summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2019-07-29 07:21:00 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-29 10:25:36 +0100
commit21a4ec3353489f11b1ce7a7919cff38595e5f774 (patch)
treef7ef6ece197b8496ae01f07190b686528b7f6e4d
parentdfc04264c91277729b23b0fce78b8e7717f79f69 (diff)
downloadpoky-thud-next.tar.gz
poky-thud-next.tar.bz2
poky-thud-next.zip
expat: fix CVE-2018-20843thud-next
(From OE-Core rev: aad245ea1c55f8e778ae3420c5c31e94301e7cba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/expat/expat/CVE-2018-20843.patch26
-rw-r--r--meta/recipes-core/expat/expat_2.2.6.bb1
2 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2018-20843.patch b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
new file mode 100644
index 0000000000..af6641eff1
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
@@ -0,0 +1,26 @@
+From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 12 Jun 2019 15:42:22 +0200
+Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
+ (#186)
+
+Upstream-Status: Backport
+CVE: CVE-2018-20843
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5c..737d7cd2 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+ else
+ poolDiscard(&dtd->pool);
+ elementType->prefix = prefix;
+-
++ break;
+ }
+ }
+ return 1;
diff --git a/meta/recipes-core/expat/expat_2.2.6.bb b/meta/recipes-core/expat/expat_2.2.6.bb
index c9e6081a35..0cef70555a 100644
--- a/meta/recipes-core/expat/expat_2.2.6.bb
+++ b/meta/recipes-core/expat/expat_2.2.6.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b8620d98e49772d95fc1d291c26aa79"
SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
file://autotools.patch \
file://libtool-tag.patch \
+ file://CVE-2018-20843.patch;striplevel=2 \
"
SRC_URI[md5sum] = "ca047ae951b40020ac831c28859161b2"