aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2017-11-15 16:45:42 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-03-07 06:33:57 -0800
commitb45ce6dbbd459ecc96eae76b5695927dbda1dbb4 (patch)
treef8bf338404df7ddf1d01c4d3fa426f693cca899e
parent7c8e3b9bd26b35654f3bd24bbb8d86b8c6e34a67 (diff)
downloadopenembedded-core-b45ce6dbbd459ecc96eae76b5695927dbda1dbb4.zip
openembedded-core-b45ce6dbbd459ecc96eae76b5695927dbda1dbb4.tar.gz
openembedded-core-b45ce6dbbd459ecc96eae76b5695927dbda1dbb4.tar.bz2
unzip: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r--meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch12
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
index c989df1..ca4aaad 100644
--- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -9,9 +9,11 @@ CVE: CVE-2014-8140
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---- a/extract.c
-+++ b/extract.c
-@@ -2232,10 +2232,17 @@
+Index: unzip60/extract.c
+===================================================================
+--- unzip60.orig/extract.c
++++ unzip60/extract.c
+@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -30,5 +32,5 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
- if (
- #ifdef INT_16BIT
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) &&