diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
| commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
| tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /meta-openembedded/meta-oe/recipes-support/gnulib | |
| parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
| download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz | |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/gnulib')
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch | 88 | ||||
| -rw-r--r-- | meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb | 4 |
2 files changed, 92 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch new file mode 100644 index 000000000..77e82b167 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch @@ -0,0 +1,88 @@ +From e91600a7aae3bafbefbe13abf771e61badd16286 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Tue, 16 Oct 2018 14:26:11 +0800 +Subject: [PATCH] vasnprintf: Fix heap memory overrun bug. + +Reported by Ben Pfaff <blp@cs.stanford.edu> in +<https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>. + +* lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of +memory. +* tests/test-vasnprintf.c (test_function): Add another test. + +Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=gnulib.git; +a=commitdiff;h=278b4175c9d7dd47c1a3071554aac02add3b3c35] + +CVE: CVE-2018-17942 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + ChangeLog | 8 ++++++++ + lib/vasnprintf.c | 4 +++- + tests/test-vasnprintf.c | 19 ++++++++++++++++++- + 3 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 9864353..5ff76a3 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,11 @@ ++2018-09-23 Bruno Haible <bruno@clisp.org> ++ vasnprintf: Fix heap memory overrun bug. ++ Reported by Ben Pfaff <blp@cs.stanford.edu> in ++ <https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>. ++ * lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of ++ memory. ++ * tests/test-vasnprintf.c (test_function): Add another test. ++ + 2017-08-21 Paul Eggert <eggert@cs.ucla.edu> + + vc-list-files: port to Solaris 10 +diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c +index 2e4eb19..45de49f 100644 +--- a/lib/vasnprintf.c ++++ b/lib/vasnprintf.c +@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes) + size_t a_len = a.nlimbs; + /* 0.03345 is slightly larger than log(2)/(9*log(10)). */ + size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1); +- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes)); ++ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the ++ digits of a, followed by 1 byte for the terminating NUL. */ ++ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1)); + if (c_ptr != NULL) + { + char *d_ptr = c_ptr; +diff --git a/tests/test-vasnprintf.c b/tests/test-vasnprintf.c +index 2dd869f..ff68d5c 100644 +--- a/tests/test-vasnprintf.c ++++ b/tests/test-vasnprintf.c +@@ -53,7 +53,24 @@ test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...)) + ASSERT (result != NULL); + ASSERT (strcmp (result, "12345") == 0); + ASSERT (length == 5); +- if (size < 6) ++ if (size < 5 + 1) ++ ASSERT (result != buf); ++ ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); ++ if (result != buf) ++ free (result); ++ } ++ /* Note: This test assumes IEEE 754 representation of 'double' floats. */ ++ for (size = 0; size <= 8; size++) ++ { ++ size_t length; ++ char *result; ++ memcpy (buf, "DEADBEEF", 8); ++ length = size; ++ result = my_asnprintf (buf, &length, "%2.0f", 1.6314159265358979e+125); ++ ASSERT (result != NULL); ++ ASSERT (strcmp (result, "163141592653589790215729350939528493057529598899734151772468186268423257777068536614838678161083520756952076273094236944990208") == 0); ++ ASSERT (length == 126); ++ if (size < 126 + 1) + ASSERT (result != buf); + ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); + if (result != buf) +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb index b72ffa9a1..e04881055 100644 --- a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb +++ b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" SRCREV = "b23000de1e47c7d580e0e220966dd1ee42a5e5bc" SRC_URI = "git://git.sv.gnu.org/gnulib;protocol=git \ + file://CVE-2018-17942.patch \ " S = "${WORKDIR}/git" @@ -22,6 +23,8 @@ do_install () { cd ${S} git checkout master git clone ${S} ${D}/${datadir}/gnulib + cd ${D}/${datadir}/gnulib + git am ${WORKDIR}/CVE-2018-17942.patch } do_patch[noexec] = "1" @@ -32,5 +35,6 @@ do_packagedata[noexec] = "1" deltask package_write_ipk deltask package_write_deb deltask package_write_rpm +deltask do_deploy_archives BBCLASSEXTEND = "native" |