summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2018-09-24 15:42:11 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-10-10 12:27:02 (GMT)
commitcfcbc502a7d41752b28abab892314391829e4fce (patch)
treebc9174afdb4dcf0bff87e725c264e63df830af85
parentfbe29a7e5f668fb3076e0647a56c8f4c845c55c9 (diff)
downloadpoky-cfcbc502a7d41752b28abab892314391829e4fce.tar.gz
shadow: CVE-2016-6252
Backport patch from the upstream https://github.com/shadow-maint/shadow/commit/ 1d5a926cc2d6078d23a96222b1ef3e558724dad1 (From OE-Core rev: dd9e2dedb9ab41f509bae26f12704cbee1eb765d) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/shadow/files/CVE-2016-6252.patch48
-rw-r--r--meta/recipes-extended/shadow/shadow.inc1
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
new file mode 100644
index 0000000..bdaba5e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
@@ -0,0 +1,48 @@
1From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
2From: Sebastian Krahmer <krahmer@suse.com>
3Date: Wed, 3 Aug 2016 11:51:07 -0500
4Subject: [PATCH] Simplify getulong
5
6Use strtoul to read an unsigned long, rather than reading
7a signed long long and casting it.
8
9https://bugzilla.suse.com/show_bug.cgi?id=979282
10
11Upstream-Status: Backport
12Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
13---
14 lib/getulong.c | 9 +++------
15 1 file changed, 3 insertions(+), 6 deletions(-)
16
17diff --git a/lib/getulong.c b/lib/getulong.c
18index 61579ca..08d2c1a 100644
19--- a/lib/getulong.c
20+++ b/lib/getulong.c
21@@ -44,22 +44,19 @@
22 */
23 int getulong (const char *numstr, /*@out@*/unsigned long int *result)
24 {
25- long long int val;
26+ unsigned long int val;
27 char *endptr;
28
29 errno = 0;
30- val = strtoll (numstr, &endptr, 0);
31+ val = strtoul (numstr, &endptr, 0);
32 if ( ('\0' == *numstr)
33 || ('\0' != *endptr)
34 || (ERANGE == errno)
35- /*@+ignoresigns@*/
36- || (val != (unsigned long int)val)
37- /*@=ignoresigns@*/
38 ) {
39 return 0;
40 }
41
42- *result = (unsigned long int)val;
43+ *result = val;
44 return 1;
45 }
46
47--
481.9.1
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 18eba72..f3f5bf6 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -22,6 +22,7 @@ SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
22 file://CVE-2017-2616.patch \ 22 file://CVE-2017-2616.patch \
23 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 23 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
24 file://CVE-2018-7169.patch \ 24 file://CVE-2018-7169.patch \
25 file://CVE-2016-6252.patch \
25 " 26 "
26 27
27SRC_URI_append_class-target = " \ 28SRC_URI_append_class-target = " \