mirror of
https://git.yoctoproject.org/poky
synced 2026-02-14 12:43:03 +01:00
db32c9bda3
rsync includes its own copy of zlib and doesn't recommend linking with the system version [1]. Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used by rsync. [1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync [2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8 (From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001
|
|
From: Mark Adler <madler@alumni.caltech.edu>
|
|
Date: Sat, 5 Sep 2015 17:45:55 -0700
|
|
Subject: [PATCH] Avoid shifts of negative values inflateMark().
|
|
|
|
The C standard says that bit shifts of negative integers is
|
|
undefined. This casts to unsigned values to assure a known
|
|
result.
|
|
|
|
CVE: CVE-2016-9842
|
|
Upstream-Status: Backport
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
---
|
|
inflate.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/zlib/inflate.c b/zlib/inflate.c
|
|
index 2889e3a0..a7184167 100644
|
|
--- a/zlib/inflate.c
|
|
+++ b/zlib/inflate.c
|
|
@@ -1506,9 +1506,10 @@ z_streamp strm;
|
|
{
|
|
struct inflate_state FAR *state;
|
|
|
|
- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
|
|
+ if (strm == Z_NULL || strm->state == Z_NULL)
|
|
+ return (long)(((unsigned long)0 - 1) << 16);
|
|
state = (struct inflate_state FAR *)strm->state;
|
|
- return ((long)(state->back) << 16) +
|
|
+ return (long)(((unsigned long)((long)state->back)) << 16) +
|
|
(state->mode == COPY ? state->length :
|
|
(state->mode == MATCH ? state->was - state->length : 0));
|
|
}
|