diff options
| author |   Joe Slater <joe.slater@windriver.com> | 2019-10-22 18:59:51 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-10-31 16:07:11 +0000 |
| commit | 1263db2759b88e423bb717cc0cfc256c7962871b (patch) | |
| tree | 4b106f55ded0629b05a21a8e1aeff32f9d5e9f06 /meta/recipes-support/libxslt | |
| parent | 844e7aa217f5ecf46766a07d46f9d7f083668e8e (diff) | |
| download | openembedded-core-1263db2759b88e423bb717cc0cfc256c7962871b.tar.gz | |
libxslt: fix CVE-2019-18197
Use patch from upstream after 1.1.33 release.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-support/libxslt')
| -rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2019-18197.patch | 33 | ||||
| -rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.33.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch new file mode 100644 index 0000000000..5f2b620396 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch @@ -0,0 +1,33 @@ +libxslt: fix CVE-2019-18197 + +Added after 1.1.33 release. + +CVE: CVE-2019-18197 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git] +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +commit 2232473733b7313d67de8836ea3b29eec6e8e285 +Author: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat Aug 17 16:51:53 2019 +0200 + + Fix dangling pointer in xsltCopyText + + xsltCopyText didn't reset ctxt->lasttext in some cases which could + lead to various memory errors in relation with CDATA sections in input + documents. + + Found by OSS-Fuzz. + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd07..d7ab0b6 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb index abc00a09ea..9f268e7bb0 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.33.bb @@ -12,6 +12,7 @@ SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ file://0001-Fix-security-framework-bypass.patch \ file://CVE-2019-13117.patch \ file://CVE-2019-13118.patch \ + file://CVE-2019-18197.patch \ " SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" |