summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch38
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 97eb417a03..bc84656303 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -26,6 +26,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
26 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ 26 file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \
27 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ 27 file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \
28 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ 28 file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \
29 file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \
29 " 30 "
30 31
31BINCONFIG = "${bindir}/xml2-config" 32BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
new file mode 100644
index 0000000000..7107355706
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
@@ -0,0 +1,38 @@
1From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Tue, 3 Nov 2015 15:31:25 +0800
4Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7DoS when parsing specially crafted XML document if XZ support
8is compiled in (which wasn't the case for 2.9.2 and master since
9Nov 2013, fixed in next commit !)
10
11Upstream-Status: Backport
12
13CVE-2015-8035
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 xzlib.c | 4 ++++
19 1 file changed, 4 insertions(+)
20
21diff --git a/xzlib.c b/xzlib.c
22index 0dcb9f4..1fab546 100644
23--- a/xzlib.c
24+++ b/xzlib.c
25@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
26 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
27 return -1;
28 }
29+ if (ret == LZMA_PROG_ERROR) {
30+ xz_error(state, LZMA_PROG_ERROR, "compression error");
31+ return -1;
32+ }
33 } while (strm->avail_out && ret != LZMA_STREAM_END);
34
35 /* update available output and crc check value */
36--
372.3.5
38