libxml2: add Debian patches to address CVEs

Debian uses libxml2 2.9.4 in Stretch. This adds their security related fixes from 2.9.4+dfsg1-2.2+deb9u2 to LEDE's 17.01 release. Fixed CVEs: CVE-2016-4658 CVE-2016-5131 CVE-2017-0663 CVE-2017-15412 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2026-04-30 07:28:39 +01:00 · 2018-08-21 20:42:53 +02:00
parent 56acd578ff
commit a5bbf27e35
13 changed files with 1150 additions and 1 deletions
@@ -0,0 +1,39 @@
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 1 Jun 2017 23:12:19 +0200
+Subject: Fix XPath stack frame logic
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
+Bug-Debian: https://bugs.debian.org/883790
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=783160
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-15412
+
+Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
+xmlXPathCompOpEvalPositionalPredicate to make sure that the context
+object on the stack is actually protected. Otherwise, memory corruption
+can occur when calling sloppily coded XPath extension functions.
+
+Fixes bug 783160.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 94815075..b816bd36 100644
+--- a/xpath.c
+++ b/xpath.c
+@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
+ 		}
+ 	    }
+
+-            frame = xmlXPathSetFrame(ctxt);
+ 	    valuePush(ctxt, contextObj);
+            frame = xmlXPathSetFrame(ctxt);
+ 	    res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
+-            tmp = valuePop(ctxt);
+             xmlXPathPopFrame(ctxt, frame);
+            tmp = valuePop(ctxt);
+
+ 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+                 while (tmp != contextObj) {
+--
+2.15.1
+