diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /meta-openembedded/meta-oe/recipes-support/sharutils | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/sharutils')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-support/sharutils/sharutils/CVE-2018-1000097.patch | 61 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-support/sharutils/sharutils_4.15.2.bb | 1 |
2 files changed, 62 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils/CVE-2018-1000097.patch b/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils/CVE-2018-1000097.patch new file mode 100644 index 000000000..99dc4e304 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils/CVE-2018-1000097.patch @@ -0,0 +1,61 @@ +From bd68ae1271598e8fdc72f2adb457e6882604582d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Thu, 22 Feb 2018 16:39:43 +0100 +Subject: [PATCH] Fix a heap-buffer-overflow in find_archive() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +rw_buffer has allocated rw_base_size bytes. But subsequend fgets() in +find_archive() reads up-to BUFSIZ bytes. + +On my system, BUFSIZ is 8192. rw_base_size is usually equaled to +a memory page size, 4096 on my system. Thus find_archive() can write +beyonded allocated memmory for rw_buffer array: + +$ valgrind -- ./unshar /tmp/id\:000000\,sig\:06\,src\:000005+000030\,op\:splice\,rep\:4 +==30582== Memcheck, a memory error detector +==30582== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. +==30582== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info +==30582== Command: ./unshar /tmp/id:000000,sig:06,src:000005+000030,op:splice,rep:4 +==30582== +==30582== Invalid write of size 1 +==30582== at 0x4EAB480: _IO_getline_info (in /usr/lib64/libc-2.27.so) +==30582== by 0x4EB47C2: fgets_unlocked (in /usr/lib64/libc-2.27.so) +==30582== by 0x10BF60: fgets_unlocked (stdio2.h:320) +==30582== by 0x10BF60: find_archive (unshar.c:243) +==30582== by 0x10BF60: unshar_file (unshar.c:379) +==30582== by 0x10BCCC: validate_fname (unshar-opts.c:604) +==30582== by 0x10BCCC: main (unshar-opts.c:639) +==30582== Address 0x523a790 is 0 bytes after a block of size 4,096 alloc'd +==30582== at 0x4C2DBBB: malloc (vg_replace_malloc.c:299) +==30582== by 0x10C670: init_unshar (unshar.c:450) +==30582== by 0x10BC55: main (unshar-opts.c:630) + +This was reported in +<http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00004.html>. + +CVE: CVE-2018-1000097 +Upstream-Status: no upstream [http://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00004.html] +Signed-off-by: Petr Písař <ppisar@redhat.com> +Signed-off-by: Sinan Kaya <okaya@kernel.org> +--- + src/unshar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/unshar.c b/src/unshar.c +index 80bc3a9..0fc3773 100644 +--- a/src/unshar.c ++++ b/src/unshar.c +@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start) + off_t position = ftello (file); + + /* Read next line, fail if no more and no previous process. */ +- if (!fgets (rw_buffer, BUFSIZ, file)) ++ if (!fgets (rw_buffer, rw_base_size, file)) + { + if (!start) + error (0, 0, _("Found no shell commands in %s"), name); +-- +2.19.0 + diff --git a/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils_4.15.2.bb b/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils_4.15.2.bb index 812fee955..c12289b5d 100644 --- a/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils_4.15.2.bb +++ b/meta-openembedded/meta-oe/recipes-support/sharutils/sharutils_4.15.2.bb @@ -8,6 +8,7 @@ inherit gettext autotools SRC_URI = "ftp://ftp.gnu.org/gnu/${BPN}/${BP}.tar.gz \ file://0001-Fix-build-with-clang.patch \ + file://CVE-2018-1000097.patch \ " SRC_URI[md5sum] = "32a51b23e25ad5e6af4b89f228be1800" SRC_URI[sha256sum] = "ee336e68549664e7a19b117adf02edfdeac6307f22e5ba78baca457116914637" |