diff options
author | Armin Kuster <akuster@mvista.com> | 2016-07-16 16:04:13 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-20 10:28:52 +0100 |
commit | 3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (patch) | |
tree | bd083b86c2eeb547dbf0d8147cd8f1f4d893b79e /meta | |
parent | c0dbed63c6f1d7ac758672f20489ffaea3736758 (diff) | |
download | poky-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.tar.gz |
bzip2: Security fix CVE-2016-3189
Affects bzip2 <= 1.0.6
CVSS v2 Base Score: 4.3 MEDIUM
(From OE-Core rev: 979c61e47d416b940ca53e22acffdacb2625cf89)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch | 18 | ||||
-rw-r--r-- | meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch new file mode 100644 index 0000000000..1d0c3a6dd3 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch | |||
@@ -0,0 +1,18 @@ | |||
1 | Upstream-Status: Backport | ||
2 | https://bugzilla.suse.com/attachment.cgi?id=681334 | ||
3 | |||
4 | CVE: CVE-2016-3189 | ||
5 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
6 | |||
7 | Index: bzip2-1.0.6/bzip2recover.c | ||
8 | =================================================================== | ||
9 | --- bzip2-1.0.6.orig/bzip2recover.c | ||
10 | +++ bzip2-1.0.6/bzip2recover.c | ||
11 | @@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) | ||
12 | bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); | ||
13 | bsPutUInt32 ( bsWr, blockCRC ); | ||
14 | bsClose ( bsWr ); | ||
15 | + outFile = NULL; | ||
16 | } | ||
17 | if (wrBlock >= rbCtr) break; | ||
18 | wrBlock++; | ||
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index f717d85f4f..ef7bc89765 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb | |||
@@ -12,7 +12,9 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ | |||
12 | file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ | 12 | file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ |
13 | file://configure.ac;subdir=${BP} \ | 13 | file://configure.ac;subdir=${BP} \ |
14 | file://Makefile.am;subdir=${BP} \ | 14 | file://Makefile.am;subdir=${BP} \ |
15 | file://run-ptest" | 15 | file://run-ptest \ |
16 | file://CVE-2016-3189.patch \ | ||
17 | " | ||
16 | 18 | ||
17 | SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" | 19 | SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" |
18 | SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" | 20 | SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" |