Browse code
Applied patch for CVE-2015-9019
Change-Id: I5807b433deb9cf8fe58b1c7ccb145fadb021652e
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3228
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
Tested-by: gerrit-photon <photon-checkins@vmware.com>
dthaluru authored on 2017/07/12 10:46:51Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,46 @@ |
| 0 |
+commit 047a0fd99e64c554c4edf44cc67ee765b09af017 |
|
| 1 |
+Author: Marcus Meissner <meissner@suse.de> |
|
| 2 |
+Date: Tue Apr 4 16:27:39 2017 +0200 |
|
| 3 |
+ |
|
| 4 |
+ initialize the random seed |
|
| 5 |
+ |
|
| 6 |
+diff --git a/libexslt/math.c b/libexslt/math.c |
|
| 7 |
+index 6b24dbe0..b7a8d6e1 100644 |
|
| 8 |
+--- a/libexslt/math.c |
|
| 9 |
+@@ -23,6 +23,14 @@ |
|
| 10 |
+ #ifdef HAVE_STDLIB_H |
|
| 11 |
+ #include <stdlib.h> |
|
| 12 |
+ #endif |
|
| 13 |
++#ifdef HAVE_UNISTD_H |
|
| 14 |
++#include <unistd.h> |
|
| 15 |
++#endif |
|
| 16 |
++#include <fcntl.h> |
|
| 17 |
++#ifdef HAVE_TIME_H |
|
| 18 |
++#include <time.h> |
|
| 19 |
++#endif |
|
| 20 |
++ |
|
| 21 |
+ |
|
| 22 |
+ #include "exslt.h" |
|
| 23 |
+ |
|
| 24 |
+@@ -474,6 +482,20 @@ static double |
|
| 25 |
+ exsltMathRandom (void) {
|
|
| 26 |
+ double ret; |
|
| 27 |
+ int num; |
|
| 28 |
++ long seed; |
|
| 29 |
++ static int randinit = 0; |
|
| 30 |
++ |
|
| 31 |
++ if (!randinit) {
|
|
| 32 |
++ int fd = open("/dev/urandom",O_RDONLY);
|
|
| 33 |
++ |
|
| 34 |
++ seed = time(NULL); /* just in case /dev/urandom is not there */ |
|
| 35 |
++ if (fd != -1) {
|
|
| 36 |
++ read (fd, &seed, sizeof(seed)); |
|
| 37 |
++ close (fd); |
|
| 38 |
++ } |
|
| 39 |
++ srand(seed); |
|
| 40 |
++ randinit = 1; |
|
| 41 |
++ } |
|
| 42 |
+ |
|
| 43 |
+ num = rand(); |
|
| 44 |
+ ret = (double)num / (double)RAND_MAX; |
| ... | ... |
@@ -1,15 +1,16 @@ |
| 1 | 1 |
Summary: Libxslt-1.1.29 |
| 2 | 2 |
Name: libxslt |
| 3 | 3 |
Version: 1.1.29 |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: MIT |
| 6 | 6 |
URL: http:/http://xmlsoft.org/libxslt/ |
| 7 | 7 |
Group: System Environment/General Libraries |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://xmlsoft.org/sources/%{name}-%{version}.tar.gz
|
| 11 |
-Patch0: libxslt-CVE-2017-5029.patch |
|
| 12 | 11 |
%define sha1 libxslt=edcaeabb3555ae44853bdc406ee9521fb65c620d |
| 12 |
+Patch0: libxslt-CVE-2017-5029.patch |
|
| 13 |
+Patch1: libxslt-CVE-2015-9019.patch |
|
| 13 | 14 |
Requires: libxml2-devel |
| 14 | 15 |
BuildRequires: libxml2-devel |
| 15 | 16 |
%description |
| ... | ... |
@@ -25,6 +26,7 @@ Header files for doing development with libxslt. |
| 25 | 25 |
%prep |
| 26 | 26 |
%setup -q |
| 27 | 27 |
%patch0 -p1 |
| 28 |
+%patch1 -p1 |
|
| 28 | 29 |
|
| 29 | 30 |
%build |
| 30 | 31 |
./configure \ |
| ... | ... |
@@ -68,6 +70,8 @@ rm -rf %{buildroot}/*
|
| 68 | 68 |
%{_datadir}/aclocal/*
|
| 69 | 69 |
|
| 70 | 70 |
%changelog |
| 71 |
+* Tue Jul 11 2017 Divya Thaluru <dthaluru@vmware.com> 1.1.29-4 |
|
| 72 |
+- Applied patch for CVE-2015-9019 |
|
| 71 | 73 |
* Fri Jun 02 2017 Xiaolin Li <xiaolinl@vmware.com> 1.1.29-3 |
| 72 | 74 |
- Build does not requires python. |
| 73 | 75 |
* Thu May 25 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.1.29-2 |