From: Peter Marko <[email protected]> Take patch from Debian: https://salsa.debian.org/debian/tinyxml/-/commit/2366e1f23d059d4c20c43c54176b6bd78d6a83fc
Signed-off-by: Peter Marko <[email protected]> --- .../libtinyxml/CVE-2023-34194.patch | 31 +++++++++++++++++++ .../libtinyxml/libtinyxml_2.6.2.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch diff --git a/meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch b/meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch new file mode 100644 index 0000000000..a94806daad --- /dev/null +++ b/meta-oe/recipes-support/libtinyxml/libtinyxml/CVE-2023-34194.patch @@ -0,0 +1,31 @@ +From: Guilhem Moulin <[email protected]> +Date: Sat, 30 Dec 2023 14:15:54 +0100 +Subject: Avoid reachable assertion via crafted XML document with a '\0' + located after whitespace + +Bug: https://www.forescout.com/resources/sierra21-vulnerabilities +Bug-Debian: https://bugs.debian.org/1059315 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194 + +CVE: CVE-2023-34194 +Upstream-Status: Inactive-Upstream [lastrelease: 2011] +Signed-off-by: Peter Marko <[email protected]> +--- + tinyxmlparser.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp +index 8aa0dfa..1601962 100644 +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm + } + + p = SkipWhiteSpace( p, _encoding ); ++ if ( !p || !*p ) ++ { ++ break; ++ } + if ( StringEqual( p, "version", true, _encoding ) ) + { + TiXmlAttribute attrib; diff --git a/meta-oe/recipes-support/libtinyxml/libtinyxml_2.6.2.bb b/meta-oe/recipes-support/libtinyxml/libtinyxml_2.6.2.bb index 0d18dd4a89..c99930f9e2 100644 --- a/meta-oe/recipes-support/libtinyxml/libtinyxml_2.6.2.bb +++ b/meta-oe/recipes-support/libtinyxml/libtinyxml_2.6.2.bb @@ -12,6 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/tinyxml/tinyxml_${@'${PV}'.replace('.', '_')}.t file://enforce-use-stl.patch \ file://entity-encoding.patch \ file://CVE-2021-42260.patch \ + file://CVE-2023-34194.patch \ " SRC_URI[sha256sum] = "15bdfdcec58a7da30adc87ac2b078e4417dbe5392f3afb719f9ba6d062645593" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114790): https://lists.openembedded.org/g/openembedded-devel/message/114790 Mute This Topic: https://lists.openembedded.org/mt/110541068/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
