subtree updateshonister

meta-openembedded: 9a0caf5b09..0e6c34f82c: Martin Jansa (1): ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay Nicolas Dechesne (1): imlib2: update SRC_URI poky: eff78b3802..fd00d74f47: Alexandre Belloni (1): pseudo: Fix handling of absolute links Anuj Mittal (2): poky.conf: bump version for 3.4.4 release documentation: update for 3.4.4 release Bruce Ashfield (10): linux-yocto/5.10: update to v5.10.109 lttng-modules: update to 2.13.1 lttng-modules: support kernel 5.18+ linux-yocto/5.10: features/security: Move x86_64 configs to separate file linux-yocto/5.10: update to v5.10.110 linux-yocto/5.10: base: enable kernel crypto userspace API linux-yocto/5.10: update to v5.10.112 linux-yocto: enable powerpc debug fragment linux-yocto/5.10: update to v5.10.113 yocto-bsps: update to v5.10.113 Chen Qi (1): cases/buildepoxy.py: fix typo Davide Gardenal (1): rootfs-postcommands: fix symlinks where link and output path are equal Dmitry Baryshkov (2): linux-firmware: correct license for ar3k firmware linux-firmware: upgrade 20220411 -> 20220509 Felix Moessbauer (1): wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions Joe Slater (1): unzip: fix CVE-2021-4217 Khem Raj (2): busybox: Use base_bindir instead of hardcoding /bin path linux-yocto: Enable powerpc-debug fragment for ppc64 LE Konrad Weihmann (1): gmp: add missing COPYINGv3 Martin Jansa (1): license_image.bbclass: close package.manifest file Max Krummenacher (2): perf: sort-pmuevents: don't drop elements perf: sort-pmuevents: allow for additional type qualifiers and storage class Michael Opdenacker (1): adding missing space in appends Ovidiu Panait (1): openssl: upgrade 1.1.1l -> 1.1.1n Paul Gortmaker (1): install/devshell: Introduce git intercept script due to fakeroot issues Peter Kjellerstedt (1): u-boot: Inherit pkgconfig Portia (1): volatile-binds: Change DefaultDependencies from false to no Rahul Kumar (1): neard: Switch SRC_URI to git repo Ralph Siemsen (1): xz: fix CVE-2022-1271 Ranjitsinh Rathod (1): openssl: Minor security upgrade 1.1.1n to 1.1.1o Richard Purdie (14): scripts/runqemu: Fix memory limits for qemux86-64 vim: Upgrade 8.2.4524 -> 8.2.4681 uninative: Upgrade to 3.6 with gcc 12 support tiff: Add marker for CVE-2022-1056 being fixed externalsrc/devtool: Fix to work with fixed export funcition flags handling libxshmfence: Correct LICENSE to HPND alsa-tools: Ensure we install correctly shadow-native: Simplify and fix syslog disable patch build-appliance-image: Update to honister head revision base: Avoid circular references to our own scripts base: Drop git intercept scripts: Make git intercept global scripts/git: Ensure we don't have circular references vim: Upgrade 8.2.4681 -> 8.2.4912 Ross Burton (4): bitbake: knotty: display active tasks when printing keepAlive() message bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes bitbake.conf: mark all directories as safe for git to read oeqa/selftest: add test for git working correctly inside pseudo wangmy (3): linux-firmware: upgrade 20220310 -> 20220411 lttng-modules: upgrade 2.13.1 -> 2.13.2 lttng-modules: upgrade 2.13.2 -> 2.13.3 zhengruoqin (1): wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I0298ba1d7a4f4f77e0ebe24f18b3f8bdc326097b
author: Patrick Williams <patrick@stwcx.xyz> 2022-10-18 20:34:53 +0300
committer: Patrick Williams <patrick@stwcx.xyz> 2022-10-18 20:35:34 +0300
commit: 46fc02f3932e37eb07ed7cd23ac96d464c6db55c (patch)
tree: b60616a81b0bbc1012f678b783df7c2e07f72161 /poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
parent: a515de07dfa9eda7a303af296666e2572e581df7 (diff)
download: openbmc-46fc02f3932e37eb07ed7cd23ac96d464c6db55c.tar.xz
1 files changed, 67 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 0000000000..6ba2b879a3
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,67 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c  | 5 ++++-
+ process.c | 6 +++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-) 
+---
+
+Patch from:
+https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Pending [infozip upstream inactive]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option)   /* return PK-type error code */
+             seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+                       (G.inptr-G.inbuf) + length);
+         } else {
+-            if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++            unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
++            if (bytes_read == 0)
+                 return PK_EOF;
++            if (bytes_read != length)
++                return PK_ERR;
+             /* Looks like here is where extra fields are read */
+             if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+             {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
++++ b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+           G.unipath_checksum = makelong(offset + ef_buf);
+           offset += 4;
+ 
++          if (!G.filename_full) {
++            /* Check if we have a unicode extra section but no filename set */
++            return PK_ERR;
++          }
++
+           /*
+            * Compute 32-bit crc
+            */
+-
+           chksum = crc32(chksum, (uch *)(G.filename_full),
+                          strlen(G.filename_full));
+ 
+-- 
+2.32.0
+
author	Patrick Williams <patrick@stwcx.xyz>	2022-10-18 20:34:53 +0300
committer	Patrick Williams <patrick@stwcx.xyz>	2022-10-18 20:35:34 +0300
commit	46fc02f3932e37eb07ed7cd23ac96d464c6db55c (patch)
tree	b60616a81b0bbc1012f678b783df7c2e07f72161 /poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
parent	a515de07dfa9eda7a303af296666e2572e581df7 (diff)
download	openbmc-46fc02f3932e37eb07ed7cd23ac96d464c6db55c.tar.xz