file: upgrade 5.37 -> 5.38

CVE-2019-18218.patch Removed since it is included in 5.38. (From OE-Core rev: 2ac297f8906354bf3a1578b5e78df040b4712b81) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Wang Mingyu <wangmy@cn.fujitsu.com> 2020-01-20 04:26:44 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-01-27 16:48:08 +0000
commit: de1fac5dd7af7b774775151381ae33e28d9ee4f3 (patch)
tree: da6ea7215b71428def97f9fef94427d277ff52c4 /meta/recipes-devtools/file/file
parent: 54c5b375d17e37ea0f0e8256f39bb056da7ea9c2 (diff)
download: poky-de1fac5dd7af7b774775151381ae33e28d9ee4f3.tar.gz
1 files changed, 0 insertions, 55 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2019-18218.patch b/meta/recipes-devtools/file/file/CVE-2019-18218.patch
deleted file mode 100644
index 3d02c5ad4b..0000000000
--- a/meta/recipes-devtools/file/file/CVE-2019-18218.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
-number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte
-out-of-bounds write).
-CVE: CVE-2019-18218
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 26 Aug 2019 14:31:39 +0000
-Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
---
- src/cdf.c | 9 ++++-----
- src/cdf.h | 1 +
- 2 files changed, 5 insertions(+), 5 deletions(-)
-diff --git a/src/cdf.c b/src/cdf.c
-index 9d6396742..bb81d6374 100644
--- a/src/cdf.c
-+++ b/src/cdf.c
-@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
-                                goto out;
-                        }
-                        nelements = CDF_GETUINT32(q, 1);
-                       if (nelements == 0) {
-                               DPRINTF(("CDF_VECTOR with nelements == 0\n"));
-+                       if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
-+                               DPRINTF(("CDF_VECTOR with nelements == %"
-+                                   SIZE_T_FORMAT "u\n", nelements));
-                                goto out;
-                        }
-                        slen = 2;
-@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
-                                        goto out;
-                                inp += nelem;
-                        }
-                       DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
-                           nelements));
-                        for (j = 0; j < nelements && i < sh.sh_properties;
-                            j++, i++)
-                        {
-diff --git a/src/cdf.h b/src/cdf.h
-index 2f7e554b7..05056668f 100644
--- a/src/cdf.h
-+++ b/src/cdf.h
-@@ -48,6 +48,7 @@
- typedef int32_t cdf_secid_t;
- 
- #define CDF_LOOP_LIMIT                                 10000
-+#define CDF_ELEMENT_LIMIT                              100000
- 
- #define CDF_SECID_NULL                                 0
- #define CDF_SECID_FREE                                 -1
author	Wang Mingyu <wangmy@cn.fujitsu.com>	2020-01-20 04:26:44 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-01-27 16:48:08 +0000
commit	de1fac5dd7af7b774775151381ae33e28d9ee4f3 (patch)
tree	da6ea7215b71428def97f9fef94427d277ff52c4 /meta/recipes-devtools/file/file
parent	54c5b375d17e37ea0f0e8256f39bb056da7ea9c2 (diff)
download	poky-de1fac5dd7af7b774775151381ae33e28d9ee4f3.tar.gz

diff --git a/meta/recipes-devtools/file/file/CVE-2019-18218.patch b/meta/recipes-devtools/file/file/CVE-2019-18218.patch deleted file mode 100644 index 3d02c5ad4b..0000000000 --- a/meta/recipes-devtools/file/file/CVE-2019-18218.patch +++ /dev/null
@@ -1,55 +0,0 @@
1	cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
2	number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte
3	out-of-bounds write).
4
5	CVE: CVE-2019-18218
6	Upstream-Status: Backport
7	Signed-off-by: Ross Burton <ross.burton@intel.com>
8
9	From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
10	From: Christos Zoulas <christos@zoulas.com>
11	Date: Mon, 26 Aug 2019 14:31:39 +0000
12	Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
13
14	---
15	src/cdf.c \| 9 ++++-----
16	src/cdf.h \| 1 +
17	2 files changed, 5 insertions(+), 5 deletions(-)
18
19	diff --git a/src/cdf.c b/src/cdf.c
20	index 9d6396742..bb81d6374 100644
21	--- a/src/cdf.c
22	+++ b/src/cdf.c
23	@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t sst, const cdf_header_t h,
24	goto out;
25	}
26	nelements = CDF_GETUINT32(q, 1);
27	- if (nelements == 0) {
28	- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
29	+ if (nelements > CDF_ELEMENT_LIMIT \|\| nelements == 0) {
30	+ DPRINTF(("CDF_VECTOR with nelements == %"
31	+ SIZE_T_FORMAT "u\n", nelements));
32	goto out;
33	}
34	slen = 2;
35	@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t sst, const cdf_header_t h,
36	goto out;
37	inp += nelem;
38	}
39	- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
40	- nelements));
41	for (j = 0; j < nelements && i < sh.sh_properties;
42	j++, i++)
43	{
44	diff --git a/src/cdf.h b/src/cdf.h
45	index 2f7e554b7..05056668f 100644
46	--- a/src/cdf.h
47	+++ b/src/cdf.h
48	@@ -48,6 +48,7 @@
49	typedef int32_t cdf_secid_t;
50
51	#define CDF_LOOP_LIMIT 10000
52	+#define CDF_ELEMENT_LIMIT 100000
53
54	#define CDF_SECID_NULL 0
55	#define CDF_SECID_FREE -1