aboutsummaryrefslogtreecommitdiff
path: root/package/xerces
diff options
context:
space:
mode:
authorGravatar Baruch Siach <baruch@tkos.co.il>2018-03-26 23:23:02 +0300
committerGravatar Peter Korsgaard <peter@korsgaard.com>2018-03-27 09:46:38 +0200
commit142c8cc8d525f687ce199cc0163d48892e8a81f7 (patch)
tree1bc2cede69a15494380a3873afeb98920b9940fe /package/xerces
parent46680c9dc13fdff28f07c3e86fbc1b778d457a31 (diff)
downloadbuildroot-142c8cc8d525f687ce199cc0163d48892e8a81f7.tar.gz
buildroot-142c8cc8d525f687ce199cc0163d48892e8a81f7.tar.bz2
xerces: add upstream security fix
CVE-2017-12627: dereference of a NULL pointer while processing the path to the DTD. xerces 3.2.1 includes this patch. But this version also added AC_RUN_IFELSE to its configure script, making cross compilation harder. Switching to cmake is also problematic since the minimum required cmake version is 3.2.0. The host dependencies check currently allows minimum cmake version 3.1. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/xerces')
-rw-r--r--package/xerces/0001-fix-CVE-2017-12627.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/package/xerces/0001-fix-CVE-2017-12627.patch b/package/xerces/0001-fix-CVE-2017-12627.patch
new file mode 100644
index 0000000000..010be7e3d5
--- /dev/null
+++ b/package/xerces/0001-fix-CVE-2017-12627.patch
@@ -0,0 +1,22 @@
+XMLString: Don't call catString if relativePath is null
+
+https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
+
+Upstream status: svn revision 1819998
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+
+--- trunk/src/xercesc/util/PlatformUtils.cpp 2018/01/03 18:58:30 1819997
++++ trunk/src/xercesc/util/PlatformUtils.cpp 2018/01/03 18:59:30 1819998
+@@ -920,7 +920,10 @@
+
+ XMLString::subString(tmpBuf, basePath, 0, (basePtr - basePath + 1), manager);
+ tmpBuf[basePtr - basePath + 1] = 0;
+- XMLString::catString(tmpBuf, relativePath);
++ if (relativePath)
++ {
++ XMLString::catString(tmpBuf, relativePath);
++ }
+
+ removeDotSlash(tmpBuf, manager);
+