* [ptxdist] [PATCH 1/4] libxml2: Fix license and add license file hashes
2020-03-18 13:27 [ptxdist] [PATCH 0/4] libxml2: Upgrade and add some fixes Alexander Dahl
@ 2020-03-18 13:27 ` Alexander Dahl
2020-03-27 9:52 ` [ptxdist] [1/4] " Michael Olbrich
2020-03-18 13:27 ` [ptxdist] [PATCH 2/4] libxml2: version bump 2.9.9 -> 2.9.10 Alexander Dahl
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Alexander Dahl @ 2020-03-18 13:27 UTC (permalink / raw)
To: ptxdist
The 'Copyright' file says:
> Except where otherwise noted in the source code (e.g. the files hash.c,
> list.c and the trio files, which are covered by a similar licence but
> with different Copyright notices) all the files are:
According to comparison with the license text at SPDX and what Debian
found out, those files are put under ISC license.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
Notes:
+ Changes since 2019-05-29 (Message-Id <20190510092434.15019-22-ada@thorsis.com>):
- Added hash.c to license files to get the ISC license text (Michael Olbrich)
rules/libxml2.make | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rules/libxml2.make b/rules/libxml2.make
index 85089547c..dea3616f5 100644
--- a/rules/libxml2.make
+++ b/rules/libxml2.make
@@ -22,7 +22,11 @@ LIBXML2 := libxml2-$(LIBXML2_VERSION)
LIBXML2_SUFFIX := tar.gz
LIBXML2_SOURCE := $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
LIBXML2_DIR := $(BUILDDIR)/$(LIBXML2)
-LIBXML2_LICENSE := MIT
+LIBXML2_LICENSE := MIT AND ISC
+# The file 'COPYING' is just a symlink on the file 'Copyright'
+LIBXML2_LICENSE_FILES := \
+ file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
+ file://hash.c;startline=6;endline=15;md5=96f7296605eae807670fb08947829969
LIBXML2_URL := \
ftp://xmlsoft.org/libxml2/$(LIBXML2).$(LIBXML2_SUFFIX) \
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [ptxdist] [1/4] libxml2: Fix license and add license file hashes
2020-03-18 13:27 ` [ptxdist] [PATCH 1/4] libxml2: Fix license and add license file hashes Alexander Dahl
@ 2020-03-27 9:52 ` Michael Olbrich
0 siblings, 0 replies; 9+ messages in thread
From: Michael Olbrich @ 2020-03-27 9:52 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied.
Michael
[sent from post-receive hook]
On Fri, 27 Mar 2020 10:52:23 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> The 'Copyright' file says:
>
> > Except where otherwise noted in the source code (e.g. the files hash.c,
> > list.c and the trio files, which are covered by a similar licence but
> > with different Copyright notices) all the files are:
>
> According to comparison with the license text at SPDX and what Debian
> found out, those files are put under ISC license.
>
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
>
> Notes:
> + Changes since 2019-05-29 (Message-Id <20190510092434.15019-22-ada@thorsis.com>):
> - Added hash.c to license files to get the ISC license text (Michael Olbrich)
>
> rules/libxml2.make | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/rules/libxml2.make b/rules/libxml2.make
> index 85089547c..dea3616f5 100644
> --- a/rules/libxml2.make
> +++ b/rules/libxml2.make
> @@ -22,7 +22,11 @@ LIBXML2 := libxml2-$(LIBXML2_VERSION)
> LIBXML2_SUFFIX := tar.gz
> LIBXML2_SOURCE := $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
> LIBXML2_DIR := $(BUILDDIR)/$(LIBXML2)
> -LIBXML2_LICENSE := MIT
> +LIBXML2_LICENSE := MIT AND ISC
> +# The file 'COPYING' is just a symlink on the file 'Copyright'
> +LIBXML2_LICENSE_FILES := \
> + file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
> + file://hash.c;startline=6;endline=15;md5=96f7296605eae807670fb08947829969
>
> LIBXML2_URL := \
> ftp://xmlsoft.org/libxml2/$(LIBXML2).$(LIBXML2_SUFFIX) \
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [ptxdist] [PATCH 2/4] libxml2: version bump 2.9.9 -> 2.9.10
2020-03-18 13:27 [ptxdist] [PATCH 0/4] libxml2: Upgrade and add some fixes Alexander Dahl
2020-03-18 13:27 ` [ptxdist] [PATCH 1/4] libxml2: Fix license and add license file hashes Alexander Dahl
@ 2020-03-18 13:27 ` Alexander Dahl
2020-03-27 9:52 ` [ptxdist] [2/4] " Michael Olbrich
2020-03-18 13:27 ` [ptxdist] [PATCH 3/4] libxml2: Add upstream patch fixing CVE-2020-7595 Alexander Dahl
2020-03-18 13:27 ` [ptxdist] [PATCH 4/4] libxml2: Add upstream patch fixing CVE-2019-20388 Alexander Dahl
3 siblings, 1 reply; 9+ messages in thread
From: Alexander Dahl @ 2020-03-18 13:27 UTC (permalink / raw)
To: ptxdist
This fixes quite a few possible memory leaks, overflows, use-after-free,
