Hi Armin, Both patches are same. Since after submit the patch . I could not see my patch at https://patchwork.openembedded.org/project/oe-core/patches/ so I was suspect that my patch submitted properly or not.
so I submitted this patch again. I have one quick question. After patch submission If I am not able to see my patch at https://patchwork.openembedded.org/project/oe-core/patches/ , is there any other way to check the patch submission status. Thanks & Regards Rahul Chauhan On Tue, Feb 11, 2020 at 8:37 AM akuster808 <[email protected]> wrote: > > > On 2/10/20 10:49 AM, Rahul Chauhan wrote: > > Signed-off-by: Rahul Chauhan <[email protected]> > > --- > > .../libxml/libxml2/fix-CVE-2019-19956.patch | 38 > ++++++++++++++++++++++ > > meta/recipes-core/libxml/libxml2_2.9.8.bb | 1 + > > 2 files changed, 39 insertions(+) > > create mode 100644 > meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch > > What is the difference from the patch sent on the 6th? is this a version 2? > > - armin > > > > diff --git a/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch > b/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch > > new file mode 100644 > > index 0000000..43c3589 > > --- /dev/null > > +++ b/meta/recipes-core/libxml/libxml2/fix-CVE-2019-19956.patch > > @@ -0,0 +1,38 @@ > > +From 3cd2b25ddb04740be2880cfd78d60038452228b1 Mon Sep 17 00:00:00 2001 > > +From: Zhipeng Xie <[email protected]> > > +Date: Wed, 7 Aug 2019 17:39:17 +0800 > > +Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover > > + > > +When doc is NULL, namespace created in xmlTreeEnsureXMLDecl > > +is bind to newDoc->oldNs, in this case, set newDoc->oldNs to > > +NULL and free newDoc will cause a memory leak. > > + > > +Found with libFuzzer. > > + > > +Closes #82. > > + > > +Upstream-Status: Backport [ > https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 > ] > > +CVE: CVE-2019-19956 > > + > > +Signed-off-by: Rahul Chauhan <[email protected]> > > +--- > > + parser.c | 3 ++- > > + 1 file changed, 2 insertions(+), 1 deletion(-) > > + > > +diff --git a/parser.c b/parser.c > > +index b7ecd65..491f5c9 100644 > > +--- a/parser.c > > ++++ b/parser.c > > +@@ -13899,7 +13899,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr > doc, xmlSAXHandlerPtr sax, > > + xmlFreeParserCtxt(ctxt); > > + newDoc->intSubset = NULL; > > + newDoc->extSubset = NULL; > > +- newDoc->oldNs = NULL; > > ++ if(doc != NULL) > > ++ newDoc->oldNs = NULL; > > + xmlFreeDoc(newDoc); > > + > > + return(ret); > > +-- > > +2.7.4 > > + > > diff --git a/meta/recipes-core/libxml/libxml2_2.9.8.bb > b/meta/recipes-core/libxml/libxml2_2.9.8.bb > > index 62643bc..67c2d4f 100644 > > --- a/meta/recipes-core/libxml/libxml2_2.9.8.bb > > +++ b/meta/recipes-core/libxml/libxml2_2.9.8.bb > > @@ -23,6 +23,7 @@ SRC_URI = " > http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ > > file://fix-CVE-2017-8872.patch \ > > file://fix-CVE-2018-14404.patch \ > > file://0001-Fix-infinite-loop-in-LZMA-decompression.patch \ > > + file://fix-CVE-2019-19956.patch \ > > " > > > > SRC_URI[libtar.md5sum] = "b786e353e2aa1b872d70d5d1ca0c740d" > >
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
