diff options
| author |   Micah Morton <mortonm@chromium.org> | 2018-10-19 11:01:18 -0700 |
|---|---|---|
| committer |   Mike Frysinger <vapier@gentoo.org> | 2019-01-03 06:21:44 -0500 |
| commit | 2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226 (patch) | |
| tree | dee4dd198d2454ac5d602f314328369a02e24474 /dev-libs | |
| parent | dev-libs/libxml2: fix CVE-2017-8872 #618110 (diff) | |
| download | gentoo-2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.tar.gz gentoo-2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.tar.bz2 gentoo-2acfef7fc1cc4d4ccff0783c4b4fc38dfc989226.zip | |
dev-libs/libxml2: fix CVE-2018-14567
Signed-off-by: Micah Morton <mortonm@chromium.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch | 50 | ||||
| -rw-r--r-- | dev-libs/libxml2/libxml2-2.9.8-r1.ebuild | 4 |
2 files changed, 54 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch new file mode 100644 index 000000000000..0d289352d2f9 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.8-CVE-2018-14567.patch @@ -0,0 +1,50 @@ +From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 30 Jul 2018 13:14:11 +0200 +Subject: [PATCH] Fix infinite loop in LZMA decompression +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check the liblzma error code more thoroughly to avoid infinite loops. + +Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13 +Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914 + +This is CVE-2018-9251 and CVE-2018-14567. + +Thanks to Dongliang Mu and Simon Wörner for the reports. +--- + xzlib.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/xzlib.c b/xzlib.c +index a839169ef2ec..0ba88cfa849d 100644 +--- a/xzlib.c ++++ b/xzlib.c +@@ -562,6 +562,10 @@ xz_decomp(xz_statep state) + "internal error: inflate stream corrupt"); + return -1; + } ++ /* ++ * FIXME: Remapping a couple of error codes and falling through ++ * to the LZMA error handling looks fragile. ++ */ + if (ret == Z_MEM_ERROR) + ret = LZMA_MEM_ERROR; + if (ret == Z_DATA_ERROR) +@@ -587,6 +591,11 @@ xz_decomp(xz_statep state) + xz_error(state, LZMA_PROG_ERROR, "compression error"); + return -1; + } ++ if ((state->how != GZIP) && ++ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) { ++ xz_error(state, ret, "lzma error"); ++ return -1; ++ } + } while (strm->avail_out && ret != LZMA_STREAM_END); + + /* update available output and crc check value */ +-- +2.19.1 + diff --git a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild index 1a798958bcbe..43da94cafedf 100644 --- a/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild +++ b/dev-libs/libxml2/libxml2-2.9.8-r1.ebuild @@ -88,6 +88,10 @@ src_prepare() { # https://bugzilla.gnome.org/show_bug.cgi?id=775200 eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2017-8872.patch + # CVE-2018-14567 + # https://bugzilla.gnome.org/show_bug.cgi?id=794914 + eapply "${FILESDIR}"/${PN}-2.9.8-CVE-2018-14567.patch + if [[ ${CHOST} == *-darwin* ]] ; then # Avoid final linking arguments for python modules sed -i -e '/PYTHON_LIBS/s/ldflags/libs/' configure.ac || die |