summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-12-14 12:24:12 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-30 12:03:14 (GMT)
commitd4db68ae6bae2d9c6d7ed17a0dbce17477b84c9d (patch)
treec59bb74281627581b8298716ae24f1c39567fe58
parent3beebd944711bb7f015385823a2cfbe2095d2f1d (diff)
downloadpoky-d4db68ae6bae2d9c6d7ed17a0dbce17477b84c9d.tar.gz
libxml2: CVE-2015-8035
Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (From OE-Core rev: e40cae30575a227bb0274869f720dffd816d629a) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/libxml/libxml2.inc1
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch35
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc
index 15a2421..d5e263b 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
24 file://libxml2-CVE-2014-3660.patch \ 24 file://libxml2-CVE-2014-3660.patch \
25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ 25 file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
26 file://CVE-2015-7942.patch \ 26 file://CVE-2015-7942.patch \
27 file://CVE-2015-8035.patch \
27 " 28 "
28 29
29BINCONFIG = "${bindir}/xml2-config" 30BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
new file mode 100644
index 0000000..d08693f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
@@ -0,0 +1,35 @@
1From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
2From: Daniel Veillard <veillard@redhat.com>
3Date: Tue, 3 Nov 2015 15:31:25 +0800
4Subject: CVE-2015-8035 Fix XZ compression support loop
5
6For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7DoS when parsing specially crafted XML document if XZ support
8is compiled in (which wasn't the case for 2.9.2 and master since
9Nov 2013, fixed in next commit !)
10
11Upstream-Status: Backport
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13
14---
15 xzlib.c | 4 ++++
16 1 file changed, 4 insertions(+)
17
18diff --git a/xzlib.c b/xzlib.c
19index 0dcb9f4..1fab546 100644
20--- a/xzlib.c
21+++ b/xzlib.c
22@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
23 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
24 return -1;
25 }
26+ if (ret == LZMA_PROG_ERROR) {
27+ xz_error(state, LZMA_PROG_ERROR, "compression error");
28+ return -1;
29+ }
30 } while (strm->avail_out && ret != LZMA_STREAM_END);
31
32 /* update available output and crc check value */
33--
34cgit v0.11.2
35