1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
new file mode 100644
index 0000000000..41b8d2a30a
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
@@ -0,0 +1,35 @@
+commit e54e1299404101a5a9d0cf5e45512b543967f958
+Author: Mark Adler <madler@alumni.caltech.edu>
+Date:   Sat Sep 5 17:45:55 2015 -0700
+    Avoid shifts of negative values inflateMark().
+    
+    The C standard says that bit shifts of negative integers is
+    undefined.  This casts to unsigned values to assure a known
+    result.
+Upstream-Status: Backport
+http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz
+https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
+CVE: CVE-2016-9842
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+diff --git a/inflate.c b/inflate.c
+index 2889e3a..a718416 100644
+--- a/inflate.c
+++ b/inflate.c
+@@ -1506,9 +1506,10 @@ z_streamp strm;
+ {
+     struct inflate_state FAR *state;
+ 
+-    if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return (long)(((unsigned long)0 - 1) << 16);
+     state = (struct inflate_state FAR *)strm->state;
+-    return ((long)(state->back) << 16) +
+    return (long)(((unsigned long)((long)state->back)) << 16) +
+         (state->mode == COPY ? state->length :
+             (state->mode == MATCH ? state->was - state->length : 0));
+ }

diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch new file mode 100644 index 0000000000..41b8d2a30a --- /dev/null +++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
@@ -0,0 +1,35 @@
	1	commit e54e1299404101a5a9d0cf5e45512b543967f958
	2	Author: Mark Adler <madler@alumni.caltech.edu>
	3	Date: Sat Sep 5 17:45:55 2015 -0700
	4
	5	Avoid shifts of negative values inflateMark().
	6
	7	The C standard says that bit shifts of negative integers is
	8	undefined. This casts to unsigned values to assure a known
	9	result.
	10
	11	Upstream-Status: Backport
	12	http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz
	13	https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
	14
	15	CVE: CVE-2016-9842
	16
	17	Signed-off-by: George McCollister <george.mccollister@gmail.com>
	18
	19	diff --git a/inflate.c b/inflate.c
	20	index 2889e3a..a718416 100644
	21	--- a/inflate.c
	22	+++ b/inflate.c
	23	@@ -1506,9 +1506,10 @@ z_streamp strm;
	24	{
	25	struct inflate_state FAR *state;
	26
	27	- if (strm == Z_NULL \|\| strm->state == Z_NULL) return -1L << 16;
	28	+ if (strm == Z_NULL \|\| strm->state == Z_NULL)
	29	+ return (long)(((unsigned long)0 - 1) << 16);
	30	state = (struct inflate_state FAR *)strm->state;
	31	- return ((long)(state->back) << 16) +
	32	+ return (long)(((unsigned long)((long)state->back)) << 16) +
	33	(state->mode == COPY ? state->length :
	34	(state->mode == MATCH ? state->was - state->length : 0));
	35	}