aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-07-16 16:04:13 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-20 10:28:52 +0100
commit3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (patch)
treebd083b86c2eeb547dbf0d8147cd8f1f4d893b79e
parentc0dbed63c6f1d7ac758672f20489ffaea3736758 (diff)
downloadopenembedded-core-contrib-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.tar.gz
openembedded-core-contrib-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.tar.bz2
openembedded-core-contrib-3aaf0232027629b868c85a8f86c2d26e5e9c7ea9.zip
bzip2: Security fix CVE-2016-3189
Affects bzip2 <= 1.0.6 CVSS v2 Base Score: 4.3 MEDIUM (From OE-Core rev: 979c61e47d416b940ca53e22acffdacb2625cf89) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch18
-rw-r--r--meta/recipes-extended/bzip2/bzip2_1.0.6.bb4
2 files changed, 21 insertions, 1 deletions
diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
new file mode 100644
index 00000000000..1d0c3a6dd34
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Backport
+https://bugzilla.suse.com/attachment.cgi?id=681334
+
+CVE: CVE-2016-3189
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bzip2-1.0.6/bzip2recover.c
+===================================================================
+--- bzip2-1.0.6.orig/bzip2recover.c
++++ bzip2-1.0.6/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index f717d85f4f2..ef7bc897653 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -12,7 +12,9 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
- file://run-ptest"
+ file://run-ptest \
+ file://CVE-2016-3189.patch \
+ "
SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"