From: Siddharth Doshi <sdo...@mvista.com> Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]
CVE's Fixed: CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c Signed-off-by: Siddharth Doshi <sdo...@mvista.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../libxml/libxml2/CVE-2024-34459.patch | 30 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch new file mode 100644 index 0000000000..96e3d3cfaf --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch @@ -0,0 +1,30 @@ +From 78fce372041d53cfeaaf2c11c71d07eef55ecfd1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnho...@aevum.de> +Date: Wed, 8 May 2024 11:49:31 +0200 +Subject: [PATCH] Fix buffer overread with `xmllint --htmlout` + +Add a missing bounds check. + +Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce] +CVE: CVE-2024-34459 +Signed-off-by: Siddharth Doshi <sdo...@mvista.com> +--- + xmllint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmllint.c b/xmllint.c +index ee6bfdc..2f792f1 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { + len = strlen(buffer); + snprintf(&buffer[len], sizeof(buffer) - len, "\n"); + cur = input->cur; +- while ((*cur == '\n') || (*cur == '\r')) ++ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) + cur--; + n = 0; + while ((cur != base) && (n++ < 80)) { +-- +2.25.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 2b7e9999d9..94b3b510ae 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -32,6 +32,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2023-45322-1.patch \ file://CVE-2023-45322-2.patch \ file://CVE-2024-25062.patch \ + file://CVE-2024-34459.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201039): https://lists.openembedded.org/g/openembedded-core/message/201039 Mute This Topic: https://lists.openembedded.org/mt/106814991/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
