summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-12-05 10:56:23 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-20 17:08:29 +0000
commit2390475894663d718a00447ee48764f472ce60f7 (patch)
tree29fb908a1b7d811b6cc9a8dd0fbef8a814a2294b
parent663943a80238572030978df484c73f4e80e06bf1 (diff)
downloadpoky-2390475894663d718a00447ee48764f472ce60f7.tar.gz
libxml2: security fix CVE-2015-8035
(From OE-Core rev: 495eaf5039596ac0fab7684cfc867569710eb0f4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch38
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 56a99e8b6d..365d5bc7a6 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -28,6 +28,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
28 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ 28 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
29 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ 29 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
30 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ 30 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
31 file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
31 " 32 "
32 33
33BINCONFIG = "${bindir}/xml2-config" 34BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
new file mode 100644
index 0000000000..7107355706
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
@@ -0,0 +1,38 @@
1From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Tue, 3 Nov 2015 15:31:25 +0800
4Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7DoS when parsing specially crafted XML document if XZ support
8is compiled in (which wasn't the case for 2.9.2 and master since
9Nov 2013, fixed in next commit !)
10
11Upstream-Status: Backport
12
13CVE-2015-8035
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 xzlib.c | 4 ++++
19 1 file changed, 4 insertions(+)
20
21diff --git a/xzlib.c b/xzlib.c
22index 0dcb9f4..1fab546 100644
23--- a/xzlib.c
24+++ b/xzlib.c
25@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
26 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
27 return -1;
28 }
29+ if (ret == LZMA_PROG_ERROR) {
30+ xz_error(state, LZMA_PROG_ERROR, "compression error");
31+ return -1;
32+ }
33 } while (strm->avail_out && ret != LZMA_STREAM_END);
34
35 /* update available output and crc check value */
36--
372.3.5
38