diff options
author | George McCollister <george.mccollister@gmail.com> | 2017-11-14 14:01:06 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-21 14:43:56 +0000 |
commit | 2cfc0951486b1e1b0b5dccbecac12d4e3826d0c9 (patch) | |
tree | d4dbafe70dff698a64a140ee250c17bc67e37275 | |
parent | ee4506739f91828f5d33d306bc994e2e59655c5b (diff) | |
download | poky-2cfc0951486b1e1b0b5dccbecac12d4e3826d0c9.tar.gz |
zlib: Fix CVE-2016-9843
Add backported patch to fix CVE-2016-9843 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9843
(From OE-Core rev: 32db742922b6e4127d65abf42905a07eca6a2255)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9843.patch | 55 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib_1.2.8.bb | 1 |
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9843.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9843.patch new file mode 100644 index 0000000000..1ff8acf265 --- /dev/null +++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9843.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | commit d1d577490c15a0c6862473d7576352a9f18ef811 | ||
2 | Author: Mark Adler <madler@alumni.caltech.edu> | ||
3 | Date: Wed Sep 28 20:20:25 2016 -0700 | ||
4 | |||
5 | Avoid pre-decrement of pointer in big-endian CRC calculation. | ||
6 | |||
7 | There was a small optimization for PowerPCs to pre-increment a | ||
8 | pointer when accessing a word, instead of post-incrementing. This | ||
9 | required prefacing the loop with a decrement of the pointer, | ||
10 | possibly pointing before the object passed. This is not compliant | ||
11 | with the C standard, for which decrementing a pointer before its | ||
12 | allocated memory is undefined. When tested on a modern PowerPC | ||
13 | with a modern compiler, the optimization no longer has any effect. | ||
14 | Due to all that, and per the recommendation of a security audit of | ||
15 | the zlib code by Trail of Bits and TrustInSoft, in support of the | ||
16 | Mozilla Foundation, this "optimization" was removed, in order to | ||
17 | avoid the possibility of undefined behavior. | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz | ||
21 | https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 | ||
22 | |||
23 | CVE: CVE-2016-9843 | ||
24 | |||
25 | Signed-off-by: George McCollister <george.mccollister@gmail.com> | ||
26 | |||
27 | diff --git a/crc32.c b/crc32.c | ||
28 | index 979a719..05733f4 100644 | ||
29 | --- a/crc32.c | ||
30 | +++ b/crc32.c | ||
31 | @@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) | ||
32 | } | ||
33 | |||
34 | /* ========================================================================= */ | ||
35 | -#define DOBIG4 c ^= *++buf4; \ | ||
36 | +#define DOBIG4 c ^= *buf4++; \ | ||
37 | c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ | ||
38 | crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] | ||
39 | #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 | ||
40 | @@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) | ||
41 | } | ||
42 | |||
43 | buf4 = (const z_crc_t FAR *)(const void FAR *)buf; | ||
44 | - buf4--; | ||
45 | while (len >= 32) { | ||
46 | DOBIG32; | ||
47 | len -= 32; | ||
48 | @@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) | ||
49 | DOBIG4; | ||
50 | len -= 4; | ||
51 | } | ||
52 | - buf4++; | ||
53 | buf = (const unsigned char FAR *)buf4; | ||
54 | |||
55 | if (len) do { | ||
diff --git a/meta/recipes-core/zlib/zlib_1.2.8.bb b/meta/recipes-core/zlib/zlib_1.2.8.bb index eb38589b6a..338d0f9573 100644 --- a/meta/recipes-core/zlib/zlib_1.2.8.bb +++ b/meta/recipes-core/zlib/zlib_1.2.8.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ | |||
13 | file://CVE-2016-9840.patch \ | 13 | file://CVE-2016-9840.patch \ |
14 | file://CVE-2016-9841.patch \ | 14 | file://CVE-2016-9841.patch \ |
15 | file://CVE-2016-9842.patch \ | 15 | file://CVE-2016-9842.patch \ |
16 | file://CVE-2016-9843.patch \ | ||
16 | file://run-ptest \ | 17 | file://run-ptest \ |
17 | " | 18 | " |
18 | 19 | ||