diff options
| author | Armin Kuster <akuster@mvista.com> | 2015-12-05 10:56:23 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-20 17:08:29 +0000 |
| commit | 2390475894663d718a00447ee48764f472ce60f7 (patch) | |
| tree | 29fb908a1b7d811b6cc9a8dd0fbef8a814a2294b | |
| parent | 663943a80238572030978df484c73f4e80e06bf1 (diff) | |
| download | poky-2390475894663d718a00447ee48764f472ce60f7.tar.gz | |
libxml2: security fix CVE-2015-8035
(From OE-Core rev: 495eaf5039596ac0fab7684cfc867569710eb0f4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 56a99e8b6d..365d5bc7a6 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc | |||
| @@ -28,6 +28,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ | |||
| 28 | file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ | 28 | file://CVE-2015-8317-Fail-parsing-early-on-if-encoding-conversion-failed.patch \ |
| 29 | file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ | 29 | file://CVE-2015-7942-Another-variation-of-overflow-in-Conditional-section.patch \ |
| 30 | file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ | 30 | file://CVE-2015-7942-2-Fix-an-error-in-previous-Conditional-section-patch.patch \ |
| 31 | file://0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch \ | ||
| 31 | " | 32 | " |
| 32 | 33 | ||
| 33 | BINCONFIG = "${bindir}/xml2-config" | 34 | BINCONFIG = "${bindir}/xml2-config" |
diff --git a/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch new file mode 100644 index 0000000000..7107355706 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/0001-CVE-2015-8035-Fix-XZ-compression-support-loop.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Veillard <veillard@redhat.com> | ||
| 3 | Date: Tue, 3 Nov 2015 15:31:25 +0800 | ||
| 4 | Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop | ||
| 5 | |||
| 6 | For https://bugzilla.gnome.org/show_bug.cgi?id=757466 | ||
| 7 | DoS when parsing specially crafted XML document if XZ support | ||
| 8 | is compiled in (which wasn't the case for 2.9.2 and master since | ||
| 9 | Nov 2013, fixed in next commit !) | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | |||
| 13 | CVE-2015-8035 | ||
| 14 | |||
| 15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 16 | |||
| 17 | --- | ||
| 18 | xzlib.c | 4 ++++ | ||
| 19 | 1 file changed, 4 insertions(+) | ||
| 20 | |||
| 21 | diff --git a/xzlib.c b/xzlib.c | ||
| 22 | index 0dcb9f4..1fab546 100644 | ||
| 23 | --- a/xzlib.c | ||
| 24 | +++ b/xzlib.c | ||
| 25 | @@ -581,6 +581,10 @@ xz_decomp(xz_statep state) | ||
| 26 | xz_error(state, LZMA_DATA_ERROR, "compressed data error"); | ||
| 27 | return -1; | ||
| 28 | } | ||
| 29 | + if (ret == LZMA_PROG_ERROR) { | ||
| 30 | + xz_error(state, LZMA_PROG_ERROR, "compression error"); | ||
| 31 | + return -1; | ||
| 32 | + } | ||
| 33 | } while (strm->avail_out && ret != LZMA_STREAM_END); | ||
| 34 | |||
| 35 | /* update available output and crc check value */ | ||
| 36 | -- | ||
| 37 | 2.3.5 | ||
| 38 | |||
