summaryrefslogtreecommitdiffstats
path: root/import-layers/yocto-poky/meta/recipes-core/expat
diff options
context:
space:
mode:
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-core/expat')
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/autotools.patch24
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/expat-CVE-2015-1283.patch62
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/expat/expat.inc22
-rw-r--r--import-layers/yocto-poky/meta/recipes-core/expat/expat_2.1.0.bb5
4 files changed, 113 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/autotools.patch b/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/autotools.patch
new file mode 100644
index 000000000..0e599697a
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/autotools.patch
@@ -0,0 +1,24 @@
+Avoid using expat's m4 files
+
+Upstream-Status: Inappropriate [Other]
+Workaround specific to our build system.
+
+Signed-off-by: Kevin Tian <kevin.tian@intel.com>
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+Updated to apply over expat 2.1.0
+
+Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
+
+diff -Nurd expat-2.1.0/configure.in expat-2.1.0/configure.in
+--- expat-2.1.0/configure.in 2012-03-04 01:45:53.000000000 +0200
++++ expat-2.1.0/configure.in 2012-05-10 21:04:44.000000000 +0300
+@@ -51,8 +51,6 @@
+
+ AC_CONFIG_HEADER(expat_config.h)
+
+-sinclude(conftools/ac_c_bigendian_cross.m4)
+-
+ AC_LIBTOOL_WIN32_DLL
+ AC_PROG_LIBTOOL
+
diff --git a/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/expat-CVE-2015-1283.patch b/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/expat-CVE-2015-1283.patch
new file mode 100644
index 000000000..1d0acb6b9
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/expat/expat-2.1.0/expat-CVE-2015-1283.patch
@@ -0,0 +1,62 @@
+Multiple integer overflows in the XML_GetBuffer function in Expat
+through 2.1.0, allow remote attackers to cause a denial of service
+(heap-based buffer overflow) or possibly have unspecified other
+impact via crafted XML data.
+
+CVSSv2: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
+
+CVE: CVE-2015-1283
+Upstream-Status: Backport
+
+Signed-off-by: Eric Rahm <erahm@mozilla.com>
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windirver.com>
+
+Index: expat-2.1.0/lib/xmlparse.c
+===================================================================
+--- expat-2.1.0.orig/lib/xmlparse.c 2012-03-11 13:13:12.000000000 +0800
++++ expat-2.1.0/lib/xmlparse.c 2015-12-23 10:29:07.347361329 +0800
+@@ -1678,6 +1678,12 @@
+ void * XMLCALL
+ XML_GetBuffer(XML_Parser parser, int len)
+ {
++/* BEGIN MOZILLA CHANGE (sanity check len) */
++ if (len < 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ switch (ps_parsing) {
+ case XML_SUSPENDED:
+ errorCode = XML_ERROR_SUSPENDED;
+@@ -1689,8 +1695,13 @@
+ }
+
+ if (len > bufferLim - bufferEnd) {
+- /* FIXME avoid integer overflow */
+ int neededSize = len + (int)(bufferEnd - bufferPtr);
++/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
++ if (neededSize < 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ #ifdef XML_CONTEXT_BYTES
+ int keep = (int)(bufferPtr - buffer);
+
+@@ -1719,7 +1730,15 @@
+ bufferSize = INIT_BUFFER_SIZE;
+ do {
+ bufferSize *= 2;
+- } while (bufferSize < neededSize);
++/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
++ } while (bufferSize < neededSize && bufferSize > 0);
++/* END MOZILLA CHANGE */
++/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
++ if (bufferSize <= 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ newBuf = (char *)MALLOC(bufferSize);
+ if (newBuf == 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
diff --git a/import-layers/yocto-poky/meta/recipes-core/expat/expat.inc b/import-layers/yocto-poky/meta/recipes-core/expat/expat.inc
new file mode 100644
index 000000000..4bd60a2a6
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/expat/expat.inc
@@ -0,0 +1,22 @@
+SUMMARY = "A stream-oriented XML parser library"
+DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)"
+HOMEPAGE = "http://expat.sourceforge.net/"
+SECTION = "libs"
+LICENSE = "MIT"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.gz \
+ file://autotools.patch \
+ file://expat-CVE-2015-1283.patch \
+ "
+
+inherit autotools lib_package gzipnative
+
+# This package uses an archive format known to have issue with some
+# versions of gzip
+do_unpack[depends] += "gzip-native:do_populate_sysroot"
+
+do_configure_prepend () {
+ rm -f ${S}/conftools/libtool.m4
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/import-layers/yocto-poky/meta/recipes-core/expat/expat_2.1.0.bb b/import-layers/yocto-poky/meta/recipes-core/expat/expat_2.1.0.bb
new file mode 100644
index 000000000..b958742ed
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-core/expat/expat_2.1.0.bb
@@ -0,0 +1,5 @@
+require expat.inc
+LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874"
+
+SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd"
+SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86"
OpenPOWER on IntegriCloud