I see part 1 and 2 but no part 3. Also, have you asked upstream if they'll be making a point release with these in?
Ross On 12 December 2016 at 13:20, Andrej Valek <[email protected]> wrote: > xpath: > - Check for errors after evaluating first operand. > - Add sanity check for empty stack. > - Include comparation in changes from xmlXPathCmpNodesExt to > xmlXPathCmpNodes > > Signed-off-by: Andrej Valek <[email protected]> > Signed-off-by: Pascal Bach <[email protected]> > --- > .../libxml2/libxml2-fix_node_comparison.patch | 67 > ++++++++++++++++++++++ > meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + > 2 files changed, 68 insertions(+) > create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-fix_node_ > comparison.patch > > diff --git > a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch > b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch > new file mode 100644 > index 0000000..11718bb > --- /dev/null > +++ b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch > @@ -0,0 +1,67 @@ > +libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL > pointer deref in XPointer > + > +xpath: > + - Check for errors after evaluating first operand. > + - Add sanity check for empty stack. > + - Include comparation in changes from xmlXPathCmpNodesExt to > xmlXPathCmpNodes > + > +Upstream-Status: Backported > + - [https://git.gnome.org/browse/libxml2/commit/?id= > c1d1f7121194036608bf555f08d3062a36fd344b] > + - [https://git.gnome.org/browse/libxml2/commit/?id= > a005199330b86dada19d162cae15ef9bdcb6baa8] > +CVE: necessary changes for fixing CVE-2016-5131 > +Signed-off-by: Andrej Valek <[email protected]> > +Signed-off-by: Pascal Bach <[email protected]> > + > +diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror > +new file mode 100644 > +index 0000000..d589882 > +--- /dev/null > ++++ b/result/XPath/xptr/viderror > +@@ -0,0 +1,4 @@ > ++ > ++======================== > ++Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) > ++Object is empty (NULL) > +diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror > +new file mode 100644 > +index 0000000..da8c53b > +--- /dev/null > ++++ b/test/XPath/xptr/viderror > +@@ -0,0 +1 @@ > ++xpointer(non-existing-fn()/range-to(id('chapter2'))) > +diff --git a/xpath.c b/xpath.c > +index 113bce6..d992841 100644 > +--- a/xpath.c > ++++ b/xpath.c > +@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr > node2) { > + * compute depth to root > + */ > + for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { > +- if (cur == node1) > ++ if (cur->parent == node1) > + return(1); > + depth2++; > + } > + root = cur; > + for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { > +- if (cur == node2) > ++ if (cur->parent == node2) > + return(-1); > + depth1++; > + } > +@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr > ctxt, xmlXPathStepOpPtr op) > + xmlNodeSetPtr oldset; > + int i, j; > + > +- if (op->ch1 != -1) > ++ if (op->ch1 != -1) { > + total += > + xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); > ++ CHECK_ERROR0; > ++ } > ++ if (ctxt->value == NULL) { > ++ XP_ERROR0(XPATH_INVALID_OPERAND); > ++ } > + if (op->ch2 == -1) > + return (total); > + > diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb > b/meta/recipes-core/libxml/libxml2_2.9.4.bb > index 1fed90b..66a8940 100644 > --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb > +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb > @@ -19,6 +19,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/ > libxml2-${PV}.tar.gz;name=libtar \ > file://run-ptest \ > file://python-sitepackages-dir.patch \ > file://libxml-m4-use-pkgconfig.patch \ > + file://libxml2-fix_node_comparison.patch \ > file://libxml2-CVE-2016-5131.patch \ > " > > -- > 2.1.4 > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core >
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
