diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-16 01:30:15 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-26 15:46:19 +0300 |
commit | c4ea075d918124f556619e8e75b7ca38b3f2dac8 (patch) | |
tree | 9e2cffe8b1767635307bb0bfef5cbcc432fa4214 /poky/meta/recipes-extended/unzip | |
parent | a7999f57d119bdb9377220db06b8c047fc39d49e (diff) | |
download | openbmc-c4ea075d918124f556619e8e75b7ca38b3f2dac8.tar.xz |
poky: sumo refresh eebbc00b25..64a257fa22
Update poky to sumo HEAD.
Armin Kuster (1):
dhcp: allow for excluding the external bind
Awais Belal (1):
bitbake: bitbake: toaster: allow OE_ROOT to be provided through environment
Changqing Li (2):
unzip: fix for CVE-2018-18384
curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Fabien Lahoudere (1):
archiver: Drop unwanted directories
Ioan-Adrian Ratiu (1):
wic: isoimage-isohybrid: fix UEFI spec breakage
Kosta Zertsekel (1):
meta: Use double colon for chown OWNER:GROUP
Matthias Schiffer (1):
base.bbclass: avoid 'find -ignore_readdir_race -delete'
Mohamad Noor Alim Hussin (1):
oeqa/selftest/recipetool: Fix problems from changing upstream source
Peter Kjellerstedt (4):
common-licenses: Correct the FreeType license text
apr: Trim license info extracted from apr_lib.h
apr-util: Trim license info extracted from apu_version.h
pixman: Trim license info extracted from pixman-matrix.c
Richard Purdie (4):
oeqa/selftest/wic: Use a subdir of builddir, not /var/
oeqa/selftest/wic: Ensure initramfs exists for test_iso_image
selftest/wic: Improve error message for test_fixed_size
crosssdk: Remove usage of host flags for cross-compilation
Ross Burton (3):
unzip: actually apply CVE-2018-18384
curl: actually apply latest CVE patches
gnupg: patch gnupg-native to allow path relocation
Scott Rifenbark (1):
kernel-dev: Updated phrasing for what a "defconfig" file is.
Change-Id: I08f7fbe91f3f7ed6f00b6ea691c33ee1e0d3205b
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended/unzip')
-rw-r--r-- | poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch | 39 | ||||
-rw-r--r-- | poky/meta/recipes-extended/unzip/unzip_6.0.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch new file mode 100644 index 000000000..cc9e2c1ea --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch @@ -0,0 +1,39 @@ +Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] +CVE: CVE-2018-18384 +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index a47491ea4..f6a4cb627 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ file://symlink.patch \ file://0001-unzip-fix-CVE-2018-1000035.patch \ + file://CVE-2018-18384.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" |