Tar: Security fix CVE-2019-0023

Source: tar.git MR: 97928 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3 Description: Affects tar < 1.32 fixes CVE-2019-9923 (From OE-Core rev: fc77edc8245ab90eee1f1e857f470b6842dc256f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2019-05-29 14:03:16 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-27 18:05:18 +0100
commit: abefff23cd1f3ae0242f45a98dac09223870a826 (patch)
tree: a84166edd3045614e23948881e13df341f7fa9e7
parent: e53f7d53f40df75c25e6cdbd1a19b16b296d307b (diff)
download: poky-abefff23cd1f3ae0242f45a98dac09223870a826.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
new file mode 100644
index 0000000000..146cbffea5
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 14 Jan 2019 15:22:09 +0200
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
+Upstream-Status: Backport
+CVE:  CVE-2019-9923
+Affects: tar < 1.32
+Signed-off-by: Armin kuster <akuster@mvista.com>
+---
+ src/sparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+Index: tar-1.30/src/sparse.c
+===================================================================
+--- tar-1.30.orig/src/sparse.c
+++ tar-1.30/src/sparse.c
+@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
+           set_next_block_after (b);                               \
+            file->dumped_size += BLOCKSIZE;                         \
+            b = find_next_block ();                                 \
+           if (!b)                                                 \
+             FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+            src = b->buffer;                                        \
+           endp = b->buffer + BLOCKSIZE;                           \
+         }                                                         \
+@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
+       set_next_block_after (current_header);
+       file->dumped_size += BLOCKSIZE;
+       blk = find_next_block ();
+      if (!blk)
+        FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+       p = blk->buffer;
+       COPY_BUF (blk,nbuf,p);
+       if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.30.bb b/meta/recipes-extended/tar/tar_1.30.bb
index bd24f4762f..ab1b33b378 100644
--- a/meta/recipes-extended/tar/tar_1.30.bb
+++ b/meta/recipes-extended/tar/tar_1.30.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
           file://remove-gets.patch \
           file://musl_dirent.patch \
+           file://CVE-2019-9923.patch \
 "
 SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"
author	Armin Kuster <akuster@mvista.com>	2019-05-29 14:03:16 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +0100
commit	abefff23cd1f3ae0242f45a98dac09223870a826 (patch)
tree	a84166edd3045614e23948881e13df341f7fa9e7
parent	e53f7d53f40df75c25e6cdbd1a19b16b296d307b (diff)
download	poky-abefff23cd1f3ae0242f45a98dac09223870a826.tar.gz

diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch new file mode 100644 index 0000000000..146cbffea5 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
		1	From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
		2	From: Sergey Poznyakoff <gray@gnu.org>
		3	Date: Mon, 14 Jan 2019 15:22:09 +0200
		4	Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
		5
		6	* src/sparse.c (pax_decode_header): Check return from find_next_block.
		7
		8	Upstream-Status: Backport
		9	CVE: CVE-2019-9923
		10	Affects: tar < 1.32
		11	Signed-off-by: Armin kuster <akuster@mvista.com>
		12
		13	---
		14	src/sparse.c \| 4 ++++
		15	1 file changed, 4 insertions(+)
		16
		17	Index: tar-1.30/src/sparse.c
		18	===================================================================
		19	--- tar-1.30.orig/src/sparse.c
		20	+++ tar-1.30/src/sparse.c
		21	@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
		22	set_next_block_after (b); \
		23	file->dumped_size += BLOCKSIZE; \
		24	b = find_next_block (); \
		25	+ if (!b) \
		26	+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
		27	src = b->buffer; \
		28	endp = b->buffer + BLOCKSIZE; \
		29	} \
		30	@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
		31	set_next_block_after (current_header);
		32	file->dumped_size += BLOCKSIZE;
		33	blk = find_next_block ();
		34	+ if (!blk)
		35	+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
		36	p = blk->buffer;
		37	COPY_BUF (blk,nbuf,p);
		38	if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))


diff --git a/meta/recipes-extended/tar/tar_1.30.bb b/meta/recipes-extended/tar/tar_1.30.bb index bd24f4762f..ab1b33b378 100644 --- a/meta/recipes-extended/tar/tar_1.30.bb +++ b/meta/recipes-extended/tar/tar_1.30.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
9	SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \	9	SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
10	file://remove-gets.patch \	10	file://remove-gets.patch \
11	file://musl_dirent.patch \	11	file://musl_dirent.patch \
		12	file://CVE-2019-9923.patch \
12	"	13	"
13		14
14	SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"	15	SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"