libxml2: security fix CVE-2015-8035

(From OE-Core rev: 1266b6269cbafbb529579d92334785a833c22fc1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2015-12-05 10:56:23 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-14 15:18:28 +0000
commit: cbc4e832d16341f8d10bddb100c3453419a45997 (patch)
tree: cc71add13489cccd33714c327f688322d082be3b
parent: c4b71e1a6ac2218740c829a6d063d7d8acd3c262 (diff)
download: poky-cbc4e832d16341f8d10bddb100c3453419a45997.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 97eb417a03..bc84656303 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
           file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
           file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
           file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
+           file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
          "
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
new file mode 100644
index 0000000000..7107355706
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
@@ -0,0 +1,38 @@
+From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 3 Nov 2015 15:31:25 +0800
+Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+DoS when parsing specially crafted XML document if XZ support
+is compiled in (which wasn't the case for 2.9.2 and master since
+Nov 2013, fixed in next commit !)
+Upstream-Status: Backport
+CVE-2015-8035
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ xzlib.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/xzlib.c b/xzlib.c
+index 0dcb9f4..1fab546 100644
+--- a/xzlib.c
+++ b/xzlib.c
+@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
+             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
+             return -1;
+         }
+        if (ret == LZMA_PROG_ERROR) {
+            xz_error(state, LZMA_PROG_ERROR, "compression error");
+            return -1;
+        }
+     } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+     /* update available output and crc check value */
+-- 
+2.3.5
author	Armin Kuster <akuster@mvista.com>	2015-12-05 10:56:23 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-14 15:18:28 +0000
commit	cbc4e832d16341f8d10bddb100c3453419a45997 (patch)
tree	cc71add13489cccd33714c327f688322d082be3b
parent	c4b71e1a6ac2218740c829a6d063d7d8acd3c262 (diff)
download	poky-cbc4e832d16341f8d10bddb100c3453419a45997.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 97eb417a03..bc84656303 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
26	file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \	26	file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
27	file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \	27	file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
28	file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \	28	file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
		29	file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
29	"	30	"
30		31
31	BINCONFIG = "${bindir}/xml2-config"	32	BINCONFIG = "${bindir}/xml2-config"


diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch new file mode 100644 index 0000000000..7107355706 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
@@ -0,0 +1,38 @@
		1	From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
		2	From: Daniel Veillard <veillard@redhat.com>
		3	Date: Tue, 3 Nov 2015 15:31:25 +0800
		4	Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
		5
		6	For https://bugzilla.gnome.org/show_bug.cgi?id=757466
		7	DoS when parsing specially crafted XML document if XZ support
		8	is compiled in (which wasn't the case for 2.9.2 and master since
		9	Nov 2013, fixed in next commit !)
		10
		11	Upstream-Status: Backport
		12
		13	CVE-2015-8035
		14
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	xzlib.c \| 4 ++++
		19	1 file changed, 4 insertions(+)
		20
		21	diff --git a/xzlib.c b/xzlib.c
		22	index 0dcb9f4..1fab546 100644
		23	--- a/xzlib.c
		24	+++ b/xzlib.c
		25	@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
		26	xz_error(state, LZMA_DATA_ERROR, "compressed data error");
		27	return -1;
		28	}
		29	+ if (ret == LZMA_PROG_ERROR) {
		30	+ xz_error(state, LZMA_PROG_ERROR, "compression error");
		31	+ return -1;
		32	+ }
		33	} while (strm->avail_out && ret != LZMA_STREAM_END);
		34
		35	/* update available output and crc check value */
		36	--
		37	2.3.5
		38