expat: CVE-2012-6702, CVE-2016-5300

References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 http://www.openwall.com/lists/oss-security/2016/06/04/5 Reference to upstream fix: https://bugzilla.redhat.com/attachment.cgi?id=1165210 Squashed backport against vanilla Expat 2.1.1, addressing: * CVE-2012-6702 -- unanticipated internal calls to srand * CVE-2016-5300 -- use of too little entropy Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2017-01-16 07:30:00 +0100
committer: Sona Sarmadi <sona.sarmadi@enea.com> 2017-02-10 12:21:38 +0100
commit: 88246c60937b662064cc10b3771faf6b73466a5b (patch)
tree: 361eebf7cf67e56a85d5095b53ee9c7d48c1bfc1 /meta/recipes-core/expat/expat_2.1.0.bb
parent: 5772e2b19d1b0b6e277ade15a3242d583cda90ee (diff)
download: poky-88246c60937b662064cc10b3771faf6b73466a5b.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat_2.1.0.bb b/meta/recipes-core/expat/expat_2.1.0.bb
index b958742edc..f81486485d 100644
--- a/meta/recipes-core/expat/expat_2.1.0.bb
+++ b/meta/recipes-core/expat/expat_2.1.0.bb
@@ -1,5 +1,9 @@
 require expat.inc
+FILESEXTRAPATHS_prepend := "${THISDIR}/expat-2.1.0:"
 LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874"
+SRC_URI += "file://CVE-2016-5300_CVE-2012-6702.patch \
+           "
 SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd"
 SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86"
author	Sona Sarmadi <sona.sarmadi@enea.com>	2017-01-16 07:30:00 +0100
committer	Sona Sarmadi <sona.sarmadi@enea.com>	2017-02-10 12:21:38 +0100
commit	88246c60937b662064cc10b3771faf6b73466a5b (patch)
tree	361eebf7cf67e56a85d5095b53ee9c7d48c1bfc1 /meta/recipes-core/expat/expat_2.1.0.bb
parent	5772e2b19d1b0b6e277ade15a3242d583cda90ee (diff)
download	poky-88246c60937b662064cc10b3771faf6b73466a5b.tar.gz

diff --git a/meta/recipes-core/expat/expat_2.1.0.bb b/meta/recipes-core/expat/expat_2.1.0.bb index b958742edc..f81486485d 100644 --- a/meta/recipes-core/expat/expat_2.1.0.bb +++ b/meta/recipes-core/expat/expat_2.1.0.bb
@@ -1,5 +1,9 @@
1	require expat.inc	1	require expat.inc
		2
		3	FILESEXTRAPATHS_prepend := "${THISDIR}/expat-2.1.0:"
2	LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874"	4	LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874"
3		5
		6	SRC_URI += "file://CVE-2016-5300_CVE-2012-6702.patch \
		7	"
4	SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd"	8	SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd"
5	SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86"	9	SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86"