diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-12-14 13:24:12 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-30 12:02:01 +0000 |
| commit | e40cae30575a227bb0274869f720dffd816d629a (patch) | |
| tree | 168f9a8957b526a2b548f682f37d62027d528b2d | |
| parent | 9c841157f8ecd3221702c4675a4145f586617780 (diff) | |
| download | openembedded-core-e40cae30575a227bb0274869f720dffd816d629a.tar.gz openembedded-core-e40cae30575a227bb0274869f720dffd816d629a.tar.bz2 openembedded-core-e40cae30575a227bb0274869f720dffd816d629a.zip | |
libxml2: CVE-2015-8035
Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.
References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466
Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-core/libxml/libxml2.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 15a2421c38..d5e263bdf8 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-CVE-2014-3660.patch \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ file://CVE-2015-7942.patch \ + file://CVE-2015-8035.patch \ " BINCONFIG = "${bindir}/xml2-config" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch new file mode 100644 index 0000000000..d08693fa39 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch @@ -0,0 +1,35 @@ +From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Tue, 3 Nov 2015 15:31:25 +0800 +Subject: CVE-2015-8035 Fix XZ compression support loop + +For https://bugzilla.gnome.org/show_bug.cgi?id=757466 +DoS when parsing specially crafted XML document if XZ support +is compiled in (which wasn't the case for 2.9.2 and master since +Nov 2013, fixed in next commit !) + +Upstream-Status: Backport +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> + +--- + xzlib.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xzlib.c b/xzlib.c +index 0dcb9f4..1fab546 100644 +--- a/xzlib.c ++++ b/xzlib.c +@@ -581,6 +581,10 @@ xz_decomp(xz_statep state) + xz_error(state, LZMA_DATA_ERROR, "compressed data error"); + return -1; + } ++ if (ret == LZMA_PROG_ERROR) { ++ xz_error(state, LZMA_PROG_ERROR, "compression error"); ++ return -1; ++ } + } while (strm->avail_out && ret != LZMA_STREAM_END); + + /* update available output and crc check value */ +-- +cgit v0.11.2 + |