diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2020-01-29 10:07:34 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-02-03 13:03:32 +0000 |
commit | 60297786e68cfdaad8487d79c87a815ec3e92b36 (patch) | |
tree | 558563a0d35d76f071530b43e45f240a55384646 /meta | |
parent | e23464430951cff7c1a875e69cf184865b98695e (diff) | |
download | poky-60297786e68cfdaad8487d79c87a815ec3e92b36.tar.gz |
libarchive: upgrade 3.4.0 -> 3.4.1
(From OE-Core rev: 8b58523919f3a8276d4e35c21a058c6d087a3c7e)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch | 101 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.4.1.bb (renamed from meta/recipes-extended/libarchive/libarchive_3.4.0.bb) | 8 |
2 files changed, 3 insertions, 106 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch deleted file mode 100644 index b57e87874f..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch +++ /dev/null | |||
@@ -1,101 +0,0 @@ | |||
1 | From 22b1db9d46654afc6f0c28f90af8cdc84a199f41 Mon Sep 17 00:00:00 2001 | ||
2 | From: Martin Matuska <martin@matuska.org> | ||
3 | Date: Thu, 21 Nov 2019 03:08:40 +0100 | ||
4 | Subject: [PATCH] Bugfix and optimize archive_wstring_append_from_mbs() | ||
5 | |||
6 | The cal to mbrtowc() or mbtowc() should read up to mbs_length | ||
7 | bytes and not wcs_length. This avoids out-of-bounds reads. | ||
8 | |||
9 | mbrtowc() and mbtowc() return (size_t)-1 wit errno EILSEQ when | ||
10 | they encounter an invalid multibyte character and (size_t)-2 when | ||
11 | they they encounter an incomplete multibyte character. As we return | ||
12 | failure and all our callers error out it makes no sense to continue | ||
13 | parsing mbs. | ||
14 | |||
15 | As we allocate `len` wchars at the beginning and each wchar has | ||
16 | at least one byte, there will never be need to grow the buffer, | ||
17 | so the code can be left out. On the other hand, we are always | ||
18 | allocatng more memory than we need. | ||
19 | |||
20 | As long as wcs_length == mbs_length == len we can omit wcs_length. | ||
21 | We keep the old code commented if we decide to save memory and | ||
22 | use autoexpanding wcs_length in the future. | ||
23 | |||
24 | Fixes #1276 | ||
25 | |||
26 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41] | ||
27 | CVE: CVE-2019-19221 | ||
28 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
29 | --- | ||
30 | libarchive/archive_string.c | 28 +++++++++++++++++----------- | ||
31 | 1 file changed, 17 insertions(+), 11 deletions(-) | ||
32 | |||
33 | diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c | ||
34 | index 979a418b6..bd39c96f1 100644 | ||
35 | --- a/libarchive/archive_string.c | ||
36 | +++ b/libarchive/archive_string.c | ||
37 | @@ -591,7 +591,7 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, | ||
38 | * No single byte will be more than one wide character, | ||
39 | * so this length estimate will always be big enough. | ||
40 | */ | ||
41 | - size_t wcs_length = len; | ||
42 | + // size_t wcs_length = len; | ||
43 | size_t mbs_length = len; | ||
44 | const char *mbs = p; | ||
45 | wchar_t *wcs; | ||
46 | @@ -600,7 +600,11 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, | ||
47 | |||
48 | memset(&shift_state, 0, sizeof(shift_state)); | ||
49 | #endif | ||
50 | - if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) | ||
51 | + /* | ||
52 | + * As we decided to have wcs_length == mbs_length == len | ||
53 | + * we can use len here instead of wcs_length | ||
54 | + */ | ||
55 | + if (NULL == archive_wstring_ensure(dest, dest->length + len + 1)) | ||
56 | return (-1); | ||
57 | wcs = dest->s + dest->length; | ||
58 | /* | ||
59 | @@ -609,6 +613,12 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, | ||
60 | * multi bytes. | ||
61 | */ | ||
62 | while (*mbs && mbs_length > 0) { | ||
63 | + /* | ||
64 | + * The buffer we allocated is always big enough. | ||
65 | + * Keep this code path in a comment if we decide to choose | ||
66 | + * smaller wcs_length in the future | ||
67 | + */ | ||
68 | +/* | ||
69 | if (wcs_length == 0) { | ||
70 | dest->length = wcs - dest->s; | ||
71 | dest->s[dest->length] = L'\0'; | ||
72 | @@ -618,24 +628,20 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, | ||
73 | return (-1); | ||
74 | wcs = dest->s + dest->length; | ||
75 | } | ||
76 | +*/ | ||
77 | #if HAVE_MBRTOWC | ||
78 | - r = mbrtowc(wcs, mbs, wcs_length, &shift_state); | ||
79 | + r = mbrtowc(wcs, mbs, mbs_length, &shift_state); | ||
80 | #else | ||
81 | - r = mbtowc(wcs, mbs, wcs_length); | ||
82 | + r = mbtowc(wcs, mbs, mbs_length); | ||
83 | #endif | ||
84 | if (r == (size_t)-1 || r == (size_t)-2) { | ||
85 | ret_val = -1; | ||
86 | - if (errno == EILSEQ) { | ||
87 | - ++mbs; | ||
88 | - --mbs_length; | ||
89 | - continue; | ||
90 | - } else | ||
91 | - break; | ||
92 | + break; | ||
93 | } | ||
94 | if (r == 0 || r > mbs_length) | ||
95 | break; | ||
96 | wcs++; | ||
97 | - wcs_length--; | ||
98 | + // wcs_length--; | ||
99 | mbs += r; | ||
100 | mbs_length -= r; | ||
101 | } | ||
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb b/meta/recipes-extended/libarchive/libarchive_3.4.1.bb index 755a9c7fa4..2d33dd80ab 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.1.bb | |||
@@ -31,12 +31,10 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," | |||
31 | 31 | ||
32 | EXTRA_OECONF += "--enable-largefile" | 32 | EXTRA_OECONF += "--enable-largefile" |
33 | 33 | ||
34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ | 34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" |
35 | file://CVE-2019-19221.patch \ | ||
36 | " | ||
37 | 35 | ||
38 | SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac" | 36 | SRC_URI[md5sum] = "59bff5ee6216cbb76c8354f6dd6f5a5a" |
39 | SRC_URI[sha256sum] = "8643d50ed40c759f5412a3af4e353cffbce4fdf3b5cf321cb72cacf06b2d825e" | 37 | SRC_URI[sha256sum] = "fcf87f3ad8db2e4f74f32526dee62dd1fb9894782b0a503a89c9d7a70a235191" |
40 | 38 | ||
41 | inherit autotools update-alternatives pkgconfig | 39 | inherit autotools update-alternatives pkgconfig |
42 | 40 | ||