diff options
author | Khem Raj <raj.khem@gmail.com> | 2018-12-18 18:40:12 -0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2018-12-18 22:15:53 -0800 |
commit | af94fa02ca443e2dc9338f5fd2c4d62ee99031b3 (patch) | |
tree | 1972362e4ff0652d9bc1e1bbd4707abc2529f70b /meta-oe | |
parent | 9ff2a0bf6f1889a22524847dfe2e61b24ed0e29c (diff) | |
download | meta-openembedded-af94fa02ca443e2dc9338f5fd2c4d62ee99031b3.tar.gz |
gnulib: Upgrade to 2018-03-07.03
Call check_git_config to setup git to function correctly
on some builders git might not be setup for user and email
address
Fixes:
Your branch is behind 'origin/master' by 584 commits, and can be
fast-forwarded.
(use "git pull" to update your local branch)
Cloning into
'TOPDIR/build/tmp/work/mips32r2-yoe-linux-musl/gnulib/2017-08-20.18-r0/image//usr/share/gnulib'...
done.
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch | 88 | ||||
-rw-r--r-- | meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb (renamed from meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb) | 10 |
2 files changed, 5 insertions, 93 deletions
diff --git a/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch b/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch deleted file mode 100644 index 77e82b167..000000000 --- a/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch +++ /dev/null | |||
@@ -1,88 +0,0 @@ | |||
1 | From e91600a7aae3bafbefbe13abf771e61badd16286 Mon Sep 17 00:00:00 2001 | ||
2 | From: Changqing Li <changqing.li@windriver.com> | ||
3 | Date: Tue, 16 Oct 2018 14:26:11 +0800 | ||
4 | Subject: [PATCH] vasnprintf: Fix heap memory overrun bug. | ||
5 | |||
6 | Reported by Ben Pfaff <blp@cs.stanford.edu> in | ||
7 | <https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>. | ||
8 | |||
9 | * lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of | ||
10 | memory. | ||
11 | * tests/test-vasnprintf.c (test_function): Add another test. | ||
12 | |||
13 | Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=gnulib.git; | ||
14 | a=commitdiff;h=278b4175c9d7dd47c1a3071554aac02add3b3c35] | ||
15 | |||
16 | CVE: CVE-2018-17942 | ||
17 | |||
18 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
19 | --- | ||
20 | ChangeLog | 8 ++++++++ | ||
21 | lib/vasnprintf.c | 4 +++- | ||
22 | tests/test-vasnprintf.c | 19 ++++++++++++++++++- | ||
23 | 3 files changed, 29 insertions(+), 2 deletions(-) | ||
24 | |||
25 | diff --git a/ChangeLog b/ChangeLog | ||
26 | index 9864353..5ff76a3 100644 | ||
27 | --- a/ChangeLog | ||
28 | +++ b/ChangeLog | ||
29 | @@ -1,3 +1,11 @@ | ||
30 | +2018-09-23 Bruno Haible <bruno@clisp.org> | ||
31 | + vasnprintf: Fix heap memory overrun bug. | ||
32 | + Reported by Ben Pfaff <blp@cs.stanford.edu> in | ||
33 | + <https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>. | ||
34 | + * lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of | ||
35 | + memory. | ||
36 | + * tests/test-vasnprintf.c (test_function): Add another test. | ||
37 | + | ||
38 | 2017-08-21 Paul Eggert <eggert@cs.ucla.edu> | ||
39 | |||
40 | vc-list-files: port to Solaris 10 | ||
41 | diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c | ||
42 | index 2e4eb19..45de49f 100644 | ||
43 | --- a/lib/vasnprintf.c | ||
44 | +++ b/lib/vasnprintf.c | ||
45 | @@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes) | ||
46 | size_t a_len = a.nlimbs; | ||
47 | /* 0.03345 is slightly larger than log(2)/(9*log(10)). */ | ||
48 | size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1); | ||
49 | - char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes)); | ||
50 | + /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the | ||
51 | + digits of a, followed by 1 byte for the terminating NUL. */ | ||
52 | + char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1)); | ||
53 | if (c_ptr != NULL) | ||
54 | { | ||
55 | char *d_ptr = c_ptr; | ||
56 | diff --git a/tests/test-vasnprintf.c b/tests/test-vasnprintf.c | ||
57 | index 2dd869f..ff68d5c 100644 | ||
58 | --- a/tests/test-vasnprintf.c | ||
59 | +++ b/tests/test-vasnprintf.c | ||
60 | @@ -53,7 +53,24 @@ test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...)) | ||
61 | ASSERT (result != NULL); | ||
62 | ASSERT (strcmp (result, "12345") == 0); | ||
63 | ASSERT (length == 5); | ||
64 | - if (size < 6) | ||
65 | + if (size < 5 + 1) | ||
66 | + ASSERT (result != buf); | ||
67 | + ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); | ||
68 | + if (result != buf) | ||
69 | + free (result); | ||
70 | + } | ||
71 | + /* Note: This test assumes IEEE 754 representation of 'double' floats. */ | ||
72 | + for (size = 0; size <= 8; size++) | ||
73 | + { | ||
74 | + size_t length; | ||
75 | + char *result; | ||
76 | + memcpy (buf, "DEADBEEF", 8); | ||
77 | + length = size; | ||
78 | + result = my_asnprintf (buf, &length, "%2.0f", 1.6314159265358979e+125); | ||
79 | + ASSERT (result != NULL); | ||
80 | + ASSERT (strcmp (result, "163141592653589790215729350939528493057529598899734151772468186268423257777068536614838678161083520756952076273094236944990208") == 0); | ||
81 | + ASSERT (length == 126); | ||
82 | + if (size < 126 + 1) | ||
83 | ASSERT (result != buf); | ||
84 | ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); | ||
85 | if (result != buf) | ||
86 | -- | ||
87 | 2.7.4 | ||
88 | |||
diff --git a/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb index e04881055..146747eee 100644 --- a/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb +++ b/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb | |||
@@ -11,20 +11,20 @@ SECTION = "devel" | |||
11 | LICENSE = "LGPLv2+" | 11 | LICENSE = "LGPLv2+" |
12 | 12 | ||
13 | LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" | 13 | LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" |
14 | SRCREV = "b23000de1e47c7d580e0e220966dd1ee42a5e5bc" | 14 | SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3" |
15 | 15 | ||
16 | SRC_URI = "git://git.sv.gnu.org/gnulib;protocol=git \ | 16 | SRC_URI = "git://git.sv.gnu.org/gnulib.git \ |
17 | file://CVE-2018-17942.patch \ | ||
18 | " | 17 | " |
19 | 18 | ||
20 | S = "${WORKDIR}/git" | 19 | S = "${WORKDIR}/git" |
21 | 20 | ||
21 | inherit utils | ||
22 | |||
22 | do_install () { | 23 | do_install () { |
23 | cd ${S} | 24 | cd ${S} |
25 | check_git_config | ||
24 | git checkout master | 26 | git checkout master |
25 | git clone ${S} ${D}/${datadir}/gnulib | 27 | git clone ${S} ${D}/${datadir}/gnulib |
26 | cd ${D}/${datadir}/gnulib | ||
27 | git am ${WORKDIR}/CVE-2018-17942.patch | ||
28 | } | 28 | } |
29 | 29 | ||
30 | do_patch[noexec] = "1" | 30 | do_patch[noexec] = "1" |