[dunfell,07/10] libxml2: fix CVE-2022-23308 regression

Message ID	906ffe5bf83c0e587299aaedb9382ce04c3c7acf.1648399113.git.steve@sakoman.com
State	Accepted, archived
Commit	906ffe5bf83c0e587299aaedb9382ce04c3c7acf
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.169, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/10] libxml2: fix CVE-2022-23308 regression Date: Sun, 27 Mar 2022 06:40:57 -1000 Message-Id: <906ffe5bf83c0e587299aaedb9382ce04c3c7acf.1648399113.git.steve@sakoman.com> In-Reply-To: <cover.1648399113.git.steve@sakoman.com> References: <cover.1648399113.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/10] libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77 \| expand [dunfell,01/10] libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77 [dunfell,02/10] python3: ignore CVE-2022-26488 [dunfell,03/10] qemu: backport patch fix for CVE-2020-13791 [dunfell,04/10] apt: backport patch fix for CVE-2020-3810 [dunfell,05/10] ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native [dunfell,06/10] ghostscript: backport patch fix for CVE-2021-3781 [dunfell,07/10] libxml2: fix CVE-2022-23308 regression [dunfell,08/10] gnu-config: update SRC_URI [dunfell,09/10] virglrenderer: update SRC_URI [dunfell,10/10] oeqa/selftest/tinfoil: Fix intermittent event loss issue in test

Message ID

906ffe5bf83c0e587299aaedb9382ce04c3c7acf.1648399113.git.steve@sakoman.com

State

Accepted, archived

Commit

906ffe5bf83c0e587299aaedb9382ce04c3c7acf

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 07/10] libxml2: fix CVE-2022-23308 regression
Date: Sun, 27 Mar 2022 06:40:57 -1000
Message-Id: 
 <906ffe5bf83c0e587299aaedb9382ce04c3c7acf.1648399113.git.steve@sakoman.com>
In-Reply-To: <cover.1648399113.git.steve@sakoman.com>
References: <cover.1648399113.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/10] libsolv: fix CVE: CVE-2021-44568-71 and CVE-2021-44573-77 | expand

Commit Message

Steve Sakoman March 27, 2022, 4:40 p.m. UTC

From: Ralph Siemsen <ralph.siemsen@linaro.org>

The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13.  We import that patch here.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2022-23308-fix-regression.patch       | 98 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |  1 +
 2 files changed, 99 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
new file mode 100644
index 0000000000..7fc243eec1
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
@@ -0,0 +1,98 @@ 
+From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+---
+
+From https://github.com/GNOME/libxml2.git
+ commit 646fe48d1c8a74310c409ddf81fe7df6700052af
+
+CVE: CVE-2022-23308
+Upstream-Status: Backport
+
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+
+diff --git a/valid.c b/valid.c
+index 8e596f1d..9684683a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+     return (ret);
+ }
+ 
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+-    xmlChar *dst;
+-    const xmlChar *src;
+-
+-    if (str == NULL)
+-        return;
+-    src = str;
+-    dst = str;
+-
+-    while (*src == 0x20) src++;
+-    while (*src != 0) {
+-	if (*src == 0x20) {
+-	    while (*src == 0x20) src++;
+-	    if (*src != 0)
+-		*dst++ = 0x20;
+-	} else {
+-	    *dst++ = *src++;
+-	}
+-    }
+-    *dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
+ 	    (xmlDictOwns(dict, (const xmlChar *)(str)) == 0)))	\
+ 	    xmlFree((char *)(str));
+ 
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++    xmlChar *dst;
++    const xmlChar *src;
++
++    if (str == NULL)
++        return;
++    src = str;
++    dst = str;
++
++    while (*src == 0x20) src++;
++    while (*src != 0) {
++	if (*src == 0x20) {
++	    while (*src == 0x20) src++;
++	    if (*src != 0)
++		*dst++ = 0x20;
++	} else {
++	    *dst++ = *src++;
++	}
++    }
++    *dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+     xmlParserCtxtPtr pctxt;
+-- 
+2.35.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index c45cf4423e..c4bb8f29e0 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -29,6 +29,7 @@  SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
            file://CVE-2021-3518.patch \
            file://CVE-2021-3541.patch \
            file://CVE-2022-23308.patch \
+           file://CVE-2022-23308-fix-regression.patch \
            "
 
 SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813"

[dunfell,07/10] libxml2: fix CVE-2022-23308 regression

Commit Message

Patch