diff options
| author |   Wang Mingyu <wangmy@cn.fujitsu.com> | 2020-01-20 04:26:44 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-27 16:38:54 +0000 |
| commit | 2ac297f8906354bf3a1578b5e78df040b4712b81 (patch) | |
| tree | 73c38669be9109e0f18c411a562a207fcd5ec4b1 /meta/recipes-devtools/file | |
| parent | 2c51cb945fd3f5874c92d09cc134ed517fa7c435 (diff) | |
| download | openembedded-core-2ac297f8906354bf3a1578b5e78df040b4712b81.tar.gz | |
file: upgrade 5.37 -> 5.38
CVE-2019-18218.patch
Removed since it is included in 5.38.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-devtools/file')
| -rw-r--r-- | meta/recipes-devtools/file/file/CVE-2019-18218.patch | 55 | ||||
| -rw-r--r-- | meta/recipes-devtools/file/file_5.38.bb (renamed from meta/recipes-devtools/file/file_5.37.bb) | 5 |
2 files changed, 2 insertions, 58 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2019-18218.patch b/meta/recipes-devtools/file/file/CVE-2019-18218.patch deleted file mode 100644 index 3d02c5ad4b..0000000000 --- a/meta/recipes-devtools/file/file/CVE-2019-18218.patch +++ /dev/null @@ -1,55 +0,0 @@ -cdf_read_property_info in cdf.c in file through 5.37 does not restrict the -number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte -out-of-bounds write). - -CVE: CVE-2019-18218 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Mon, 26 Aug 2019 14:31:39 +0000 -Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) - ---- - src/cdf.c | 9 ++++----- - src/cdf.h | 1 + - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/cdf.c b/src/cdf.c -index 9d6396742..bb81d6374 100644 ---- a/src/cdf.c -+++ b/src/cdf.c -@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - } - nelements = CDF_GETUINT32(q, 1); -- if (nelements == 0) { -- DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == %" -+ SIZE_T_FORMAT "u\n", nelements)); - goto out; - } - slen = 2; -@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - inp += nelem; - } -- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", -- nelements)); - for (j = 0; j < nelements && i < sh.sh_properties; - j++, i++) - { -diff --git a/src/cdf.h b/src/cdf.h -index 2f7e554b7..05056668f 100644 ---- a/src/cdf.h -+++ b/src/cdf.h -@@ -48,6 +48,7 @@ - typedef int32_t cdf_secid_t; - - #define CDF_LOOP_LIMIT 10000 -+#define CDF_ELEMENT_LIMIT 100000 - - #define CDF_SECID_NULL 0 - #define CDF_SECID_FREE -1 diff --git a/meta/recipes-devtools/file/file_5.37.bb b/meta/recipes-devtools/file/file_5.38.bb index a96ccc0d39..99c75988c2 100644 --- a/meta/recipes-devtools/file/file_5.37.bb +++ b/meta/recipes-devtools/file/file_5.38.bb @@ -11,10 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd DEPENDS = "zlib file-replacement-native" DEPENDS_class-native = "zlib-native" -SRC_URI = "git://github.com/file/file.git \ - file://CVE-2019-18218.patch" +SRC_URI = "git://github.com/file/file.git" -SRCREV = "a0d5b0e4e9f97d74a9911e95cedd579852e25398" +SRCREV = "ec41083645689a787cdd00cb3b5bf578aa79e46c" S = "${WORKDIR}/git" inherit autotools update-alternatives |