New issue
Advanced search Search tips

Issue 799707 link

Starred by 1 user
Status: Fixed
Owner:
schenney@chromium.org
Closed: Mar 2018
Cc:
joelhockey@chromium.org
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android
Pri: 2
Type: Bug-Security

Blocking:
issue 823892



Sign in to add a comment

Chromium: Vulnerability reported in libxml

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jan 6 2018 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: libxml
Package Version: [cpe:/a:xmlsoft:libxml2:2.7.7]

Advisory: CVE-2016-4483
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-4483
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization.  NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Comment 1 by elawrence@chromium.org, Jan 6 2018

Cc: joelhockey@chromium.org
Components: Blink>XML

Comment 2 by metzman@chromium.org, Jan 7 2018

Labels: Security_Severity-Low OS-Chrome OS-Linux
Labeling low severity because the only use for the vulnerability given by the report is DoS

Comment 3 by joelhockey@chromium.org, Jan 7 2018 

This bug will be fixed next time someone does a roll from libxml.  Since this particular bug is not critical, and I have some outstanding patches with libxml, I'm planning to wait until my patches are taken by libxml before rolling.  This should be about 1 week (by 2018-01-15).

Comment 4 by vapier@chromium.org, Jan 9 2018 

Chrome OS system is already on libxml2-2.9.6, so this only impacts Chrome itself

Comment 5 by kerrnel@chromium.org, Jan 30 2018

Labels: -OS-Chrome OS-Android
Removing OS>Chrome based on comment #4. Joel was this fixed in Chrome? FWIW I don't think we tag DoS as security bugs.

Comment 6 by joelhockey@chromium.org, Jan 31 2018 

I don't believe this was ever an issue in chromium since it only applies to serializing xml.

I have started a roll of libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c which I will complete tomorrow when I have access to my macbook.
Project Member

Comment 7 by bugdroid1@chromium.org, Feb 2 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6

commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6
Author: Joel Hockey <joelhockey@chromium.org>
Date: Fri Feb 02 04:42:45 2018

Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c

This fixes a number of bugs found on clusterfuzz.

Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
Bug:  790944 
Bug:  793715 
Bug:  796804 
Bug:  799707 
Reviewed-on: https://chromium-review.googlesource.com/897220
Commit-Queue: Joel Hockey <joelhockey@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#533953}
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/README.chromium
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/configure.ac
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/parser.c
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6/third_party/libxml/src/xmlIO.c

Comment 8 by joelhockey@chromium.org, Feb 5 2018

Status: Fixed (was: Unconfirmed)
chromium now updated to latest libxml
Project Member

Comment 9 by sheriffbot@chromium.org, Feb 8 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 10 by bugdroid1@chromium.org, Feb 12 2018

Labels: merge-merged-3325
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9dc050f2480deaf9882ca95a6f214cc552ef9339

commit 9dc050f2480deaf9882ca95a6f214cc552ef9339
Author: Joel Hockey <joelhockey@chromium.org>
Date: Mon Feb 12 22:46:35 2018

Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c

This fixes a number of bugs found on clusterfuzz.

Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
Bug:  790944 
Bug:  793715 
Bug:  796804 
Bug:  799707 
Reviewed-on: https://chromium-review.googlesource.com/897220
Commit-Queue: Joel Hockey <joelhockey@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#533953}(cherry picked from commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6)
Reviewed-on: https://chromium-review.googlesource.com/914448
Reviewed-by: Jay Civelli <jcivelli@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#437}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/README.chromium
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/configure.ac
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/parser.c
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/9dc050f2480deaf9882ca95a6f214cc552ef9339/third_party/libxml/src/xmlIO.c
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 16 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4be2115e0abf80619cbf702d0619520d0c4c868d

commit 4be2115e0abf80619cbf702d0619520d0c4c868d
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 18:30:55 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543766}
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/README.chromium
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/configure.ac
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/parser.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/431c6dbf0a42d0c31c7dccd6553c6c496f1042a0/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/xmlIO.c
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 16 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0f92ca1175c89aec344326778c755ba57ef4d314

commit 0f92ca1175c89aec344326778c755ba57ef4d314
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 18:50:19 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

M-65 stable merge.

