| Submitter | Li Wang |
|---|---|
| Date | Dec. 13, 2012, 5:54 a.m. |
| Message ID | <1355378061-7514-1-git-send-email-li.wang@windriver.com> |
| Download | mbox | patch |
| Permalink | /patch/40877/ |
| State | Accepted |
| Commit | bc601f96f34ad17a87f599b58e502ec1b2c13fa3 |
| Headers | show |
Comments
Li, All your recent CVE patches are missing Upsteam-Status: Backport in the patch header, please add that and send V2's! Thanks Sau! On 12/12/2012 09:54 PM, Li Wang wrote: > the patch come from: > http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ > /include/libxml/tree.h?r1=56276&r2=149930 > > libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, > does not properly support a cast of an unspecified variable during handling > of XSL transforms, which allows remote attackers to cause a denial of service > or possibly have unknown other impact via a crafted document, related to the > _xmlNs data structure in include/libxml/tree.h. > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 > > [YOCTO #3580] > [ CQID: WIND00376779 ] > Upstream-Status: Pending > > Signed-off-by: Li Wang <li.wang@windriver.com> > --- > .../libxml/libxml2/libxml2-CVE-2012-2871.patch | 34 ++++++++++++++++++++++ > meta/recipes-core/libxml/libxml2_2.9.0.bb | 5 +++- > 2 files changed, 38 insertions(+), 1 deletion(-) > create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch > > diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch > new file mode 100644 > index 0000000..3c66a9c > --- /dev/null > +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch > @@ -0,0 +1,34 @@ > +libxml2 CVE-2012-2871 > + > +the patch come from: > +http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ > +/include/libxml/tree.h?r1=56276&r2=149930 > + > +libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, > +does not properly support a cast of an unspecified variable during handling > +of XSL transforms, which allows remote attackers to cause a denial of service > +or possibly have unknown other impact via a crafted document, related to the > +_xmlNs data structure in include/libxml/tree.h. > + > +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 > + > +Signed-off-by: Li Wang <li.wang@windriver.com> > +--- > + include/libxml/tree.h | 1 + > + 1 files changed, 1 insertions(+), 0 deletions(-) > + > +diff --git a/include/libxml/tree.h b/include/libxml/tree.h > +index b733589..5422dda 100644 > +--- a/include/libxml/tree.h > ++++ b/include/libxml/tree.h > +@@ -351,6 +351,7 @@ struct _xmlNs { > + struct _xmlNs *next; /* next Ns link for this node */ > + xmlNsType type; /* global or local */ > + const xmlChar *href; /* URL for the namespace */ > ++ const char *dummy_children; /* lines up with node->children */ > + const xmlChar *prefix; /* prefix for the namespace */ > + void *_private; /* application data */ > + struct _xmlDoc *context; /* normally an xmlDoc */ > +-- > +1.7.0.5 > + > diff --git a/meta/recipes-core/libxml/libxml2_2.9.0.bb b/meta/recipes-core/libxml/libxml2_2.9.0.bb > index a022ae9..ecc19fb 100644 > --- a/meta/recipes-core/libxml/libxml2_2.9.0.bb > +++ b/meta/recipes-core/libxml/libxml2_2.9.0.bb > @@ -1,6 +1,9 @@ > require libxml2.inc > > -PR = "${INC_PR}.0" > +PR = "${INC_PR}.1" > > SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7" > SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82" > + > +SRC_URI += "file://libxml2-CVE-2012-2871.patch \ > + " >
On 12/17/2012 10:09 AM, Saul Wold wrote: > > Li, > > All your recent CVE patches are missing Upsteam-Status: Backport in the > patch header, please add that and send V2's! > You will need to just send patch header updates since these patches are pulled into Master already > Thanks > Sau! > > > On 12/12/2012 09:54 PM, Li Wang wrote: >> the patch come from: >> http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ >> /include/libxml/tree.h?r1=56276&r2=149930 >> >> libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before >> 21.0.1180.89, >> does not properly support a cast of an unspecified variable during >> handling >> of XSL transforms, which allows remote attackers to cause a denial of >> service >> or possibly have unknown other impact via a crafted document, related >> to the >> _xmlNs data structure in include/libxml/tree.h. >> >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 >> >> [YOCTO #3580] >> [ CQID: WIND00376779 ] >> Upstream-Status: Pending >> >> Signed-off-by: Li Wang <li.wang@windriver.com> >> --- >> .../libxml/libxml2/libxml2-CVE-2012-2871.patch | 34 >> ++++++++++++++++++++++ >> meta/recipes-core/libxml/libxml2_2.9.0.bb | 5 +++- >> 2 files changed, 38 insertions(+), 1 deletion(-) >> create mode 100644 >> meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch >> >> diff --git >> a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch >> b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch >> new file mode 100644 >> index 0000000..3c66a9c >> --- /dev/null >> +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch >> @@ -0,0 +1,34 @@ >> +libxml2 CVE-2012-2871 >> + >> +the patch come from: >> +http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ >> +/include/libxml/tree.h?r1=56276&r2=149930 >> + >> +libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before >> 21.0.1180.89, >> +does not properly support a cast of an unspecified variable during >> handling >> +of XSL transforms, which allows remote attackers to cause a denial of >> service >> +or possibly have unknown other impact via a crafted document, related >> to the >> +_xmlNs data structure in include/libxml/tree.h. >> + >> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 >> + >> +Signed-off-by: Li Wang <li.wang@windriver.com> >> +--- >> + include/libxml/tree.h | 1 + >> + 1 files changed, 1 insertions(+), 0 deletions(-) >> + >> +diff --git a/include/libxml/tree.h b/include/libxml/tree.h >> +index b733589..5422dda 100644 >> +--- a/include/libxml/tree.h >> ++++ b/include/libxml/tree.h >> +@@ -351,6 +351,7 @@ struct _xmlNs { >> + struct _xmlNs *next; /* next Ns link for this node */ >> + xmlNsType type; /* global or local */ >> + const xmlChar *href; /* URL for the namespace */ >> ++ const char *dummy_children; /* lines up with node->children */ >> + const xmlChar *prefix; /* prefix for the namespace */ >> + void *_private; /* application data */ >> + struct _xmlDoc *context; /* normally an xmlDoc */ >> +-- >> +1.7.0.5 >> + >> diff --git a/meta/recipes-core/libxml/libxml2_2.9.0.bb >> b/meta/recipes-core/libxml/libxml2_2.9.0.bb >> index a022ae9..ecc19fb 100644 >> --- a/meta/recipes-core/libxml/libxml2_2.9.0.bb >> +++ b/meta/recipes-core/libxml/libxml2_2.9.0.bb >> @@ -1,6 +1,9 @@ >> require libxml2.inc >> >> -PR = "${INC_PR}.0" >> +PR = "${INC_PR}.1" >> >> SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7" >> SRC_URI[sha256sum] = >> "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82" >> + >> +SRC_URI += "file://libxml2-CVE-2012-2871.patch \ >> + " >> > > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core > >
Patch
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch new file mode 100644 index 0000000..3c66a9c --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch @@ -0,0 +1,34 @@ +libxml2 CVE-2012-2871 + +the patch come from: +http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ +/include/libxml/tree.h?r1=56276&r2=149930 + +libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, +does not properly support a cast of an unspecified variable during handling +of XSL transforms, which allows remote attackers to cause a denial of service +or possibly have unknown other impact via a crafted document, related to the +_xmlNs data structure in include/libxml/tree.h. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + include/libxml/tree.h | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/include/libxml/tree.h b/include/libxml/tree.h +index b733589..5422dda 100644 +--- a/include/libxml/tree.h ++++ b/include/libxml/tree.h +@@ -351,6 +351,7 @@ struct _xmlNs { + struct _xmlNs *next; /* next Ns link for this node */ + xmlNsType type; /* global or local */ + const xmlChar *href; /* URL for the namespace */ ++ const char *dummy_children; /* lines up with node->children */ + const xmlChar *prefix; /* prefix for the namespace */ + void *_private; /* application data */ + struct _xmlDoc *context; /* normally an xmlDoc */ +-- +1.7.0.5 + diff --git a/meta/recipes-core/libxml/libxml2_2.9.0.bb b/meta/recipes-core/libxml/libxml2_2.9.0.bb index a022ae9..ecc19fb 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.0.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.0.bb @@ -1,6 +1,9 @@ require libxml2.inc -PR = "${INC_PR}.0" +PR = "${INC_PR}.1" SRC_URI[md5sum] = "5b9bebf4f5d2200ae2c4efe8fa6103f7" SRC_URI[sha256sum] = "ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82" + +SRC_URI += "file://libxml2-CVE-2012-2871.patch \ + "
the patch come from: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ /include/libxml/tree.h?r1=56276&r2=149930 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 [YOCTO #3580] [ CQID: WIND00376779 ] Upstream-Status: Pending Signed-off-by: Li Wang <li.wang@windriver.com> --- .../libxml/libxml2/libxml2-CVE-2012-2871.patch | 34 ++++++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.0.bb | 5 +++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2012-2871.patch