libxslt: Fix CVE-2015-9019

Fixes a vulnerability in libxslt where the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019 Upstream patch: https://bug758400.bugzilla-attachments.gnome.org/attachment.cgi?id=349240&action=diff&collapsed=&context=patch&format=raw&headers=1 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2017-08-18 13:24:05 +0200
committer: Adrian Dudau <adrian.dudau@enea.com> 2017-08-21 10:55:46 +0200
commit: 7005fb8af628193ae6af840350e4e87cb3be19ec (patch)
tree: c900e5393854d199bdbe0d771c845b990c51c3c5
parent: 931b2732b5fb115a702bceb287cb9a3773f59877 (diff)
download: meta-el-common-7005fb8af628193ae6af840350e4e87cb3be19ec.tar.gz
2 files changed, 60 insertions, 0 deletions
diff --git a/recipes-support/libxslt/libxslt/CVE-2015-9019.patch b/recipes-support/libxslt/libxslt/CVE-2015-9019.patch
new file mode 100644
index 0000000..1ab8225
--- /dev/null
+++ b/recipes-support/libxslt/libxslt/CVE-2015-9019.patch
@@ -0,0 +1,55 @@
+commit 047a0fd99e64c554c4edf44cc67ee765b09af017
+Author: Marcus Meissner <meissner@suse.de>
+Date:   Tue Apr 4 16:27:39 2017 +0200
+initialize the random seed
+In libxslt 1.1.29 and earlier, the EXSLT math.random function was
+not initialized with a random seed during startup, which could
+cause usage of this function to produce predictable outputs.
+CVE: CVE-2015-9019
+Upstream-Status: Backport [https://bug758400.bugzilla-attachments.gnome.org/attachment.cgi?id=349240&action=diff&collapsed=&context=patch&format=raw&headers=1]
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+diff --git a/libexslt/math.c b/libexslt/math.c
+index 6b24dbe0..b7a8d6e1 100644
+--- a/libexslt/math.c
+++ b/libexslt/math.c
+@@ -23,6 +23,14 @@
+ #ifdef HAVE_STDLIB_H
+ #include <stdlib.h>
+ #endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <fcntl.h>
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+ 
+ #include "exslt.h"
+ 
+@@ -474,6 +482,20 @@ static double
+ exsltMathRandom (void) {
+     double ret;
+     int num;
+    long seed;
+    static int randinit = 0;
+
+    if (!randinit) {
+       int fd = open("/dev/urandom",O_RDONLY);
+
+       seed = time(NULL); /* just in case /dev/urandom is not there */
+       if (fd == -1) {
+               read (fd, &seed, sizeof(seed));
+               close (fd);
+       }
+       srand(seed);
+       randinit = 1;
+    }
+ 
+     num = rand();
+     ret = (double)num / (double)RAND_MAX;
diff --git a/recipes-support/libxslt/libxslt_%.bbappend b/recipes-support/libxslt/libxslt_%.bbappend
new file mode 100644
index 0000000..aba6e6a
--- /dev/null
+++ b/recipes-support/libxslt/libxslt_%.bbappend
@@ -0,0 +1,5 @@
+# look for files in the layer first
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI += "file://CVE-2015-9019.patch \
+           "
author	Sona Sarmadi <sona.sarmadi@enea.com>	2017-08-18 13:24:05 +0200
committer	Adrian Dudau <adrian.dudau@enea.com>	2017-08-21 10:55:46 +0200
commit	7005fb8af628193ae6af840350e4e87cb3be19ec (patch)
tree	c900e5393854d199bdbe0d771c845b990c51c3c5
parent	931b2732b5fb115a702bceb287cb9a3773f59877 (diff)
download	meta-el-common-7005fb8af628193ae6af840350e4e87cb3be19ec.tar.gz

diff --git a/recipes-support/libxslt/libxslt/CVE-2015-9019.patch b/recipes-support/libxslt/libxslt/CVE-2015-9019.patch new file mode 100644 index 0000000..1ab8225 --- /dev/null +++ b/recipes-support/libxslt/libxslt/CVE-2015-9019.patch
@@ -0,0 +1,55 @@
	1	commit 047a0fd99e64c554c4edf44cc67ee765b09af017
	2	Author: Marcus Meissner <meissner@suse.de>
	3	Date: Tue Apr 4 16:27:39 2017 +0200
	4
	5	initialize the random seed
	6
	7	In libxslt 1.1.29 and earlier, the EXSLT math.random function was
	8	not initialized with a random seed during startup, which could
	9	cause usage of this function to produce predictable outputs.
	10
	11	CVE: CVE-2015-9019
	12	Upstream-Status: Backport [https://bug758400.bugzilla-attachments.gnome.org/attachment.cgi?id=349240&action=diff&collapsed=&context=patch&format=raw&headers=1]
	13
	14	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	15
	16	diff --git a/libexslt/math.c b/libexslt/math.c
	17	index 6b24dbe0..b7a8d6e1 100644
	18	--- a/libexslt/math.c
	19	+++ b/libexslt/math.c
	20	@@ -23,6 +23,14 @@
	21	#ifdef HAVE_STDLIB_H
	22	#include <stdlib.h>
	23	#endif
	24	+#ifdef HAVE_UNISTD_H
	25	+#include <unistd.h>
	26	+#endif
	27	+#include <fcntl.h>
	28	+#ifdef HAVE_TIME_H
	29	+#include <time.h>
	30	+#endif
	31	+
	32
	33	#include "exslt.h"
	34
	35	@@ -474,6 +482,20 @@ static double
	36	exsltMathRandom (void) {
	37	double ret;
	38	int num;
	39	+ long seed;
	40	+ static int randinit = 0;
	41	+
	42	+ if (!randinit) {
	43	+ int fd = open("/dev/urandom",O_RDONLY);
	44	+
	45	+ seed = time(NULL); /* just in case /dev/urandom is not there */
	46	+ if (fd == -1) {
	47	+ read (fd, &seed, sizeof(seed));
	48	+ close (fd);
	49	+ }
	50	+ srand(seed);
	51	+ randinit = 1;
	52	+ }
	53
	54	num = rand();
	55	ret = (double)num / (double)RAND_MAX;


diff --git a/recipes-support/libxslt/libxslt_%.bbappend b/recipes-support/libxslt/libxslt_%.bbappend new file mode 100644 index 0000000..aba6e6a --- /dev/null +++ b/recipes-support/libxslt/libxslt_%.bbappend
@@ -0,0 +1,5 @@
	1	# look for files in the layer first
	2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
	3
	4	SRC_URI += "file://CVE-2015-9019.patch \
	5	"