[kirkstone] libxml2: Security fix for CVE-2024-34459

Message ID	20240617153027.8822-1-sdoshi@mvista.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <sdoshi@mvista.com> ip: 209.85.214.170, mailfrom: sdoshi@mvista.com) From: Siddharth <sdoshi@mvista.com> To: openembedded-core@lists.openembedded.org Cc: Siddharth Doshi <sdoshi@mvista.com> Subject: [OE-core][kirkstone][PATCH] libxml2: Security fix for CVE-2024-34459 Date: Mon, 17 Jun 2024 21:00:27 +0530 Message-Id: <20240617153027.8822-1-sdoshi@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone] libxml2: Security fix for CVE-2024-34459 \| expand [kirkstone] libxml2: Security fix for CVE-2024-34459

Message ID

20240617153027.8822-1-sdoshi@mvista.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Siddharth <sdoshi@mvista.com>
To: openembedded-core@lists.openembedded.org
Cc: Siddharth Doshi <sdoshi@mvista.com>
Subject: [OE-core][kirkstone][PATCH] libxml2: Security fix for CVE-2024-34459
Date: Mon, 17 Jun 2024 21:00:27 +0530
Message-Id: <20240617153027.8822-1-sdoshi@mvista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone] libxml2: Security fix for CVE-2024-34459 | expand

Commit Message

Siddharth June 17, 2024, 3:30 p.m. UTC

From: Siddharth Doshi <sdoshi@mvista.com>

Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]

CVE's Fixed:
CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 .../libxml/libxml2/CVE-2024-34459.patch       | 30 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
new file mode 100644
index 0000000000..96e3d3cfaf
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
@@ -0,0 +1,30 @@ 
+From 78fce372041d53cfeaaf2c11c71d07eef55ecfd1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 8 May 2024 11:49:31 +0200
+Subject: [PATCH] Fix buffer overread with `xmllint --htmlout`
+
+Add a missing bounds check.
+
+Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]
+CVE: CVE-2024-34459
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmllint.c b/xmllint.c
+index ee6bfdc..2f792f1 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
+     len = strlen(buffer);
+     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
+     cur = input->cur;
+-    while ((*cur == '\n') || (*cur == '\r'))
++    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
+ 	cur--;
+     n = 0;
+     while ((cur != base) && (n++ < 80)) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index 2b7e9999d9..94b3b510ae 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -32,6 +32,7 @@  SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
            file://CVE-2023-45322-1.patch \
            file://CVE-2023-45322-2.patch \
            file://CVE-2024-25062.patch \
+           file://CVE-2024-34459.patch \
            "
 
 SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"

[kirkstone] libxml2: Security fix for CVE-2024-34459

Commit Message

Patch