Remove patch which has been rolled in from libxml2 upstream.
Upstream commit 90ccb58242866b0ba3edbef8fe44214a101c2b3e includes this
patch; our local patch was redundantly reapplied causing a null-deref.
This turns down the fuzz factor on the roll script to zero from the default
of two. In this particular case a fuzz factor <= 1 would have been sufficient
to barf on this. The next roll may want to turn this up again to one and/or
update the context of patches.
BUG=710365
Review-Url: https://codereview.chromium.org/2815643005
Cr-Original-Commit-Position: refs/heads/master@{#463938}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 4b0720728483b544dad1aa6a0060ea01cd5519e3
diff --git a/README.chromium b/README.chromium
index 0d78eac..d111b70 100644
--- a/README.chromium
+++ b/README.chromium
@@ -17,8 +17,6 @@
chromium-issue-620679.patch: See https://crbug.com/620679#c34
chromium-issue-628581.patch: See https://crbug.com/628581#c18
chromium-issue-683629.patch: See https://crbug.com/683629#c9
- libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch:
- See https://crbug.com/708434
libxml2-2.9.4-security-CVE-2017-7376-nanohttp-out-of-bounds-write.patch:
See https://crbug.com/708433
libxml2-2.9.4-security-xpath-nodetab-uaf.patch: See https://crbug.com/705445
diff --git a/chromium/libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch b/chromium/libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch
deleted file mode 100644
index 5548b88..0000000
--- a/chromium/libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-https://bugzilla.gnome.org/show_bug.cgi?id=780691
-
---- src/parser.c
-+++ src/parser.c
-@@ -8130,6 +8130,14 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
- if (xmlPushInput(ctxt, input) < 0)
- return;
- } else {
-+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
-+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
-+ (ctxt->replaceEntities == 0) &&
-+ (ctxt->validate == 0))
-+ return;
- /*
- * TODO !!!
- * handle the extra spaces added before and after
diff --git a/chromium/roll.py b/chromium/roll.py
index f4da100..44cac5d 100755
--- a/chromium/roll.py
+++ b/chromium/roll.py
@@ -75,7 +75,6 @@
'chromium-issue-620679.patch',
'chromium-issue-628581.patch',
'chromium-issue-683629.patch',
- 'libxml2-2.9.4-security-CVE-2017-7375-xmlParsePEReference-xxe.patch',
'libxml2-2.9.4-security-CVE-2017-7376-nanohttp-out-of-bounds-write.patch',
'libxml2-2.9.4-security-xpath-nodetab-uaf.patch',
'libxml2-2.9.4-xmlDumpElementContent-null-deref.patch',
@@ -344,8 +343,9 @@
's/Version: .*$/Version: %s/' % commit)
for patch in PATCHES:
- subprocess.check_call('cat ../chromium/%s | patch -p1' % patch,
- shell=True)
+ subprocess.check_call(
+ 'cat ../chromium/%s | patch -p1 --fuzz=0' % patch,
+ shell=True)
with WorkingDir('../linux'):
subprocess.check_call(
diff --git a/src/parser.c b/src/parser.c
index 8017df9..e3f3fbd 100644
--- a/src/parser.c
+++ b/src/parser.c
@@ -8120,14 +8120,6 @@
"PEReference: %%%s; not found\n",
name);
} else {
- if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
- ((ctxt->options & XML_PARSE_NOENT) == 0) &&
- ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
- ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
- ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
- (ctxt->replaceEntities == 0) &&
- (ctxt->validate == 0))
- return;
/*
* [ VC: Entity Declared ]
* In a document with an external subset or external
