summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch')
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch41
1 files changed, 0 insertions, 41 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
deleted file mode 100644
index d175f74..0000000
--- a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1libxml2: CVE-2015-8035
2
3From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
4From: Daniel Veillard <veillard@redhat.com>
5Date: Tue, 3 Nov 2015 15:31:25 +0800
6Subject: CVE-2015-8035 Fix XZ compression support loop
7
8For https://bugzilla.gnome.org/show_bug.cgi?id=757466
9DoS when parsing specially crafted XML document if XZ support
10is compiled in (which wasn't the case for 2.9.2 and master since
11Nov 2013, fixed in next commit !)
12
13Upstream-Status: Backport
14https://git.gnome.org/browse/libxml2/patch/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
15
16[YOCTO #8641]
17
18Signed-off-by: Armin Kuster <akuster@mvista.com>
19
20---
21 xzlib.c | 4 ++++
22 1 file changed, 4 insertions(+)
23
24diff --git a/xzlib.c b/xzlib.c
25index 0dcb9f4..1fab546 100644
26--- a/xzlib.c
27+++ b/xzlib.c
28@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
29 xz_error(state, LZMA_DATA_ERROR, "compressed data error");
30 return -1;
31 }
32+ if (ret == LZMA_PROG_ERROR) {
33+ xz_error(state, LZMA_PROG_ERROR, "compression error");
34+ return -1;
35+ }
36 } while (strm->avail_out && ret != LZMA_STREAM_END);
37
38 /* update available output and crc check value */
39--
40cgit v0.11.2
41