From: Robert Yang <liezhi.yang@windriver.com>
To: Armin Kuster <akuster808@gmail.com>,
<openembedded-core@lists.openembedded.org>
Cc: Armin Kuster <akuster@mvista.com>
Subject: Re: [PATCH][V2][Jethro, fido 01/10] libxml2: security fix CVE-2015-7941
Date: Tue, 12 Jan 2016 11:38:00 +0800 [thread overview]
Message-ID: <56947518.6090207@windriver.com> (raw)
In-Reply-To: <1452214113-11697-1-git-send-email-akuster808@gmail.com>
Hi Armin,
I got strange errors when apply the patches:
$ git am /tmp/jethro/*libxml2*
[snip]
Applying: libxml2: security fix CVE-2015-7500
/buildarea/lyang1/poky/.git/rebase-apply/patch:80: trailing whitespace.
/buildarea/lyang1/poky/.git/rebase-apply/patch:82: space before tab in indent.
((RAW != '/') || (NXT(1) != '>')) &&
/buildarea/lyang1/poky/.git/rebase-apply/patch:84: trailing whitespace.
/buildarea/lyang1/poky/.git/rebase-apply/patch:85: space before tab in indent.
attname = xmlParseAttribute2(ctxt, prefix, localname,
/buildarea/lyang1/poky/.git/rebase-apply/patch:86: space before tab in indent.
&aprefix, &attvalue, &len, &alloc);
fatal: corrupt patch at line 300
Patch failed at 0008 libxml2: security fix CVE-2015-7500
Would you please put the patches to a repo ? so that I can fetch them ?
// Robert
On 01/08/2016 08:48 AM, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> includes:
> CVE-2015-7941-1
> CVE-2015-7941-2
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
> meta/recipes-core/libxml/libxml2.inc | 2 +
> ...top-parsing-on-entities-boundaries-errors.patch | 39 +++++++++++++++
> ...leanup-conditional-section-error-handling.patch | 56 ++++++++++++++++++++++
> 3 files changed, 97 insertions(+)
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
>
> diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
> index 1c3c37d..24b98a6 100644
> --- a/meta/recipes-core/libxml/libxml2.inc
> +++ b/meta/recipes-core/libxml/libxml2.inc
> @@ -21,6 +21,8 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
> file://libxml-m4-use-pkgconfig.patch \
> file://configure.ac-fix-cross-compiling-warning.patch \
> file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
> + file://CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch \
> + file://CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch \
> "
>
> BINCONFIG = "${bindir}/xml2-config"
> diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
> new file mode 100644
> index 0000000..11da9f9
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-1-Stop-parsing-on-entities-boundaries-errors.patch
> @@ -0,0 +1,39 @@
> +From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001
> +From: Daniel Veillard <veillard@redhat.com>
> +Date: Mon, 23 Feb 2015 11:17:35 +0800
> +Subject: [PATCH] Stop parsing on entities boundaries errors
> +
> +For https://bugzilla.gnome.org/show_bug.cgi?id=744980
> +
> +There are times, like on unterminated entities that it's preferable to
> +stop parsing, even if that means less error reporting. Entities are
> +feeding the parser on further processing, and if they are ill defined
> +then it's possible to get the parser to bug. Also do the same on
> +Conditional Sections if the input is broken, as the structure of
> +the document can't be guessed.
> +
> +Upstream-Status: Backport
> +
> +CVE-2015-7941-1
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + parser.c | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/parser.c b/parser.c
> +index a8d1b67..bbe97eb 100644
> +--- a/parser.c
> ++++ b/parser.c
> +@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
> + if (RAW != '>') {
> + xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
> + "xmlParseEntityDecl: entity %s not terminated\n", name);
> ++ xmlStopParser(ctxt);
> + } else {
> + if (input != ctxt->input) {
> + xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
> +--
> +2.3.5
> +
> diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
> new file mode 100644
> index 0000000..b7bd960
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7941-2-Cleanup-conditional-section-error-handling.patch
> @@ -0,0 +1,56 @@
> +From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
> +From: Daniel Veillard <veillard@redhat.com>
> +Date: Mon, 23 Feb 2015 11:29:20 +0800
> +Subject: [PATCH] Cleanup conditional section error handling
> +
> +For https://bugzilla.gnome.org/show_bug.cgi?id=744980
> +
> +The error handling of Conditional Section also need to be
> +straightened as the structure of the document can't be
> +guessed on a failure there and it's better to stop parsing
> +as further errors are likely to be irrelevant.
> +
> +Upstream-Status: Backport
> +
> +CVE-2015-7941-2
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + parser.c | 6 ++++++
> + 1 file changed, 6 insertions(+)
> +
> +diff --git a/parser.c b/parser.c
> +index bbe97eb..fe603ac 100644
> +--- a/parser.c
> ++++ b/parser.c
> +@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
> + SKIP_BLANKS;
> + if (RAW != '[') {
> + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
> ++ xmlStopParser(ctxt);
> ++ return;
> + } else {
> + if (ctxt->input->id != id) {
> + xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
> +@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
> + SKIP_BLANKS;
> + if (RAW != '[') {
> + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
> ++ xmlStopParser(ctxt);
> ++ return;
> + } else {
> + if (ctxt->input->id != id) {
> + xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
> +@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
> +
> + } else {
> + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
> ++ xmlStopParser(ctxt);
> ++ return;
> + }
> +
> + if (RAW == 0)
> +--
> +2.3.5
> +
>
next prev parent reply other threads:[~2016-01-12 3:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-08 0:48 [PATCH][V2][Jethro, fido 01/10] libxml2: security fix CVE-2015-7941 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 02/10] libxml2: security fix CVE-2015-8317 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 03/10] libxml2: security fix CVE-2015-7942 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 04/10] libxml2: security fix CVE-2015-8035 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 05/10] libxml2: security fix CVE-2015-7498 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 06/10] libxml2: security fix CVE-2015-7497 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 07/10] libxml2: security fix CVE-2015-7499 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 08/10] libxml2: security fix CVE-2015-7500 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 09/10] libxml2: security fix CVE-2015-8242 Armin Kuster
2016-01-08 0:48 ` [PATCH][V2][Jethro, fido 10/10] libxml2: security fix CVE-2015-5312 Armin Kuster
2016-01-12 3:38 ` Robert Yang [this message]
2016-01-12 17:41 ` [PATCH][V2][Jethro, fido 01/10] libxml2: security fix CVE-2015-7941 akuster808
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56947518.6090207@windriver.com \
--to=liezhi.yang@windriver.com \
--cc=akuster808@gmail.com \
--cc=akuster@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.