml2.inc
SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar"
SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch"
SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
SRC_URI[libtar.sha256sum] = "5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc"