diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:54:39 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:56:13 +0300 |
commit | 4b740dc9fdbca604749cf15f7ea0e6ead345b5a0 (patch) | |
tree | 32dd5f8dd157841cdc123f68651f11c9442b07e2 /poky/meta/recipes-support/icu | |
parent | e231d58c35aabcb38dcd6470d232a738291d90fe (diff) | |
download | openbmc-4b740dc9fdbca604749cf15f7ea0e6ead345b5a0.tar.xz |
poky: subtree update:a8544811d7..b5763b2f48
Alexander Kanavin (29):
rpm: upgrade to 4.15.1
libmodulemd: move from 1.x to 2.x version
libdnf: upgrade 0.28.1 -> 0.47.0
dnf: upgrade 4.2.2 -> 4.2.21
dnf: add a patch for base-files installation failures
logrotate: update to 3.16.0
rt-tests: further exclusion of development versions
kmscube: update to latest commit
xcb-proto: update to 1.14
libxcb: update to 1.14
ghostscript: do not hardcode version in SRC_URI
ghostscript: update 9.50 -> 9.52
webkitgtk: update to 2.28.2
python3-gitdb: update to 4.0.4
libevdev: update to 1.9.0
python3-dbusmock: add recipe from meta-oe
mc: update to 4.8.24
coreutils: update to 8.32
glib-2.0: update 2.62.4 -> 2.64.2
glib-networking: update to 2.64.2
gptfdisk: update to 1.0.5
clutter-1.0: update to 1.26.4
diffoscope: update to 143
wpe: update to 1.6.0
vte: update to 0.60.2
libnotify: update to 0.7.9
connman: update to 1.38
xkeyboard-config: update to 2.29
gcr: update to 3.36.0
Andreas M?ller (1):
libsecret: upgrade 0.20.1 -> 0.20.3 / port to meson
Anibal Limon (2):
ptest-runner: Bump to 2.4.0
oeqa/runtime: Use libdir to run ptest-runner
Bartłomiej Burdukiewicz (2):
libva: add PACKAGECONFIG and additonal rules for glx.
libva: removed opengl from REQUIRED_DISTRO_FEATURES.
Benjamin Fair (1):
util-linux: fix build error in kill
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.28
linux-yocto/5.4: update to v5.4.32
linux-yocto-dev: bump to v5.7-rc
linux-yocto/5.4: update to v5.4.34
Frazer Clews (2):
bitbake: lib/toaster: fixup codebase so pydocstyle can parse
bitbake: lib/bs4/testing.py: fix bs4 testing
Jan Luebbe (1):
openssl: upgrade 1.1.1f -> 1.1.1g
Joshua Watt (1):
jquery: Upgrade 3.4.1 -> 3.5.0
Khem Raj (2):
dpkg: Add riscv32 CPU support
musl: Remove spurious unused patch
Mingli Yu (1):
iputils: Initialize libgcrypt
Peter Kjellerstedt (1):
libdnf: Use single-quotes around string literals used in SQL statements
Pierre-Jean Texier (3):
timezone: upgrade 2019c -> 2020a
curl: upgrade 7.69.1 -> 7.70.0
curl: support mqtt in PACKAGECONFIG
Richard Purdie (6):
sanity: Require gcc 6 or later
gcc-target: Ensure buildtools-extended-tarball doesn't use arch=native
abi_version/staging: Bump versions to force rebuild after sstate corruption
bitbake: bitdoc: Remove it
utils: Drop FILESPATHPKG usage
utils: Drop is_machine_specific()/machine_paths()
Robert P. J. Day (5):
ref-manual: fix excessive command indentation
ref-manual: IMAGE_TYPES, add tar.zst, delete elf
ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
ref-manual: Remove long-dead PACKAGE_GROUP variable
bitbake: docs: delete reference to obsolete recipe-depends.dot
Sakib Sajal (1):
sqlite: backport CVE fixes
Tim Orling (2):
atk: upgrade 2.34.1 -> 2.36.0
at-spi2-core: upgrade 2.34.0 -> 2.36.0
Vyacheslav Yurkov (1):
os-release: sanitize required fields
Wang Mingyu (1):
icu: CVE-2020-10531
Change-Id: Iae5641be5ca6424275d2e0d63ba3a7a5ba90cde2
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-support/icu')
-rw-r--r-- | poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch | 128 | ||||
-rw-r--r-- | poky/meta/recipes-support/icu/icu_66.1.bb | 1 |
2 files changed, 129 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch new file mode 100644 index 000000000..6697b27dc --- /dev/null +++ b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch @@ -0,0 +1,128 @@ +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang <ftang@chromium.org> +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 + +Upstream-Status: Accepted +CVE: CVE-2020-10531 + +Reference to upstream patch: +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca + +--- + common/unistr.cpp | 6 ++- + test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++++++++ + test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/common/unistr.cpp b/common/unistr.cpp +index 901bb33..6ea0915 100644 +--- a/common/unistr.cpp ++++ b/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/test/intltest/ustrtest.cpp b/test/intltest/ustrtest.cpp +index b6515ea..ad38bdf 100644 +--- a/test/intltest/ustrtest.cpp ++++ b/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/test/intltest/ustrtest.h b/test/intltest/ustrtest.h +index 218befd..4a356a9 100644 +--- a/test/intltest/ustrtest.h ++++ b/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ public: + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-support/icu/icu_66.1.bb b/poky/meta/recipes-support/icu/icu_66.1.bb index f2bb344e3..a8096c184 100644 --- a/poky/meta/recipes-support/icu/icu_66.1.bb +++ b/poky/meta/recipes-support/icu/icu_66.1.bb @@ -26,6 +26,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \ file://fix-install-manx.patch \ file://0001-Fix-big-endian-build.patch;apply=no \ file://0001-icu-Added-armeb-support.patch \ + file://CVE-2020-10531.patch \ " SRC_URI_append_class-target = "\ |