mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 04:03:03 +01:00
2159b5f8ae
This vulnerability has now a CVE assigned. (From OE-Core rev: 204ff9dd9c62a8a346e89880b2e15a4c0e9ad6e0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 503f788e84f1c1f1d769c2c7258d77faee94b5a3 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Thu, 13 Feb 2025 16:48:53 +0100
|
|
Subject: [PATCH] pattern: Fix compilation of explicit child axis
|
|
|
|
The child axis is the default axis and should generate XML_OP_ELEM like
|
|
the case without an axis.
|
|
|
|
CVE: CVE-2025-27113
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
pattern.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/pattern.c b/pattern.c
|
|
index 27e96946..3182794e 100644
|
|
--- a/pattern.c
|
|
+++ b/pattern.c
|
|
@@ -1178,10 +1178,10 @@ xmlCompileStepPattern(xmlPatParserContextPtr ctxt) {
|
|
goto error;
|
|
}
|
|
} else {
|
|
- PUSH(XML_OP_CHILD, token, URL);
|
|
+ PUSH(XML_OP_ELEM, token, URL);
|
|
}
|
|
} else
|
|
- PUSH(XML_OP_CHILD, name, NULL);
|
|
+ PUSH(XML_OP_ELEM, name, NULL);
|
|
return;
|
|
} else if (xmlStrEqual(name, (const xmlChar *) "attribute")) {
|
|
XML_PAT_FREE_STRING(ctxt, name)
|