diff options
Diffstat (limited to 'meta/recipes-core/expat/expat/CVE-2023-52426-002.patch')
-rw-r--r-- | meta/recipes-core/expat/expat/CVE-2023-52426-002.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch new file mode 100644 index 0000000000..9aedc3010a --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-002.patch @@ -0,0 +1,72 @@ +From daa89e42c005cc7f4f7af9eee271ae0723d30300 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Thu, 26 Oct 2023 00:59:52 +0200 + +Subject: [PATCH] cmake: Introduce option EXPAT_GE to control macro XML_GE + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/daa89e42c005cc7f4f7af9eee271ae0723d30300] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + CMakeLists.txt | 9 +++++++++ + expat_config.h.cmake | 3 +++ + 2 files changed, 12 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 2b4c13c..416fe96 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -140,6 +140,8 @@ expat_shy_set(EXPAT_CONTEXT_BYTES 1024 CACHE STRING "Define to specify how much + mark_as_advanced(EXPAT_CONTEXT_BYTES) + expat_shy_set(EXPAT_DTD ON CACHE BOOL "Define to make parameter entity parsing functionality available") + mark_as_advanced(EXPAT_DTD) ++expat_shy_set(EXPAT_GE ON CACHE BOOL "Define to make general entity parsing functionality available") ++mark_as_advanced(EXPAT_GE) + expat_shy_set(EXPAT_NS ON CACHE BOOL "Define to make XML Namespaces functionality available") + mark_as_advanced(EXPAT_NS) + expat_shy_set(EXPAT_WARNINGS_AS_ERRORS OFF CACHE BOOL "Treat all compiler warnings as errors") +@@ -172,6 +174,11 @@ endif() + # + # Environment checks + # ++if(EXPAT_DTD AND NOT EXPAT_GE) ++ message(SEND_ERROR "Option EXPAT_DTD requires that EXPAT_GE is also enabled.") ++ message(SEND_ERROR "Please either enable option EXPAT_GE (recommended) or disable EXPAT_DTD also.") ++endif() ++ + if(EXPAT_WITH_LIBBSD) + find_library(LIB_BSD NAMES bsd) + if(NOT LIB_BSD) +@@ -274,6 +281,7 @@ endif() + + _expat_copy_bool_int(EXPAT_ATTR_INFO XML_ATTR_INFO) + _expat_copy_bool_int(EXPAT_DTD XML_DTD) ++_expat_copy_bool_int(EXPAT_GE XML_GE) + _expat_copy_bool_int(EXPAT_LARGE_SIZE XML_LARGE_SIZE) + _expat_copy_bool_int(EXPAT_MIN_SIZE XML_MIN_SIZE) + _expat_copy_bool_int(EXPAT_NS XML_NS) +@@ -893,6 +901,7 @@ message(STATUS " // Advanced options, changes not advised") + message(STATUS " Attributes info .......... ${EXPAT_ATTR_INFO}") + message(STATUS " Context bytes ............ ${EXPAT_CONTEXT_BYTES}") + message(STATUS " DTD support .............. ${EXPAT_DTD}") ++message(STATUS " General entities ......... ${EXPAT_GE}") + message(STATUS " Large size ............... ${EXPAT_LARGE_SIZE}") + message(STATUS " Minimum size ............. ${EXPAT_MIN_SIZE}") + message(STATUS " Namespace support ........ ${EXPAT_NS}") +diff --git a/expat_config.h.cmake b/expat_config.h.cmake +index 78fcb4c..330945e 100644 +--- a/expat_config.h.cmake ++++ b/expat_config.h.cmake +@@ -103,6 +103,9 @@ + /* Define to make parameter entity parsing functionality available. */ + #cmakedefine XML_DTD + ++/* Define as 1/0 to enable/disable support for general entities. */ ++#define XML_GE @XML_GE@ ++ + /* Define to make XML Namespaces functionality available. */ + #cmakedefine XML_NS + +-- +2.40.0 |