libsolv: fix CVE-2021-3200

(From OE-Core rev: e8e06e4175c010a7dc0a4e3598b70b89d43f8475) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2021-08-10 11:45:30 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-18 18:00:19 +0100
commit: 7f702f6e67c53616e2e1dd34cdb0a9307480b631 (patch)
tree: 1e94c9eda2d66d584c98500769bab32a205d6e11 /meta/recipes-extended/libsolv
parent: 9a93dde4e3d8c19b544488d0f039b255033e247d (diff)
download: poky-7f702f6e67c53616e2e1dd34cdb0a9307480b631.tar.gz
2 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
new file mode 100644
index 0000000000..74164ab495
--- /dev/null
+++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
@@ -0,0 +1,67 @@
+From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Mon, 14 Dec 2020 11:12:00 +0100
+Subject: [PATCH] testcase_read: error out if repos are added or the system is
+ changed too late
+We must not add new solvables after the considered map was created, the solver
+was created, or jobs were added. We may not changed the system after jobs have
+been added.
+(Jobs may point inside the whatproviedes array, so we must not invalidate this
+area.)
+Upstream-Status: Backport 
+https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
+CVE: CVE-2021-3200
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ext/testcase.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 0be7a213..8fb6d793 100644
+--- a/ext/testcase.c
+++ b/ext/testcase.c
+@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+   Id *genid = 0;
+   int ngenid = 0;
+   Queue autoinstq;
+  int oldjobsize = job ? job->count : 0;
+ 
+   if (resultp)
+     *resultp = 0;
+@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+          int prio, subprio;
+          const char *rdata;
+ 
+         if (pool->considered)
+           {
+             pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
+             continue;
+           }
+         if (solv)
+           {
+             pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
+             continue;
+           }
+         if (job && job->count != oldjobsize)
+           {
+             pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
+             continue;
+           }
+          prepared = 0;
+           if (!poolflagsreset)
+            {
+@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+          int i;
+ 
+          /* must set the disttype before the arch */
+         if (job && job->count != oldjobsize)
+           {
+             pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
+             continue;
+           }
+          prepared = 0;
+          if (strcmp(pieces[2], "*") != 0)
+            {
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
index 1cf5e2eb29..eadf04aa5a 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
 DEPENDS = "expat zlib"
 SRC_URI = "git://github.com/openSUSE/libsolv.git \
+           file://CVE-2021-3200.patch \
 "
 SRCREV = "605dd2645ef899e2b7c95709476fb51e28d7e378"
author	Lee Chee Yang <chee.yang.lee@intel.com>	2021-08-10 11:45:30 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-18 18:00:19 +0100
commit	7f702f6e67c53616e2e1dd34cdb0a9307480b631 (patch)
tree	1e94c9eda2d66d584c98500769bab32a205d6e11 /meta/recipes-extended/libsolv
parent	9a93dde4e3d8c19b544488d0f039b255033e247d (diff)
download	poky-7f702f6e67c53616e2e1dd34cdb0a9307480b631.tar.gz

diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch new file mode 100644 index 0000000000..74164ab495 --- /dev/null +++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
@@ -0,0 +1,67 @@
		1	From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
		2	From: Michael Schroeder <mls@suse.de>
		3	Date: Mon, 14 Dec 2020 11:12:00 +0100
		4	Subject: [PATCH] testcase_read: error out if repos are added or the system is
		5	changed too late
		6
		7	We must not add new solvables after the considered map was created, the solver
		8	was created, or jobs were added. We may not changed the system after jobs have
		9	been added.
		10
		11	(Jobs may point inside the whatproviedes array, so we must not invalidate this
		12	area.)
		13
		14	Upstream-Status: Backport
		15	https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
		16	CVE: CVE-2021-3200
		17	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
		18	---
		19	ext/testcase.c \| 21 +++++++++++++++++++++
		20	1 file changed, 21 insertions(+)
		21
		22	diff --git a/ext/testcase.c b/ext/testcase.c
		23	index 0be7a213..8fb6d793 100644
		24	--- a/ext/testcase.c
		25	+++ b/ext/testcase.c
		26	@@ -1991,6 +1991,7 @@ testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char **res
		27	Id *genid = 0;
		28	int ngenid = 0;
		29	Queue autoinstq;
		30	+ int oldjobsize = job ? job->count : 0;
		31
		32	if (resultp)
		33	*resultp = 0;
		34	@@ -2065,6 +2066,21 @@ testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char **res
		35	int prio, subprio;
		36	const char *rdata;
		37
		38	+ if (pool->considered)
		39	+ {
		40	+ pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
		41	+ continue;
		42	+ }
		43	+ if (solv)
		44	+ {
		45	+ pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
		46	+ continue;
		47	+ }
		48	+ if (job && job->count != oldjobsize)
		49	+ {
		50	+ pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
		51	+ continue;
		52	+ }
		53	prepared = 0;
		54	if (!poolflagsreset)
		55	{
		56	@@ -2125,6 +2141,11 @@ testcase_read(Pool pool, FILE fp, const char testcase, Queue job, char **res
		57	int i;
		58
		59	/* must set the disttype before the arch */
		60	+ if (job && job->count != oldjobsize)
		61	+ {
		62	+ pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
		63	+ continue;
		64	+ }
		65	prepared = 0;
		66	if (strcmp(pieces[2], "*") != 0)
		67	{


diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb index 1cf5e2eb29..eadf04aa5a 100644 --- a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb +++ b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
9	DEPENDS = "expat zlib"	9	DEPENDS = "expat zlib"
10		10
11	SRC_URI = "git://github.com/openSUSE/libsolv.git \	11	SRC_URI = "git://github.com/openSUSE/libsolv.git \
		12	file://CVE-2021-3200.patch \
12	"	13	"
13		14
14	SRCREV = "605dd2645ef899e2b7c95709476fb51e28d7e378"	15	SRCREV = "605dd2645ef899e2b7c95709476fb51e28d7e378"