null-pointer-dereferences, and other flaws. See announcement for
details: https://mail.gnome.org/archives/xml/2019-October/msg00014.html
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
.../0200-xml2-config-is-not-SYSROOT-aware.patch | 2 +-
patches/{libxml2-2.9.9 => libxml2-2.9.10}/series | 0
rules/libxml2.make | 4 ++--
3 files changed, 3 insertions(+), 3 deletions(-)
rename patches/{libxml2-2.9.9 => libxml2-2.9.10}/0200-xml2-config-is-not-SYSROOT-aware.patch (93%)
rename patches/{libxml2-2.9.9 => libxml2-2.9.10}/series (100%)
diff --git a/patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch b/patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
similarity index 93%
rename from patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch
rename to patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
index 81a76383b..7204497b3 100644
--- a/patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch
+++ b/patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xml2-config.in b/xml2-config.in
-index 19574864cb6a..ee1949ce9542 100644
+index cb4aa613a68c..31f9e67a999b 100644
--- a/xml2-config.in
+++ b/xml2-config.in
@@ -1,6 +1,6 @@
diff --git a/patches/libxml2-2.9.9/series b/patches/libxml2-2.9.10/series
similarity index 100%
rename from patches/libxml2-2.9.9/series
rename to patches/libxml2-2.9.10/series
diff --git a/rules/libxml2.make b/rules/libxml2.make
index dea3616f5..ed8112f30 100644
--- a/rules/libxml2.make
+++ b/rules/libxml2.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBXML2) += libxml2
#
# Paths and names
#
-LIBXML2_VERSION := 2.9.9
-LIBXML2_MD5 := c04a5a0a042eaa157e8e8c9eabe76bd6
+LIBXML2_VERSION := 2.9.10
+LIBXML2_MD5 := 10942a1dc23137a8aa07f0639cbfece5
LIBXML2 := libxml2-$(LIBXML2_VERSION)
LIBXML2_SUFFIX := tar.gz
LIBXML2_SOURCE := $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [ptxdist] [2/4] libxml2: version bump 2.9.9 -> 2.9.10
2020-03-18 13:27 ` [ptxdist] [PATCH 2/4] libxml2: version bump 2.9.9 -> 2.9.10 Alexander Dahl
@ 2020-03-27 9:52 ` Michael Olbrich
0 siblings, 0 replies; 9+ messages in thread
From: Michael Olbrich @ 2020-03-27 9:52 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied.
Michael
[sent from post-receive hook]
On Fri, 27 Mar 2020 10:52:24 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> This fixes quite a few possible memory leaks, overflows, use-after-free,
> null-pointer-dereferences, and other flaws. See announcement for
> details: https://mail.gnome.org/archives/xml/2019-October/msg00014.html
>
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
> .../0200-xml2-config-is-not-SYSROOT-aware.patch | 2 +-
> patches/{libxml2-2.9.9 => libxml2-2.9.10}/series | 0
> rules/libxml2.make | 4 ++--
> 3 files changed, 3 insertions(+), 3 deletions(-)
> rename patches/{libxml2-2.9.9 => libxml2-2.9.10}/0200-xml2-config-is-not-SYSROOT-aware.patch (93%)
> rename patches/{libxml2-2.9.9 => libxml2-2.9.10}/series (100%)
>
> diff --git a/patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch b/patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
> similarity index 93%
> rename from patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch
> rename to patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
> index 81a76383b..7204497b3 100644
> --- a/patches/libxml2-2.9.9/0200-xml2-config-is-not-SYSROOT-aware.patch
> +++ b/patches/libxml2-2.9.10/0200-xml2-config-is-not-SYSROOT-aware.patch
> @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xml2-config.in b/xml2-config.in
> -index 19574864cb6a..ee1949ce9542 100644
> +index cb4aa613a68c..31f9e67a999b 100644
> --- a/xml2-config.in
> +++ b/xml2-config.in
> @@ -1,6 +1,6 @@
> diff --git a/patches/libxml2-2.9.9/series b/patches/libxml2-2.9.10/series
> similarity index 100%
> rename from patches/libxml2-2.9.9/series
> rename to patches/libxml2-2.9.10/series
> diff --git a/rules/libxml2.make b/rules/libxml2.make
> index dea3616f5..ed8112f30 100644
> --- a/rules/libxml2.make
> +++ b/rules/libxml2.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBXML2) += libxml2
> #
> # Paths and names
> #
> -LIBXML2_VERSION := 2.9.9
> -LIBXML2_MD5 := c04a5a0a042eaa157e8e8c9eabe76bd6
> +LIBXML2_VERSION := 2.9.10
> +LIBXML2_MD5 := 10942a1dc23137a8aa07f0639cbfece5
> LIBXML2 := libxml2-$(LIBXML2_VERSION)
> LIBXML2_SUFFIX := tar.gz
> LIBXML2_SOURCE := $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX)
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [ptxdist] [PATCH 3/4] libxml2: Add upstream patch fixing CVE-2020-7595
