diff mbox series

[langdale] expat cve

Message ID 20221031152024.156713-1-ross.burton@arm.com
State New
Headers show
Series [langdale] expat cve | expand

Commit Message

Ross Burton Oct. 31, 2022, 3:20 p.m. UTC 
---
 .../expat/expat/CVE-2022-43680.patch          | 33 +++++++++++++++++++
 meta/recipes-core/expat/expat_2.4.9.bb        |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch

Comments

Ross Burton Oct. 31, 2022, 3:21 p.m. UTC | #1 
Ignore this :)

> On 31 Oct 2022, at 15:20, Ross Burton via lists.openembedded.org <ross.burton=arm.com@lists.openembedded.org> wrote:
> 
> ---
> .../expat/expat/CVE-2022-43680.patch          | 33 +++++++++++++++++++
> meta/recipes-core/expat/expat_2.4.9.bb        |  1 +
> 2 files changed, 34 insertions(+)
> create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch
> 
> diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
> new file mode 100644
> index 00000000000..76c55edc768
> --- /dev/null
> +++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
> @@ -0,0 +1,33 @@
> +CVE: CVE-2022-43680
> +Upstream-Status: Backport [5290462a7ea1278a8d5c0d5b2860d4e244f997e4]
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +
> +From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
> +From: Sebastian Pipping <sebastian@pipping.org>
> +Date: Tue, 20 Sep 2022 02:44:34 +0200
> +Subject: [PATCH] lib: Fix overeager DTD destruction in
> + XML_ExternalEntityParserCreate
> +
> +---
> + expat/lib/xmlparse.c | 8 ++++++++
> + 1 file changed, 8 insertions(+)
> +
> +diff --git a/lib/xmlparse.c b/lib/xmlparse.c
> +index aacd6e7fc..57bf103cc 100644
> +--- a/lib/xmlparse.c
> ++++ b/lib/xmlparse.c
> +@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName,
> +   parserInit(parser, encodingName);
> + 
> +   if (encodingName && ! parser->m_protocolEncodingName) {
> ++    if (dtd) {
> ++      // We need to stop the upcoming call to XML_ParserFree from happily
> ++      // destroying parser->m_dtd because the DTD is shared with the parent
> ++      // parser and the only guard that keeps XML_ParserFree from destroying
> ++      // parser->m_dtd is parser->m_isParamEntity but it will be set to
> ++      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
> ++      parser->m_dtd = NULL;
> ++    }
> +     XML_ParserFree(parser);
> +     return NULL;
> +   }
> diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.4.9.bb
> index 9561edd84fc..bad1a96fdee 100644
> --- a/meta/recipes-core/expat/expat_2.4.9.bb
> +++ b/meta/recipes-core/expat/expat_2.4.9.bb
> @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb"
> VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
> 
> SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
> +           file://CVE-2022-43680.patch \
>            file://run-ptest \
>            "
> 
> -- 
> 2.34.1
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#172320): https://lists.openembedded.org/g/openembedded-core/message/172320
> Mute This Topic: https://lists.openembedded.org/mt/94687680/6875888
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
new file mode 100644
index 00000000000..76c55edc768
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
@@ -0,0 +1,33 @@ 
+CVE: CVE-2022-43680
+Upstream-Status: Backport [5290462a7ea1278a8d5c0d5b2860d4e244f997e4]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Tue, 20 Sep 2022 02:44:34 +0200
+Subject: [PATCH] lib: Fix overeager DTD destruction in
+ XML_ExternalEntityParserCreate
+
+---
+ expat/lib/xmlparse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index aacd6e7fc..57bf103cc 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName,
+   parserInit(parser, encodingName);
+ 
+   if (encodingName && ! parser->m_protocolEncodingName) {
++    if (dtd) {
++      // We need to stop the upcoming call to XML_ParserFree from happily
++      // destroying parser->m_dtd because the DTD is shared with the parent
++      // parser and the only guard that keeps XML_ParserFree from destroying
++      // parser->m_dtd is parser->m_isParamEntity but it will be set to
++      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
++      parser->m_dtd = NULL;
++    }
+     XML_ParserFree(parser);
+     return NULL;
+   }
diff --git a/meta/recipes-core/expat/expat_2.4.9.bb b/meta/recipes-core/expat/expat_2.4.9.bb
index 9561edd84fc..bad1a96fdee 100644
--- a/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/meta/recipes-core/expat/expat_2.4.9.bb
@@ -9,6 +9,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb"
 VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
+           file://CVE-2022-43680.patch \
            file://run-ptest \
            "