1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch b/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch
new file mode 100644
index 0000000000..810d8a3fdb
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch
@@ -0,0 +1,33 @@
+From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Sat, 5 Sep 2015 17:45:55 -0700
+Subject: [PATCH] Avoid shifts of negative values inflateMark().
+The C standard says that bit shifts of negative integers is
+undefined.  This casts to unsigned values to assure a known
+result.
+CVE: CVE-2016-9842
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+diff --git a/zlib/inflate.c b/zlib/inflate.c
+index 2889e3a0..a7184167 100644
+--- a/zlib/inflate.c
+++ b/zlib/inflate.c
+@@ -1506,9 +1506,10 @@ z_streamp strm;
+ {
+     struct inflate_state FAR *state;
+ 
+-    if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return (long)(((unsigned long)0 - 1) << 16);
+     state = (struct inflate_state FAR *)strm->state;
+-    return ((long)(state->back) << 16) +
+    return (long)(((unsigned long)((long)state->back)) << 16) +
+         (state->mode == COPY ? state->length :
+             (state->mode == MATCH ? state->was - state->length : 0));
+ }

diff --git a/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch b/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch new file mode 100644 index 0000000000..810d8a3fdb --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch
@@ -0,0 +1,33 @@
	1	From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
	2	From: Mark Adler <madler@alumni.caltech.edu>
	3	Date: Sat, 5 Sep 2015 17:45:55 -0700
	4	Subject: [PATCH] Avoid shifts of negative values inflateMark().
	5
	6	The C standard says that bit shifts of negative integers is
	7	undefined. This casts to unsigned values to assure a known
	8	result.
	9
	10	CVE: CVE-2016-9842
	11	Upstream-Status: Backport
	12	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
	13	---
	14	inflate.c \| 5 +++--
	15	1 file changed, 3 insertions(+), 2 deletions(-)
	16
	17	diff --git a/zlib/inflate.c b/zlib/inflate.c
	18	index 2889e3a0..a7184167 100644
	19	--- a/zlib/inflate.c
	20	+++ b/zlib/inflate.c
	21	@@ -1506,9 +1506,10 @@ z_streamp strm;
	22	{
	23	struct inflate_state FAR *state;
	24
	25	- if (strm == Z_NULL \|\| strm->state == Z_NULL) return -1L << 16;
	26	+ if (strm == Z_NULL \|\| strm->state == Z_NULL)
	27	+ return (long)(((unsigned long)0 - 1) << 16);
	28	state = (struct inflate_state FAR *)strm->state;
	29	- return ((long)(state->back) << 16) +
	30	+ return (long)(((unsigned long)((long)state->back)) << 16) +
	31	(state->mode == COPY ? state->length :
	32	(state->mode == MATCH ? state->was - state->length : 0));
	33	}