summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-11-12 14:21:42 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-11-20 14:32:31 (GMT)
commit388f3a4a2ffb10979d77b119fe0a3bf3acd534bc (patch)
tree4542815da75fb8e57fe42444a7a507d2ae917086
parentb6105680bfb85915e0012c456118441c4c74463d (diff)
downloadpoky-388f3a4a2ffb10979d77b119fe0a3bf3acd534bc.tar.gz
libxml2: CVE-2015-8035
Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch35
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 15a2421..d5e263b 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
24 file://libxml2-CVE-2014-3660.patch \ 24 file://libxml2-CVE-2014-3660.patch \
25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ 25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
26 file://CVE-2015-7942.patch \ 26 file://CVE-2015-7942.patch \
27 file://CVE-2015-8035.patch \
27 " 28 "
28 29
29BINCONFIG = "${bindir}/xml2-config" 30BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
new file mode 100644
index 0000000..d08693f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
@@ -0,0 +1,35 @@
1From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Tue, 3 Nov 2015 15:31:25 +0800
4Subject: CVE-2015-8035 Fix XZ compression support loop
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7DoS when parsing specially crafted XML document if XZ support
8is compiled in (which wasn't the case for 2.9.2 and master since
9Nov 2013, fixed in next commit !)
10
11Upstream-Status: Backport
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13
14---
15 xzlib.c | 4 ++++
16 1 file changed, 4 insertions(+)
17
18diff --git a/xzlib.c b/xzlib.c
19index 0dcb9f4..1fab546 100644
20--- a/xzlib.c
21+++ b/xzlib.c
22@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
23 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
24 return -1;
25 }
26+ if (ret == LZMA_PROG_ERROR) {
27+ xz_error(state, LZMA_PROG_ERROR, "compression error");
28+ return -1;
29+ }
30 } while (strm->avail_out && ret != LZMA_STREAM_END);
31
32 /* update available output and crc check value */
33--
34cgit v0.11.2
35