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/967021
Cr-Commit-Position: refs/branch-heads/3325@{#714}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/README.chromium
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/configure.ac
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/parser.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/483290671a61fdd75600a7b7f5e4a940ba814e9b/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/xmlIO.c
Project Member

Comment 13 by bugdroid1@chromium.org, Mar 16 2018

Labels: merge-merged-3359
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/54a1c705833b375b124b014159dcadda02a80e9b

commit 54a1c705833b375b124b014159dcadda02a80e9b
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 19:00:42 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

M-66 merge.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/966962
Cr-Commit-Position: refs/branch-heads/3359@{#288}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/README.chromium
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/configure.ac
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/parser.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/11b924f8c4a7c84bfb46e8df78e7ef8d330dc907/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/xmlIO.c
Project Member

Comment 14 by bugdroid1@chromium.org, Mar 16 2018

Labels: merge-merged-3372
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d8901956103e21b8c3461b779e99cd5d7f50f3ad

commit d8901956103e21b8c3461b779e99cd5d7f50f3ad
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 19:19:12 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Canary build branch merge.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/966690
Cr-Commit-Position: refs/branch-heads/3372@{#1}
Cr-Branched-From: ad7f48548867b059f459e13c53bb8e2e96027381-refs/heads/master@{#543592}
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/README.chromium
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/configure.ac
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/parser.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/ad7f48548867b059f459e13c53bb8e2e96027381/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/xmlIO.c

Comment 15 by schenney@chromium.org, Mar 16 2018

Owner: schenney@chromium.org
Status: Assigned (was: Fixed)
This bug needs to be re-opened since we reverted the libxml roll. I will look to re-landing each fix separately.
Project Member

Comment 16 by sheriffbot@chromium.org, Mar 17 2018

Status: Fixed (was: Assigned)
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 17 by schenney@chromium.org, Mar 20 2018

Status: Started (was: Fixed)
Planning a new roll today (or maybe tomorrow)

Comment 18 by mmoroz@chromium.org, Mar 20 2018

Cc: mmoroz@chromium.org
Stephen, may I ask you to include one more change to third_party/libxml/chromium/roll.py file? I'll file a separate bug with clarifications why it's needed right now. Here is the change:

$ git diff third_party/libxml/chromium/roll.py
diff --git a/third_party/libxml/chromium/roll.py b/third_party/libxml/chromium/roll.py
index 3ed0bc6268c1..82595f5ce126 100755
--- a/third_party/libxml/chromium/roll.py
+++ b/third_party/libxml/chromium/roll.py
@@ -105,6 +105,7 @@ SHARED_XML_CONFIGURE_OPTIONS = [
     ('--without-run-debug', 'run_debug=no'),
     ('--without-schemas', 'schemas=no'),
     ('--without-schematron', 'schematron=no'),
+    ('--without-threads', 'threads=no'),
     ('--without-valid', 'valid=no'),
     ('--without-xinclude', 'xinclude=no'),
     ('--without-xptr', 'xptr=no'),

Comment 19 by mmoroz@chromium.org, Mar 20 2018

Blocking: 823892
Project Member

Comment 20 by bugdroid1@chromium.org, Mar 23 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380

commit f01ade19f2ee3e7037bb57acb46e3bd6d45a0380
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 23 15:36:43 2018

Roll libxml to 7a1bd7f6497ac33a9023d556f6f47a48f01deac0

R=dcheng@chromium.org

Bug:  790944 , 820163 , 793715 , 796804 , 799707 , 823345 
Change-Id: I6daa6aedd8ccff792b99c228d85800dbd2dd3ec2
Reviewed-on: https://chromium-review.googlesource.com/973467
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545458}
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/README.chromium
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/chromium/roll.py
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/config.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/include/libxml/xmlversion.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/mac/config.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/mac/include/libxml/xmlversion.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/aclocal.m4
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/configure.ac
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/libxml2.syms
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/parser.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/testapi.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/xpath.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/win32/include/libxml/xmlversion.h

Comment 21 by schenney@chromium.org, Mar 23 2018

Status: Fixed (was: Started)
Project Member

Comment 22 by bugdroid1@chromium.org, Mar 27 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0b7754a48adf46c2d9a352085754d46a404ba1c

commit e0b7754a48adf46c2d9a352085754d46a404ba1c
Author: Stephen Chenney <schenney@chromium.org>
Date: Tue Mar 27 18:06:12 2018

Roll libxml to 7a1bd7f6497ac33a9023d556f6f47a48f01deac0

M-66 Cherry-pick

TBR=​dcheng@chromium.org

Bug:  790944 , 820163 , 793715 , 796804 , 799707 , 823345 
Change-Id: I6daa6aedd8ccff792b99c228d85800dbd2dd3ec2
Reviewed-on: https://chromium-review.googlesource.com/973467
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#545458}(cherry picked from commit f01ade19f2ee3e7037bb57acb46e3bd6d45a0380)
Reviewed-on: https://chromium-review.googlesource.com/981755
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/branch-heads/3359@{#464}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/README.chromium
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/chromium/roll.py
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/config.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/include/libxml/xmlversion.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/mac/config.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/mac/include/libxml/xmlversion.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/aclocal.m4
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/configure.ac
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/libxml2.syms
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/parser.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/testapi.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/xpath.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/win32/include/libxml/xmlversion.h
Project Member

Comment 23 by sheriffbot@chromium.org, Jun 30 2018

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment