New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 614405 link

Starred by 1 user
Status: Fixed
Owner:
dominicc@chromium.org
Last visit > 30 days ago
Closed: May 2016
Cc:
kcc@chromium.org
timwillis@chromium.org
ddkil...@apple.com
dominicc@chromium.org
veill...@gmail.com
mbarbe...@chromium.org
infe...@chromium.org
scottmg@chromium.org
och...@chromium.org
pranjal....@gmail.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security

Blocking:
issue 593691



Sign in to add a comment

Security: update libxml to 2.9.4

Project Member Reported by mmoroz@chromium.org, May 24 2016 
libxml 2.9.4 has been recently released: https://git.gnome.org/browse/libxml2/

Also looks like it has been disclosed that there were a bunch of security fixes.

We've did an update not too far ago to v2.9.4-rc2 (bug 611953), but I'm afraid that it would be better to use the most recent released version.

Comment 1 by mmoroz@chromium.org, May 24 2016 

List of commits between 2.9.4-rc2 we are using now and 2.9.4 released recently: https://screenshot.googleplex.com/zzMn6AqVGEJ

Comment 2 by lgar...@chromium.org, May 24 2016

Status: Assigned (was: Unconfirmed)

Comment 3 by dominicc@chromium.org, May 25 2016

Status: Started (was: Assigned)
Working on this now.

Comment 4 by dominicc@chromium.org, May 26 2016 

Work in progress up at: https://codereview.chromium.org/2010803004

Comment 5 by timwillis@google.com, May 26 2016

Labels: Security_Impact-Stable Security_Severity-High M-51 M-52
Great - thanks @dominicc. 

Let's get these into M52 once they've hit a canary and then we'll consider merging this to stable in a patch release.
Project Member

Comment 6 by bugdroid1@chromium.org, May 26 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3c53598f981660671a93f9f71e52e5bb58a2b64e

commit 3c53598f981660671a93f9f71e52e5bb58a2b64e
Author: dominicc <dominicc@chromium.org>
Date: Thu May 26 03:21:59 2016

Roll libxml to bdec2183f34b37ee89ae1d330c6ad2bb4d76605f

BUG= 614405 

Review-Url: https://codereview.chromium.org/2010803004
Cr-Commit-Position: refs/heads/master@{#396097}

[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/README.chromium
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/SAX2.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/catalog.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/configure
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/configure.ac
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/debugXML.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/encoding.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/entities.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/error.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/include/libxml/parserInternals.h
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/include/libxml/xmlerror.h
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/include/libxml/xmlstring.h
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/libxml.h
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/libxml.spec.in
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/parser.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/relaxng.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/runtest.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/schematron.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/testModule.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/tree.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/uri.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/valid.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xinclude.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlIO.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlmemory.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlreader.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlregexp.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlsave.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlschemas.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlstring.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xmlwriter.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xpath.c
[modify] https://crrev.com/3c53598f981660671a93f9f71e52e5bb58a2b64e/third_party/libxml/src/xpointer.c

Comment 7 by aarya@google.com, May 26 2016

Status: Fixed (was: Started)
Project Member

Comment 8 by ClusterFuzz, May 26 2016

Labels: Merge-Triage
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Project Member

Comment 9 by sheriffbot@chromium.org, May 26 2016

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 10 by dominicc@chromium.org, May 30 2016

Labels: Merge-Request-52

Comment 11 by tin...@google.com, May 30 2016

Labels: -Merge-Request-52 Merge-Approved-52 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M52 (branch: 2743)
Project Member

Comment 12 by bugdroid1@chromium.org, May 30 2016

Labels: -merge-approved-52 merge-merged-2743
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e4b01f16275a5a363fb34e886b3f9d55c1db29ed

commit e4b01f16275a5a363fb34e886b3f9d55c1db29ed
Author: Dominic Cooney <dominicc@chromium.org>
Date: Mon May 30 02:16:37 2016

Roll libxml to bdec2183f34b37ee89ae1d330c6ad2bb4d76605f

BUG= 614405 

Review-Url: https://codereview.chromium.org/2010803004
Cr-Commit-Position: refs/heads/master@{#396097}
(cherry picked from commit 3c53598f981660671a93f9f71e52e5bb58a2b64e)

Review URL: https://codereview.chromium.org/2022693002 .

Cr-Commit-Position: refs/branch-heads/2743@{#123}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/README.chromium
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/SAX2.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/catalog.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/configure
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/configure.ac
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/debugXML.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/encoding.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/entities.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/error.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/include/libxml/parserInternals.h
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/include/libxml/xmlerror.h
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/include/libxml/xmlstring.h
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/libxml.h
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/libxml.spec.in
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/parser.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/relaxng.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/runtest.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/schematron.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/testModule.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/tree.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/uri.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/valid.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xinclude.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlIO.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlmemory.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlreader.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlregexp.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlsave.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlschemas.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlstring.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xmlwriter.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xpath.c
[modify] https://crrev.com/e4b01f16275a5a363fb34e886b3f9d55c1db29ed/third_party/libxml/src/xpointer.c

Comment 13 by awhalley@chromium.org, Jun 13 2016

Labels: -Merge-Triage Release-0-M52
Due to the size of the fix and the potential risk of a potential regression, we'll wait until M52. If you disagree please get in touch with awhalley@ and timwillis@

Comment 14 by dominicc@chromium.org, Jul 12 2016

Cc: veill...@gmail.com dominicc@chromium.org ddkil...@apple.com kcc@chromium.org scottmg@chromium.org pranjal....@gmail.com
 Issue 593691  has been merged into this issue.
Project Member

Comment 15 by sheriffbot@chromium.org, Sep 1 2016

Labels: -Restrict-View-SecurityNotify
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 17 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 18 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment