diff options
Diffstat (limited to 'meta/recipes-core/libxml/libxml2/0001-Fix-infinite-loop-in-LZMA-decompression.patch')
| -rw-r--r-- | meta/recipes-core/libxml/libxml2/0001-Fix-infinite-loop-in-LZMA-decompression.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/meta/recipes-core/libxml/libxml2/0001-Fix-infinite-loop-in-LZMA-decompression.patch b/meta/recipes-core/libxml/libxml2/0001-Fix-infinite-loop-in-LZMA-decompression.patch deleted file mode 100644 index 16c229574c..0000000000 --- a/meta/recipes-core/libxml/libxml2/0001-Fix-infinite-loop-in-LZMA-decompression.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 28a9dc642ffd759df1e48be247a114f440a6c16e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Mon, 30 Jul 2018 13:14:11 +0200 -Subject: [PATCH] Fix infinite loop in LZMA decompression -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Check the liblzma error code more thoroughly to avoid infinite loops. - -Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 -Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 - -This is CVE-2018-9251 and CVE-2018-14567. - -Thanks to Dongliang Mu and Simon Wörner for the reports. - -CVE: CVE-2018-9251 -CVE: CVE-2018-14567 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - xzlib.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/xzlib.c b/xzlib.c -index a839169..0ba88cf 100644 ---- a/xzlib.c -+++ b/xzlib.c -@@ -562,6 +562,10 @@ xz_decomp(xz_statep state) - "internal error: inflate stream corrupt"); - return -1; - } -+ /* -+ * FIXME: Remapping a couple of error codes and falling through -+ * to the LZMA error handling looks fragile. -+ */ - if (ret == Z_MEM_ERROR) - ret = LZMA_MEM_ERROR; - if (ret == Z_DATA_ERROR) -@@ -587,6 +591,11 @@ xz_decomp(xz_statep state) - xz_error(state, LZMA_PROG_ERROR, "compression error"); - return -1; - } -+ if ((state->how != GZIP) && -+ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) { -+ xz_error(state, ret, "lzma error"); -+ return -1; -+ } - } while (strm->avail_out && ret != LZMA_STREAM_END); - - /* update available output and crc check value */ --- -2.7.4 - |