summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorGeorge McCollister <george.mccollister@gmail.com>2017-11-14 14:01:05 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-11-21 14:43:56 +0000
commitee4506739f91828f5d33d306bc994e2e59655c5b (patch)
treee645a2cae5d17638c3ce7557dfa2c497ee75314e /meta
parented3802b67f00f3e565c64086f0fbffd432aabc29 (diff)
downloadpoky-ee4506739f91828f5d33d306bc994e2e59655c5b.tar.gz
zlib: Fix CVE-2016-9842
Add backported patch to fix CVE-2016-9842 which was fixed in zlib 1.2.9 https://nvd.nist.gov/vuln/detail/CVE-2016-9842 (From OE-Core rev: 715645a1be700e132a31aa9c40da1e66dd427ae8) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch35
-rw-r--r--meta/recipes-core/zlib/zlib_1.2.8.bb1
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
new file mode 100644
index 0000000000..41b8d2a30a
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
@@ -0,0 +1,35 @@
1commit e54e1299404101a5a9d0cf5e45512b543967f958
2Author: Mark Adler <madler@alumni.caltech.edu>
3Date: Sat Sep 5 17:45:55 2015 -0700
4
5 Avoid shifts of negative values inflateMark().
6
7 The C standard says that bit shifts of negative integers is
8 undefined. This casts to unsigned values to assure a known
9 result.
10
11Upstream-Status: Backport
12http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz
13https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
14
15CVE: CVE-2016-9842
16
17Signed-off-by: George McCollister <george.mccollister@gmail.com>
18
19diff --git a/inflate.c b/inflate.c
20index 2889e3a..a718416 100644
21--- a/inflate.c
22+++ b/inflate.c
23@@ -1506,9 +1506,10 @@ z_streamp strm;
24 {
25 struct inflate_state FAR *state;
26
27- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
28+ if (strm == Z_NULL || strm->state == Z_NULL)
29+ return (long)(((unsigned long)0 - 1) << 16);
30 state = (struct inflate_state FAR *)strm->state;
31- return ((long)(state->back) << 16) +
32+ return (long)(((unsigned long)((long)state->back)) << 16) +
33 (state->mode == COPY ? state->length :
34 (state->mode == MATCH ? state->was - state->length : 0));
35 }
diff --git a/meta/recipes-core/zlib/zlib_1.2.8.bb b/meta/recipes-core/zlib/zlib_1.2.8.bb
index 88f60611d9..eb38589b6a 100644
--- a/meta/recipes-core/zlib/zlib_1.2.8.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.8.bb
@@ -12,6 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
12 file://ldflags-tests.patch \ 12 file://ldflags-tests.patch \
13 file://CVE-2016-9840.patch \ 13 file://CVE-2016-9840.patch \
14 file://CVE-2016-9841.patch \ 14 file://CVE-2016-9841.patch \
15 file://CVE-2016-9842.patch \
15 file://run-ptest \ 16 file://run-ptest \
16 " 17 "
17 18