From 3a54ed3bfbcaa4373e3aa32ce2fc57494e198320 Mon Sep 17 00:00:00 2001 From: Adrian Stratulat Date: Wed, 4 Sep 2019 08:23:32 +0300 Subject: libxslt: remove patch for CVE-2015-9019 CVE-2015-9019 affects libxslt 1.1.29, while the 'warrior' branch uses libxslt 1.1.33. This patch is not applicable anymore. References: https://nvd.nist.gov/vuln/detail/CVE-2015-9019 https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-support/libxslt?h=warrior Change-Id: I0ec21f4f3f574d06a6cf00eca9f1a221028c175b Signed-off-by: Adrian Stratulat --- .../libxslt/libxslt/CVE-2015-9019.patch | 55 ---------------------- recipes-support/libxslt/libxslt_%.bbappend | 5 -- 2 files changed, 60 deletions(-) delete mode 100644 recipes-support/libxslt/libxslt/CVE-2015-9019.patch delete mode 100644 recipes-support/libxslt/libxslt_%.bbappend diff --git a/recipes-support/libxslt/libxslt/CVE-2015-9019.patch b/recipes-support/libxslt/libxslt/CVE-2015-9019.patch deleted file mode 100644 index 1ab8225..0000000 --- a/recipes-support/libxslt/libxslt/CVE-2015-9019.patch +++ /dev/null @@ -1,55 +0,0 @@ -commit 047a0fd99e64c554c4edf44cc67ee765b09af017 -Author: Marcus Meissner -Date: Tue Apr 4 16:27:39 2017 +0200 - -initialize the random seed - -In libxslt 1.1.29 and earlier, the EXSLT math.random function was -not initialized with a random seed during startup, which could -cause usage of this function to produce predictable outputs. - -CVE: CVE-2015-9019 -Upstream-Status: Backport [https://bug758400.bugzilla-attachments.gnome.org/attachment.cgi?id=349240&action=diff&collapsed=&context=patch&format=raw&headers=1] - -Signed-off-by: Sona Sarmadi - -diff --git a/libexslt/math.c b/libexslt/math.c -index 6b24dbe0..b7a8d6e1 100644 ---- a/libexslt/math.c -+++ b/libexslt/math.c -@@ -23,6 +23,14 @@ - #ifdef HAVE_STDLIB_H - #include - #endif -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+#include -+#ifdef HAVE_TIME_H -+#include -+#endif -+ - - #include "exslt.h" - -@@ -474,6 +482,20 @@ static double - exsltMathRandom (void) { - double ret; - int num; -+ long seed; -+ static int randinit = 0; -+ -+ if (!randinit) { -+ int fd = open("/dev/urandom",O_RDONLY); -+ -+ seed = time(NULL); /* just in case /dev/urandom is not there */ -+ if (fd == -1) { -+ read (fd, &seed, sizeof(seed)); -+ close (fd); -+ } -+ srand(seed); -+ randinit = 1; -+ } - - num = rand(); - ret = (double)num / (double)RAND_MAX; diff --git a/recipes-support/libxslt/libxslt_%.bbappend b/recipes-support/libxslt/libxslt_%.bbappend deleted file mode 100644 index aba6e6a..0000000 --- a/recipes-support/libxslt/libxslt_%.bbappend +++ /dev/null @@ -1,5 +0,0 @@ -# look for files in the layer first -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "file://CVE-2015-9019.patch \ - " -- cgit v1.2.3-54-g00ecf