diff options
-rw-r--r-- | meta/recipes-core/libxml/libxml2.inc | 1 | ||||
-rw-r--r-- | meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 97eb417a03..bc84656303 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc | |||
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ | |||
26 | file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ | 26 | file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ |
27 | file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ | 27 | file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ |
28 | file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ | 28 | file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ |
29 | file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \ | ||
29 | " | 30 | " |
30 | 31 | ||
31 | BINCONFIG = "${bindir}/xml2-config" | 32 | BINCONFIG = "${bindir}/xml2-config" |
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch new file mode 100644 index 0000000000..7107355706 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Veillard <veillard@redhat.com> | ||
3 | Date: Tue, 3 Nov 2015 15:31:25 +0800 | ||
4 | Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop | ||
5 | |||
6 | For https://bugzilla.gnome.org/show_bug.cgi?id=757466 | ||
7 | DoS when parsing specially crafted XML document if XZ support | ||
8 | is compiled in (which wasn't the case for 2.9.2 and master since | ||
9 | Nov 2013, fixed in next commit !) | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE-2015-8035 | ||
14 | |||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | xzlib.c | 4 ++++ | ||
19 | 1 file changed, 4 insertions(+) | ||
20 | |||
21 | diff --git a/xzlib.c b/xzlib.c | ||
22 | index 0dcb9f4..1fab546 100644 | ||
23 | --- a/xzlib.c | ||
24 | +++ b/xzlib.c | ||
25 | @@ -581,6 +581,10 @@ xz_decomp(xz_statep state) | ||
26 | xz_error(state, LZMA_DATA_ERROR, "compressed data error"); | ||
27 | return -1; | ||
28 | } | ||
29 | + if (ret == LZMA_PROG_ERROR) { | ||
30 | + xz_error(state, LZMA_PROG_ERROR, "compression error"); | ||
31 | + return -1; | ||
32 | + } | ||
33 | } while (strm->avail_out && ret != LZMA_STREAM_END); | ||
34 | |||
35 | /* update available output and crc check value */ | ||
36 | -- | ||
37 | 2.3.5 | ||
38 | |||