summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2015-12-05 10:56:23 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-14 15:18:28 +0000
commitcbc4e832d16341f8d10bddb100c3453419a45997 (patch)
treecc71add13489cccd33714c327f688322d082be3b
parentc4b71e1a6ac2218740c829a6d063d7d8acd3c262 (diff)
downloadpoky-cbc4e832d16341f8d10bddb100c3453419a45997.tar.gz
libxml2: security fix CVE-2015-8035
(From OE-Core rev: 1266b6269cbafbb529579d92334785a833c22fc1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch38
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 97eb417a03..bc84656303 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
26 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ 26 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
27 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ 27 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
28 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ 28 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
29 file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
29 " 30 "
30 31
31BINCONFIG = "${bindir}/xml2-config" 32BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
new file mode 100644
index 0000000000..7107355706
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
@@ -0,0 +1,38 @@
1From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Tue, 3 Nov 2015 15:31:25 +0800
4Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7DoS when parsing specially crafted XML document if XZ support
8is compiled in (which wasn't the case for 2.9.2 and master since
9Nov 2013, fixed in next commit !)
10
11Upstream-Status: Backport
12
13CVE-2015-8035
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 xzlib.c | 4 ++++
19 1 file changed, 4 insertions(+)
20
21diff --git a/xzlib.c b/xzlib.c
22index 0dcb9f4..1fab546 100644
23--- a/xzlib.c
24+++ b/xzlib.c
25@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
26 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
27 return -1;
28 }
29+ if (ret == LZMA_PROG_ERROR) {
30+ xz_error(state, LZMA_PROG_ERROR, "compression error");
31+ return -1;
32+ }
33 } while (strm->avail_out && ret != LZMA_STREAM_END);
34
35 /* update available output and crc check value */
36--
372.3.5
38