diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-01-16 07:30:00 +0100 |
---|---|---|
committer | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-02-10 12:21:38 +0100 |
commit | 88246c60937b662064cc10b3771faf6b73466a5b (patch) | |
tree | 361eebf7cf67e56a85d5095b53ee9c7d48c1bfc1 /meta/recipes-core/expat/expat_2.1.0.bb | |
parent | 5772e2b19d1b0b6e277ade15a3242d583cda90ee (diff) | |
download | poky-88246c60937b662064cc10b3771faf6b73466a5b.tar.gz |
expat: CVE-2012-6702, CVE-2016-5300
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
http://www.openwall.com/lists/oss-security/2016/06/04/5
Reference to upstream fix:
https://bugzilla.redhat.com/attachment.cgi?id=1165210
Squashed backport against vanilla Expat 2.1.1, addressing:
* CVE-2012-6702 -- unanticipated internal calls to srand
* CVE-2016-5300 -- use of too little entropy
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-core/expat/expat_2.1.0.bb')
-rw-r--r-- | meta/recipes-core/expat/expat_2.1.0.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat_2.1.0.bb b/meta/recipes-core/expat/expat_2.1.0.bb index b958742edc..f81486485d 100644 --- a/meta/recipes-core/expat/expat_2.1.0.bb +++ b/meta/recipes-core/expat/expat_2.1.0.bb | |||
@@ -1,5 +1,9 @@ | |||
1 | require expat.inc | 1 | require expat.inc |
2 | |||
3 | FILESEXTRAPATHS_prepend := "${THISDIR}/expat-2.1.0:" | ||
2 | LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874" | 4 | LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874" |
3 | 5 | ||
6 | SRC_URI += "file://CVE-2016-5300_CVE-2012-6702.patch \ | ||
7 | " | ||
4 | SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd" | 8 | SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd" |
5 | SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86" | 9 | SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86" |