diff options
author | Armin Kuster <akuster@mvista.com> | 2019-05-26 07:22:17 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-27 18:05:17 +0100 |
commit | 2c225a199d441b52698eb094dadf2b98dba58244 (patch) | |
tree | e06220fb6961eec43bdaa0686fd597e0e6425eb3 /meta | |
parent | a7ffffd44089cead5fae6e98f74d9bbb7c093a2a (diff) | |
download | poky-2c225a199d441b52698eb094dadf2b98dba58244.tar.gz |
glibc: Security fix CVE-2019-9169
(From OE-Core rev: 3103f407ff0c579c7e5887fd925d52d5c92c83f9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2019-9169.patch | 63 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.28.bb | 1 |
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch new file mode 100644 index 0000000000..14cfaa35af --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Eggert <eggert@cs.ucla.edu> | ||
3 | Date: Mon, 21 Jan 2019 11:08:13 -0800 | ||
4 | Subject: [PATCH] regex: fix read overrun [BZ #24114] | ||
5 | |||
6 | Problem found by AddressSanitizer, reported by Hongxu Chen in: | ||
7 | https://debbugs.gnu.org/34140 | ||
8 | * posix/regexec.c (proceed_next_node): | ||
9 | Do not read past end of input buffer. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9 | ||
13 | |||
14 | CVE: CVE-2019-9169 | ||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | ChangeLog | 10 +++++++++- | ||
19 | posix/regexec.c | 6 ++++-- | ||
20 | 2 files changed, 13 insertions(+), 3 deletions(-) | ||
21 | |||
22 | Index: git/ChangeLog | ||
23 | =================================================================== | ||
24 | --- git.orig/ChangeLog | ||
25 | +++ git/ChangeLog | ||
26 | @@ -1,3 +1,11 @@ | ||
27 | +2019-01-31 Paul Eggert <eggert@cs.ucla.edu> | ||
28 | + | ||
29 | + regex: fix read overrun [BZ #24114] | ||
30 | + Problem found by AddressSanitizer, reported by Hongxu Chen in: | ||
31 | + https://debbugs.gnu.org/34140 | ||
32 | + * posix/regexec.c (proceed_next_node): | ||
33 | + Do not read past end of input buffer. | ||
34 | + | ||
35 | 2018-09-30 Martin Jansa <Martin.Jansa@gmail.com> | ||
36 | Partial fix for [BZ #23716] | ||
37 | * locale/weight.h: Fix build with -Os. | ||
38 | @@ -10917,7 +10925,7 @@ | ||
39 | (CFLAGS-wcstof_l.c): Likewise. | ||
40 | (CPPFLAGS-tst-wchar-h.c): Likewise. | ||
41 | (CPPFLAGS-wcstold_l.c): Likewise. | ||
42 | ---- | ||
43 | + | ||
44 | 2017-12-11 Paul A. Clarke <pc@us.ibm.com> | ||
45 | |||
46 | * sysdeps/ieee754/flt-32/s_cosf.c: New implementation. | ||
47 | Index: git/posix/regexec.c | ||
48 | =================================================================== | ||
49 | --- git.orig/posix/regexec.c | ||
50 | +++ git/posix/regexec.c | ||
51 | @@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex | ||
52 | else if (naccepted) | ||
53 | { | ||
54 | char *buf = (char *) re_string_get_buffer (&mctx->input); | ||
55 | - if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | ||
56 | - naccepted) != 0) | ||
57 | + if (mctx->input.valid_len - *pidx < naccepted | ||
58 | + || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | ||
59 | + naccepted) | ||
60 | + != 0)) | ||
61 | return -1; | ||
62 | } | ||
63 | } | ||
diff --git a/meta/recipes-core/glibc/glibc_2.28.bb b/meta/recipes-core/glibc/glibc_2.28.bb index 72cee04d9a..1bcec3ecb1 100644 --- a/meta/recipes-core/glibc/glibc_2.28.bb +++ b/meta/recipes-core/glibc/glibc_2.28.bb | |||
@@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
47 | file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \ | 47 | file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \ |
48 | file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ | 48 | file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ |
49 | file://0034-inject-file-assembly-directives.patch \ | 49 | file://0034-inject-file-assembly-directives.patch \ |
50 | file://CVE-2019-9169.patch \ | ||
50 | " | 51 | " |
51 | 52 | ||
52 | NATIVESDKFIXES ?= "" | 53 | NATIVESDKFIXES ?= "" |