diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2024-03-01 23:30:19 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2024-03-02 00:24:34 +0300 |
| commit | 7363086d8a6f87f6c162a314937f1c2e3c063b42 (patch) | |
| tree | f37b4996342d0af75369338b4a1a0fc416c5feeb /poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch | |
| parent | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (diff) | |
| download | openbmc-7363086d8a6f87f6c162a314937f1c2e3c063b42.tar.xz | |
subtree updatesnanbield
meta-arm: 79c52afe74..9a4ae38e84:
Emekcan Aras (1):
arm-bsp/optee: Improve PIN counter handling robustness
Harsimran Singh Tungal (2):
corstone1000:arm-bsp/tftf: Fix tftf tests on mps3
arm-bsp/tf-a-tests: fix corstone1000
Ross Burton (2):
arm-bsp/documentation: upgrade Sphinx slightly
CI: use https: to fetch meta-virtualization
meta-openembedded: 2da6e1b0e4..da9063bdfb:
Changqing Li (2):
postgresql: upgrade 15.4 -> 15.5
redis: upgrade 6.2.13 -> 6.2.14
Khem Raj (1):
webkitgtk3: upgrade 2.42.0 -> 2.42.1
Meenali Gupta (1):
nginx: upgrade 1.25.2 -> 1.25.3
Mingli Yu (1):
mariadb: Upgrade to 10.11.6
Wang Mingyu (5):
strongswan: upgrade 5.9.12 -> 5.9.13
webkitgtk3: upgrade 2.42.1 -> 2.42.2
webkitgtk3: upgrade 2.42.2 -> 2.42.3
webkitgtk3: upgrade 2.42.3 -> 2.42.4
libssh: upgrade 0.10.5 -> 0.10.6
Yi Zhao (1):
samba: upgrade 4.18.8 -> 4.18.9
poky: 61a59d00a0..1a5c00f00c:
Alassane Yattara (1):
bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer
Alexander Kanavin (2):
glibc-y2038-tests: do not run tests using 32 bit time APIs
icon-naming-utils: take tarball from debian
Alexander Sverdlin (1):
linux-firmware: upgrade 20231030 -> 20231211
Anuj Mittal (2):
base-passwd: upgrade 3.6.2 -> 3.6.3
glib-2.0: upgrade 2.78.1 -> 2.78.3
Baruch Siach (1):
contributor-guide: fix lore URL
Benjamin Bara (1):
glibc: stable 2.38 branch updates
Bruce Ashfield (8):
linux-yocto/6.1: update to v6.1.69
linux-yocto/6.1: update to v6.1.70
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: update to v6.1.72
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.1: security/cfg: add configs to harden protection
linux-yocto/6.1: update to v6.1.73
linux-yocto/6.1: update CVE exclusions
Chen Qi (2):
sudo: upgrade from 1.9.15p2 to 1.9.15p5
multilib_global.bbclass: fix parsing error with no kernel module split
Clay Chang (1):
devtool: deploy: provide max_process to strip_execs
Enguerrand de Ribaucourt (1):
manuals: document VSCode extension
Ilya A. Kriveshko (1):
dev-manual: update license manifest path
Jason Andryuk (3):
linux-firmware: Package iwlwifi .pnvm files
linux-firmware: Change bnx2 packaging
linux-firmware: Create bnx2x subpackage
Jeremy A. Puhlman (1):
create-spdx-2.2: combine spdx can try to write before dir creation
Joao Marcos Costa (1):
documentation.conf: fix do_menuconfig description
Jonathan GUILLOT (1):
udev-extraconf: fix unmount directories containing octal-escaped chars
Jose Quaresma (2):
go: update 1.20.10 -> 1.20.11
go: update 1.20.11 -> 1.20.12
Joshua Watt (2):
rpcbind: Specify state directory under /run
classes-global/sstate: Fix variable typo
Julien Stephan (1):
externalsrc: fix task dependency for do_populate_lic
Jörg Sommer (1):
documentation: Add UBOOT_BINARY, extend UBOOT_CONFIG
Kai Kang (1):
xserver-xorg: 21.1.9 -> 21.1.11
Khem Raj (2):
tiff: Backport fixes for CVE-2023-6277
tcl: Fix prepending to run-ptest script
Lee Chee Yang (5):
curl: Fix CVE-2023-46219
qemu: 8.1.2 -> 8.1.4
migration-guide: add release notes for 4.3.2
migration-guide: add release notes for 4.0.16
migration-guide: add release notes for 4.3.3
Markus Volk (1):
libadwaita: update 1.4.0 -> 1.4.2
Massimiliano Minella (1):
zstd: fix LICENSE statement
Maxin B. John (1):
ref-manual: classes: remove insserv bbclass
Michael Opdenacker (3):
contributor-guide: use "apt" instead of "aptitude"
release-notes-4.3: fix spacing
migration-guides: fix release notes for 4.3.3
Ming Liu (2):
grub: fs/fat: Don't error when mtime is 0
qemu.bbclass: fix a python TypeError
Mingli Yu (1):
python3-license-expression: Fix the ptest failure
Peter Kjellerstedt (1):
devtool: modify: Handle recipes with a menuconfig task correctly
Peter Marko (4):
dtc: preserve version also from shallow git clones
sqlite3: upgrade 3.43.1 -> 3.43.2
sqlite: drop obsolete CVE ignore
zlib: ignore CVE-2023-6992
Richard Purdie (9):
pseudo: Update to pull in syncfs probe fix
sstate: Fix dir ownership issues in SSTATE_DIR
curl: Disable two intermittently failing tests
lib/prservice: Improve lock handling robustness
oeqa/selftest/prservice: Improve test robustness
curl: Disable test 1091 due to intermittent failures
allarch: Fix allarch corner case
reproducible: Fix race with externalsrc/devtool over lockfile
pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
Robert Berger (1):
uninative-tarball.xz - reproducibility fix
Robert Joslyn (1):
gtk: Set CVE_PRODUCT
Robert Yang (2):
nfs-utils: Upgrade 2.6.3 -> 2.6.4
nfs-utils: Update Upstream-Status
Rodrigo M. Duarte (1):
linux-firmware: Fix the linux-firmware-bcm4373 FILES variable
Ross Burton (4):
avahi: update URL for new project location
libssh2: backport fix for CVE-2023-48795
cve_check: handle CVE_STATUS being set to the empty string
cve_check: cleanup logging
Saul Wold (1):
package.py: OEHasPackage: Add MLPREFIX to packagename
Simone Weiß (5):
dev-manual: start.rst: Update use of Download page
dev-manual: start.rst: Update use of Download page
glibc: Set status for CVE-2023-5156 & CVE-2023-0687
dev-manual: gen-tapdevs need iptables installed
gcc: Update status of CVE-2023-4039
Soumya Sambu (1):
ncurses: Fix - tty is hung after reset
Steve Sakoman (2):
poky.conf: bump version for 4.3.3 release
build-appliance-image: Update to nanbield head revision
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
Wang Mingyu (9):
xwayland: upgrade 23.2.2 -> 23.2.3
libatomic-ops: upgrade 7.8.0 -> 7.8.2
libva-utils: upgrade 2.20.0 -> 2.20.1
kea: upgrade 2.4.0 -> 2.4.1
gstreamer1.0: upgrade 1.22.7 -> 1.22.8
aspell: upgrade 0.60.8 -> 0.60.8.1
at-spi2-core: upgrade 2.50.0 -> 2.50.1
cpio: upgrade 2.14 -> 2.15
gstreamer: upgrade 1.22.8 -> 1.22.9
William Lyu (1):
elfutils: Update license information
Xiangyu Chen (2):
shadow: Fix for CVE-2023-4641
sudo: upgrade 1.9.14p3 -> 1.9.15p2
Yang Xu (1):
rootfs.py: check depmodwrapper execution result
Yogita Urade (2):
tiff: fix CVE-2023-6228
tiff: fix CVE-2023-52355 and CVE-2023-52356
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
baruch@tkos.co.il (1):
overlayfs: add missing closing parenthesis in selftest
Change-Id: I613697694d0eb51ae9451f7e869b69d6c1ba1fd3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch')
| -rw-r--r-- | poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch new file mode 100644 index 0000000000..d6c8925218 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2023-46219.patch @@ -0,0 +1,131 @@ +CVE: CVE-2023-46219 +Upstream-Status: Backport [ https://github.com/curl/curl/commit/73b65e94f3531179de45 ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 23 Nov 2023 08:23:17 +0100 +Subject: [PATCH] fopen: create short(er) temporary file name + +Only using random letters in the name plus a ".tmp" extension. Not by +appending characters to the final file name. + +Reported-by: Maksymilian Arciemowicz + +Closes #12388 +--- + lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 60 insertions(+), 5 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index 75b8a7aa534085..a73ac068ea3016 100644 +--- a/lib/fopen.c ++++ b/lib/fopen.c +@@ -39,6 +39,51 @@ + #include "curl_memory.h" + #include "memdebug.h" + ++/* ++ The dirslash() function breaks a null-terminated pathname string into ++ directory and filename components then returns the directory component up ++ to, *AND INCLUDING*, a final '/'. If there is no directory in the path, ++ this instead returns a "" string. ++ ++ This function returns a pointer to malloc'ed memory. ++ ++ The input path to this function is expected to have a file name part. ++*/ ++ ++#ifdef _WIN32 ++#define PATHSEP "\\" ++#define IS_SEP(x) (((x) == '/') || ((x) == '\\')) ++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2) ++#define PATHSEP "\\" ++#define IS_SEP(x) ((x) == '\\') ++#else ++#define PATHSEP "/" ++#define IS_SEP(x) ((x) == '/') ++#endif ++ ++static char *dirslash(const char *path) ++{ ++ size_t n; ++ struct dynbuf out; ++ DEBUGASSERT(path); ++ Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH); ++ n = strlen(path); ++ if(n) { ++ /* find the rightmost path separator, if any */ ++ while(n && !IS_SEP(path[n-1])) ++ --n; ++ /* skip over all the path separators, if any */ ++ while(n && IS_SEP(path[n-1])) ++ --n; ++ } ++ if(Curl_dyn_addn(&out, path, n)) ++ return NULL; ++ /* if there was a directory, append a single trailing slash */ ++ if(n && Curl_dyn_addn(&out, PATHSEP, 1)) ++ return NULL; ++ return Curl_dyn_ptr(&out); ++} ++ + /* + * Curl_fopen() opens a file for writing with a temp name, to be renamed + * to the final name when completed. If there is an existing file using this +@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + FILE **fh, char **tempname) + { + CURLcode result = CURLE_WRITE_ERROR; +- unsigned char randsuffix[9]; ++ unsigned char randbuf[41]; + char *tempstore = NULL; + struct_stat sb; + int fd = -1; ++ char *dir; + *tempname = NULL; + ++ dir = dirslash(filename); ++ if(!dir) ++ goto fail; ++ + *fh = fopen(filename, FOPEN_WRITETEXT); + if(!*fh) + goto fail; +- if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) { ++ free(dir); + return CURLE_OK; ++ } + fclose(*fh); + *fh = NULL; + +- result = Curl_rand_alnum(data, randsuffix, sizeof(randsuffix)); ++ result = Curl_rand_alnum(data, randbuf, sizeof(randbuf)); + if(result) + goto fail; + +- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); ++ /* The temp file name should not end up too long for the target file ++ system */ ++ tempstore = aprintf("%s%s.tmp", dir, randbuf); + if(!tempstore) { + result = CURLE_OUT_OF_MEMORY; + goto fail; +@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + if(!*fh) + goto fail; + ++ free(dir); + *tempname = tempstore; + return CURLE_OK; + +@@ -105,7 +160,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + } + + free(tempstore); +- ++ free(dir); + return result; + } + |