[gnome-continuous-yocto/gnomeostree-3.28-rocko: 6453/8267] libxml2: Fix CVE-2017-0663

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 6453/8267] libxml2: Fix CVE-2017-0663
Date: Sun, 17 Dec 2017 04:51:58 +0000 (UTC)

commit 80aac29b3845cd5e415fe4a30eb7daad10764e90
Author: Andrej Valek <andrej valek siemens com>
Date:   Wed Jun 14 15:07:56 2017 +0200

    libxml2: Fix CVE-2017-0663
    
    Fix type confusion in xmlValidateOneNamespace
    
    Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
    on namespace declarations make no practical sense anyway.
    
    Fixes bug 780228
    
    CVE: CVE-2017-0663
    (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227)
    
    Signed-off-by: Andrej Valek <andrej valek siemens com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../libxml/libxml2/libxml2-CVE-2017-0663.patch     |   40 ++++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.4.bb          |    1 +
 2 files changed, 41 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch 
b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
new file mode 100644
index 0000000..0108265
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
@@ -0,0 +1,40 @@
+libxml2: Fix CVE-2017-0663
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
+
+valid: Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
+on namespace declarations make no practical sense anyway.
+
+Fixes bug 780228
+
+Upstream-Status: Backport 
[https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
+CVE: CVE-2017-0663
+Signed-off-by: Andrej Valek <andrej valek siemens com>
+
+diff --git a/valid.c b/valid.c
+index 19f84b8..e03d35e 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+       }
+     }
+ 
++    /*
++     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++     * xmlAddID and xmlAddRef for namespace declarations, but it makes
++     * no practical sense to use ID types anyway.
++     */
++#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+           ret = 0;
+     }
++#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index 2996809..677d8c9 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -27,6 +27,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
            file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
            file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
            file://libxml2-CVE-2017-5969.patch \
+           file://libxml2-CVE-2017-0663.patch \
            file://CVE-2016-9318.patch \
            file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
            "

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]