bzip2: Security fix CVE-2016-3189

Affects bzip2 <= 1.0.6 CVSS v2 Base Score: 4.3 MEDIUM Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Armin Kuster <akuster@mvista.com> 2016-07-16 16:04:13 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-07-20 10:24:56 +0100
commit: 979c61e47d416b940ca53e22acffdacb2625cf89 (patch)
tree: b575b870aadde2944e919c97741e4eb811040117 /meta/recipes-extended/bzip2/bzip2-1.0.6
parent: 5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e (diff)
download: openembedded-core-contrib-979c61e47d416b940ca53e22acffdacb2625cf89.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
new file mode 100644
index 0000000000..1d0c3a6dd3
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Backport
+https://bugzilla.suse.com/attachment.cgi?id=681334
+
+CVE: CVE-2016-3189
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bzip2-1.0.6/bzip2recover.c
+===================================================================
+--- bzip2-1.0.6.orig/bzip2recover.c
++++ bzip2-1.0.6/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
author	Armin Kuster <akuster@mvista.com>	2016-07-16 16:04:13 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-07-20 10:24:56 +0100
commit	979c61e47d416b940ca53e22acffdacb2625cf89 (patch)
tree	b575b870aadde2944e919c97741e4eb811040117 /meta/recipes-extended/bzip2/bzip2-1.0.6
parent	5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e (diff)
download	openembedded-core-contrib-979c61e47d416b940ca53e22acffdacb2625cf89.tar.gz