2020-03-18 13:27 [ptxdist] [PATCH 0/4] libxml2: Upgrade and add some fixes Alexander Dahl
2020-03-18 13:27 ` [ptxdist] [PATCH 1/4] libxml2: Fix license and add license file hashes Alexander Dahl
2020-03-18 13:27 ` [ptxdist] [PATCH 2/4] libxml2: version bump 2.9.9 -> 2.9.10 Alexander Dahl
@ 2020-03-18 13:27 ` Alexander Dahl
2020-03-27 9:52 ` [ptxdist] [3/4] " Michael Olbrich
2020-03-18 13:27 ` [ptxdist] [PATCH 4/4] libxml2: Add upstream patch fixing CVE-2019-20388 Alexander Dahl
3 siblings, 1 reply; 9+ messages in thread
From: Alexander Dahl @ 2020-03-18 13:27 UTC (permalink / raw)
To: ptxdist
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
...e-loop-in-xmlStringLenDecodeEntities.patch | 28 +++++++++++++++++++
patches/libxml2-2.9.10/series | 4 ++-
2 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
diff --git a/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
new file mode 100644
index 000000000..59c864731
--- /dev/null
+++ b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
@@ -0,0 +1,28 @@
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c319631fc9..a34bb6cdd81b 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ else
+ c = 0;
+ while ((c != 0) && (c != end) && /* non input consuming loop */
+- (c != end2) && (c != end3)) {
++ (c != end2) && (c != end3) &&
++ (ctxt->instate != XML_PARSER_EOF)) {
+
+ if (c == 0) break;
+ if ((c == '&') && (str[1] == '#')) {
diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series
index 198075fbf..b8e92fb7a 100644
--- a/patches/libxml2-2.9.10/series
+++ b/patches/libxml2-2.9.10/series
@@ -1,5 +1,7 @@
# generated by git-ptx-patches
#tag:base --start-number 1
+#tag:upstream --start-number 1
+0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
#tag:ptx --start-number 200
0200-xml2-config-is-not-SYSROOT-aware.patch
-# 9a7de85eef8cb30919e83bc9b2e42cd9 - git-ptx-patches magic
+# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [ptxdist] [3/4] libxml2: Add upstream patch fixing CVE-2020-7595
2020-03-18 13:27 ` [ptxdist] [PATCH 3/4] libxml2: Add upstream patch fixing CVE-2020-7595 Alexander Dahl
@ 2020-03-27 9:52 ` Michael Olbrich
0 siblings, 0 replies; 9+ messages in thread
From: Michael Olbrich @ 2020-03-27 9:52 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied.
Michael
[sent from post-receive hook]
On Fri, 27 Mar 2020 10:52:25 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
> ...e-loop-in-xmlStringLenDecodeEntities.patch | 28 +++++++++++++++++++
> patches/libxml2-2.9.10/series | 4 ++-
> 2 files changed, 31 insertions(+), 1 deletion(-)
> create mode 100644 patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
>
> diff --git a/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> new file mode 100644
> index 000000000..59c864731
> --- /dev/null
> +++ b/patches/libxml2-2.9.10/0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> @@ -0,0 +1,28 @@
> +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> +Date: Thu, 12 Dec 2019 17:30:55 +0800
> +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
> +
> +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
> +return NULL which cause a infinite loop in xmlStringLenDecodeEntities
> +
> +Found with libFuzzer.
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
> +---
> + parser.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/parser.c b/parser.c
> +index d1c319631fc9..a34bb6cdd81b 100644
> +--- a/parser.c
> ++++ b/parser.c
> +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
> + else
> + c = 0;
> + while ((c != 0) && (c != end) && /* non input consuming loop */
> +- (c != end2) && (c != end3)) {
> ++ (c != end2) && (c != end3) &&
> ++ (ctxt->instate != XML_PARSER_EOF)) {
> +
> + if (c == 0) break;
> + if ((c == '&') && (str[1] == '#')) {
> diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series
> index 198075fbf..b8e92fb7a 100644
> --- a/patches/libxml2-2.9.10/series
> +++ b/patches/libxml2-2.9.10/series
> @@ -1,5 +1,7 @@
> # generated by git-ptx-patches
> #tag:base --start-number 1
> +#tag:upstream --start-number 1
> +0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> #tag:ptx --start-number 200
> 0200-xml2-config-is-not-SYSROOT-aware.patch
> -# 9a7de85eef8cb30919e83bc9b2e42cd9 - git-ptx-patches magic
> +# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [ptxdist] [PATCH 4/4] libxml2: Add upstream patch fixing CVE-2019-20388
2020-03-18 13:27 [ptxdist] [PATCH 0/4] libxml2: Upgrade and add some fixes Alexander Dahl
` (2 preceding siblings ...)
