diff options
author | Riyaz Khan <Riyaz.Khan@kpit.com> | 2022-12-06 12:08:26 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-23 23:05:44 +0000 |
commit | 80e00ba9b9812272abff8d2687e27e98bf2f48f3 (patch) | |
tree | eccd74d70da890690696762d94c65fe10bfe80eb /meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch | |
parent | cc26cf0eb4cff522aa69523346672d54604397da (diff) | |
download | poky-80e00ba9b9812272abff8d2687e27e98bf2f48f3.tar.gz |
rpm: Fix rpm CVE CVE-2021-3521
Links:
Dependent Patches:
CVE-2021-3521-01
https://github.com/rpm-software-management/rpm/commit/b5e8bc74b2b05aa557f663fe227b94d2bc64fbd8
CVE-2021-3521-02
https://github.com/rpm-software-management/rpm/commit/9f03f42e2614a68f589f9db8fe76287146522c0c
CVE-2021-3521-03
https://github.com/rpm-software-management/rpm/commit/5ff86764b17f31535cb247543a90dd739076ec38
CVE-2021-3521
https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8
(From OE-Core rev: ddb4f775a86855e4ddc6c0d0d1f24a55e0ecbfe0)
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch')
-rw-r--r-- | meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch b/meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch new file mode 100644 index 0000000000..c5f88a8c72 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/CVE-2021-3521-02.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From 9f03f42e2614a68f589f9db8fe76287146522c0c Mon Sep 17 00:00:00 2001 | ||
2 | From: Panu Matilainen <pmatilai@redhat.com> | ||
3 | Date: Thu, 30 Sep 2021 09:56:20 +0300 | ||
4 | Subject: [PATCH] Refactor pgpDigParams construction to helper function | ||
5 | |||
6 | No functional changes, just to reduce code duplication and needed by | ||
7 | the following commits. | ||
8 | |||
9 | Dependent patch: | ||
10 | CVE: CVE-2021-3521 | ||
11 | Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2614a68f589f9db8fe76287146522c0c] | ||
12 | Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> | ||
13 | |||
14 | --- | ||
15 | rpmio/rpmpgp.c | 13 +++++++++---- | ||
16 | 1 file changed, 9 insertions(+), 4 deletions(-) | ||
17 | |||
18 | diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c | ||
19 | index 340de5fc9a..aad7c275c9 100644 | ||
20 | --- a/rpmio/rpmpgp.c | ||
21 | +++ b/rpmio/rpmpgp.c | ||
22 | @@ -1055,6 +1055,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) | ||
23 | return algo; | ||
24 | } | ||
25 | |||
26 | +static pgpDigParams pgpDigParamsNew(uint8_t tag) | ||
27 | +{ | ||
28 | + pgpDigParams digp = xcalloc(1, sizeof(*digp)); | ||
29 | + digp->tag = tag; | ||
30 | + return digp; | ||
31 | +} | ||
32 | + | ||
33 | int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, | ||
34 | pgpDigParams * ret) | ||
35 | { | ||
36 | @@ -1072,8 +1079,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, | ||
37 | if (pkttype && pkt.tag != pkttype) { | ||
38 | break; | ||
39 | } else { | ||
40 | - digp = xcalloc(1, sizeof(*digp)); | ||
41 | - digp->tag = pkt.tag; | ||
42 | + digp = pgpDigParamsNew(pkt.tag); | ||
43 | } | ||
44 | } | ||
45 | |||
46 | @@ -1121,8 +1127,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, | ||
47 | digps = xrealloc(digps, alloced * sizeof(*digps)); | ||
48 | } | ||
49 | |||
50 | - digps[count] = xcalloc(1, sizeof(**digps)); | ||
51 | - digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; | ||
52 | + digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); | ||
53 | /* Copy UID from main key to subkey */ | ||
54 | digps[count]->userid = xstrdup(mainkey->userid); | ||
55 | |||