diff options
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch')
-rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch deleted file mode 100644 index d175f7453c..0000000000 --- a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | libxml2: CVE-2015-8035 | ||
2 | |||
3 | From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 | ||
4 | From: Daniel Veillard <veillard@redhat.com> | ||
5 | Date: Tue, 3 Nov 2015 15:31:25 +0800 | ||
6 | Subject: CVE-2015-8035 Fix XZ compression support loop | ||
7 | |||
8 | For https://bugzilla.gnome.org/show_bug.cgi?id=757466 | ||
9 | DoS when parsing specially crafted XML document if XZ support | ||
10 | is compiled in (which wasn't the case for 2.9.2 and master since | ||
11 | Nov 2013, fixed in next commit !) | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | https://git.gnome.org/browse/libxml2/patch/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 | ||
15 | |||
16 | [YOCTO #8641] | ||
17 | |||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | --- | ||
21 | xzlib.c | 4 ++++ | ||
22 | 1 file changed, 4 insertions(+) | ||
23 | |||
24 | diff --git a/xzlib.c b/xzlib.c | ||
25 | index 0dcb9f4..1fab546 100644 | ||
26 | --- a/xzlib.c | ||
27 | +++ b/xzlib.c | ||
28 | @@ -581,6 +581,10 @@ xz_decomp(xz_statep state) | ||
29 | xz_error(state, LZMA_DATA_ERROR, "compressed data error"); | ||
30 | return -1; | ||
31 | } | ||
32 | + if (ret == LZMA_PROG_ERROR) { | ||
33 | + xz_error(state, LZMA_PROG_ERROR, "compression error"); | ||
34 | + return -1; | ||
35 | + } | ||
36 | } while (strm->avail_out && ret != LZMA_STREAM_END); | ||
37 | |||
38 | /* update available output and crc check value */ | ||
39 | -- | ||
40 | cgit v0.11.2 | ||
41 | |||