2020-03-18 13:27 ` [ptxdist] [PATCH 3/4] libxml2: Add upstream patch fixing CVE-2020-7595 Alexander Dahl
@ 2020-03-18 13:27 ` Alexander Dahl
2020-03-27 9:52 ` [ptxdist] [4/4] " Michael Olbrich
3 siblings, 1 reply; 9+ messages in thread
From: Alexander Dahl @ 2020-03-18 13:27 UTC (permalink / raw)
To: ptxdist
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
...mory-leak-in-xmlSchemaValidateStream.patch | 29 +++++++++++++++++++
patches/libxml2-2.9.10/series | 3 +-
2 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
diff --git a/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
new file mode 100644
index 000000000..1ca086217
--- /dev/null
+++ b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
@@ -0,0 +1,29 @@
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index d19de6df5f50..59495c2738ab 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28095,7 +28095,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+ vctxt->nberrors = 0;
+ vctxt->depth = -1;
+ vctxt->skipDepth = -1;
+- vctxt->xsiAssemble = 0;
+ vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+ vctxt->createIDCNodeTables = 1;
diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series
index b8e92fb7a..fed72960d 100644
--- a/patches/libxml2-2.9.10/series
+++ b/patches/libxml2-2.9.10/series
@@ -2,6 +2,7 @@
#tag:base --start-number 1
#tag:upstream --start-number 1
0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
+0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
#tag:ptx --start-number 200
0200-xml2-config-is-not-SYSROOT-aware.patch
-# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic
+# d6f49636e8813a3a9e46758f352fc667 - git-ptx-patches magic
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [ptxdist] [4/4] libxml2: Add upstream patch fixing CVE-2019-20388
2020-03-18 13:27 ` [ptxdist] [PATCH 4/4] libxml2: Add upstream patch fixing CVE-2019-20388 Alexander Dahl
@ 2020-03-27 9:52 ` Michael Olbrich
0 siblings, 0 replies; 9+ messages in thread
From: Michael Olbrich @ 2020-03-27 9:52 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied.
Michael
[sent from post-receive hook]
On Fri, 27 Mar 2020 10:52:26 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
> ...mory-leak-in-xmlSchemaValidateStream.patch | 29 +++++++++++++++++++
> patches/libxml2-2.9.10/series | 3 +-
> 2 files changed, 31 insertions(+), 1 deletion(-)
> create mode 100644 patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
>
> diff --git a/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> new file mode 100644
> index 000000000..1ca086217
> --- /dev/null
> +++ b/patches/libxml2-2.9.10/0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> @@ -0,0 +1,29 @@
> +From: Zhipeng Xie <xiezhipeng1@huawei.com>
> +Date: Tue, 20 Aug 2019 16:33:06 +0800
> +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
> +
> +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
> +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
> +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
> +vctxt->xsiAssemble to 0 again which cause the alloced schema
> +can not be freed anymore.
> +
> +Found with libFuzzer.
> +
> +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
> +---
> + xmlschemas.c | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/xmlschemas.c b/xmlschemas.c
> +index d19de6df5f50..59495c2738ab 100644
> +--- a/xmlschemas.c
> ++++ b/xmlschemas.c
> +@@ -28095,7 +28095,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
> + vctxt->nberrors = 0;
> + vctxt->depth = -1;
> + vctxt->skipDepth = -1;
> +- vctxt->xsiAssemble = 0;
> + vctxt->hasKeyrefs = 0;
> + #ifdef ENABLE_IDC_NODE_TABLES_TEST
> + vctxt->createIDCNodeTables = 1;
> diff --git a/patches/libxml2-2.9.10/series b/patches/libxml2-2.9.10/series
> index b8e92fb7a..fed72960d 100644
> --- a/patches/libxml2-2.9.10/series
> +++ b/patches/libxml2-2.9.10/series
> @@ -2,6 +2,7 @@
> #tag:base --start-number 1
> #tag:upstream --start-number 1
> 0001-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
> +0002-Fix-memory-leak-in-xmlSchemaValidateStream.patch
> #tag:ptx --start-number 200
> 0200-xml2-config-is-not-SYSROOT-aware.patch
> -# 0a9081f5db07b8cbb593bc669a7603c7 - git-ptx-patches magic
> +# d6f49636e8813a3a9e46758f352fc667 - git-ptx-patches magic
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 9+ messages in thread