diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-10-03 00:54:45 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-10-18 16:09:35 +0300 |
commit | 004d49958a83b2ab92301b67134d6910313d94d8 (patch) | |
tree | 3ac325f55a24dad4ea8569be395fdb6b4a8248c8 /poky/meta/recipes-devtools/git | |
parent | 6ad4e5bc647bd823fd10fca9022b7129df2fa369 (diff) | |
download | openbmc-004d49958a83b2ab92301b67134d6910313d94d8.tar.xz |
poky: sumo refresh 36d5cee56b..d240b885f2
Update poky to sumo HEAD.
Changqing Li (1):
libsndfile1: CVE-2018-13139
Chen Qi (2):
runqemu: add SIGTERM handler to make sure things are cleaned up
runqemu: fix handling of SIGTERM and the problem of line wrapping
Hongxu Jia (1):
nasm: fix CVE-2018-10016
Ioan-Adrian Ratiu (1):
rootfs: always update the opkg index
Jagadeesh Krishnanjanappa (1):
runqemu: exit gracefully with an error message if qemu system is not evaluated
Joe Slater (1):
libtiff: fix CVE-2017-17095
Khem Raj (1):
x264: Disable asm on musl/x86
Nicolas Dechesne (1):
checklayer: avoid recursive loop in add_layer_dependencies
Ola x Nilsson (1):
externalsrc.bbclass: Set BB_DONT_CACHE for non-target recipes
Richard Purdie (1):
recipes: Update git.gnome.org addresses after upstream changes
Sinan Kaya (3):
libxml2: CVE-2018-14404
python3: CVE-2018-1061
git: CVE-2018-11233
Change-Id: Ic2daa2803af197180e605346f59bab03f8264e19
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-devtools/git')
-rw-r--r-- | poky/meta/recipes-devtools/git/files/CVE-2018-11233.patch | 44 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/git/git.inc | 3 |
2 files changed, 46 insertions, 1 deletions
diff --git a/poky/meta/recipes-devtools/git/files/CVE-2018-11233.patch b/poky/meta/recipes-devtools/git/files/CVE-2018-11233.patch new file mode 100644 index 000000000..f4468cf2f --- /dev/null +++ b/poky/meta/recipes-devtools/git/files/CVE-2018-11233.patch @@ -0,0 +1,44 @@ +From 014281e62b7920a6d710a85089e00ca012b0744c Mon Sep 17 00:00:00 2001 +From: Jeff King <peff@peff.net> +Date: Sun, 13 May 2018 12:09:42 -0400 +Subject: [PATCH] is_ntfs_dotgit: use a size_t for traversing string + +We walk through the "name" string using an int, which can +wrap to a negative value and cause us to read random memory +before our array (e.g., by creating a tree with a name >2GB, +since "int" is still 32 bits even on most 64-bit platforms). +Worse, this is easy to trigger during the fsck_tree() check, +which is supposed to be protecting us from malicious +garbage. + +Note one bit of trickiness in the existing code: we +sometimes assign -1 to "len" at the end of the loop, and +then rely on the "len++" in the for-loop's increment to take +it back to 0. This is still legal with a size_t, since +assigning -1 will turn into SIZE_MAX, which then wraps +around to 0 on increment. + +Signed-off-by: Jeff King <peff@peff.net> +CVE: CVE-2018-11233 +Upstream-Status: Backport[https://github.com/git/git/commit/11a9f4d807a0d71dc6eff51bb87baf4ca2cccf1d] +Signed-off-by: Sinan Kaya <okaya@kernel.org> +--- + path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/path.c b/path.c +index da8b65573..d31c795ff 100644 +--- a/path.c ++++ b/path.c +@@ -1305,7 +1305,7 @@ static int only_spaces_and_periods(const char *path, size_t len, size_t skip) + + int is_ntfs_dotgit(const char *name) + { +- int len; ++ size_t len; + + for (len = 0; ; len++) + if (!name[len] || name[len] == '\\' || is_dir_sep(name[len])) { +-- +2.19.0 + diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc index bea23ec78..8603c045c 100644 --- a/poky/meta/recipes-devtools/git/git.inc +++ b/poky/meta/recipes-devtools/git/git.inc @@ -8,7 +8,8 @@ PROVIDES_append_class-native = " git-replacement-native" SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ - file://CVE-2018-11235.patch" + file://CVE-2018-11235.patch \ + file://CVE-2018-11233.patch" S = "${WORKDIR}/git-${PV}" |