bzip2: Security fix CVE-2016-3189

Affects bzip2 <= 1.0.6 CVSS v2 Base Score: 4.3 MEDIUM (From OE-Core rev: 979c61e47d416b940ca53e22acffdacb2625cf89) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-07-16 16:04:13 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-07-20 10:28:52 +0100
commit: 3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (patch)
tree: bd083b86c2eeb547dbf0d8147cd8f1f4d893b79e /meta/recipes-extended/bzip2/bzip2-1.0.6
parent: c0dbed63c6f1d7ac758672f20489ffaea3736758 (diff)
download: poky-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
new file mode 100644
index 0000000000..1d0c3a6dd3
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Backport
+https://bugzilla.suse.com/attachment.cgi?id=681334
+CVE: CVE-2016-3189
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: bzip2-1.0.6/bzip2recover.c
+===================================================================
+--- bzip2-1.0.6.orig/bzip2recover.c
+++ bzip2-1.0.6/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
+            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
author	Armin Kuster <akuster@mvista.com>	2016-07-16 16:04:13 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-07-20 10:28:52 +0100
commit	3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (patch)
tree	bd083b86c2eeb547dbf0d8147cd8f1f4d893b79e /meta/recipes-extended/bzip2/bzip2-1.0.6
parent	c0dbed63c6f1d7ac758672f20489ffaea3736758 (diff)
download	poky-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.tar.gz

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch new file mode 100644 index 0000000000..1d0c3a6dd3 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
@@ -0,0 +1,18 @@
	1	Upstream-Status: Backport
	2	https://bugzilla.suse.com/attachment.cgi?id=681334
	3
	4	CVE: CVE-2016-3189
	5	Signed-off-by: Armin Kuster <akuster@mvista.com>
	6
	7	Index: bzip2-1.0.6/bzip2recover.c
	8	===================================================================
	9	--- bzip2-1.0.6.orig/bzip2recover.c
	10	+++ bzip2-1.0.6/bzip2recover.c
	11	@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
	12	bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
	13	bsPutUInt32 ( bsWr, blockCRC );
	14	bsClose ( bsWr );
	15	+ outFile = NULL;
	16	}
	17	if (wrBlock >= rbCtr) break;
	18	wrBlock++;