2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
new file mode 100644
index 0000000000..bdaba5eecd
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
@@ -0,0 +1,48 @@
+From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Wed, 3 Aug 2016 11:51:07 -0500
+Subject: [PATCH] Simplify getulong
+Use strtoul to read an unsigned long, rather than reading
+a signed long long and casting it.
+https://bugzilla.suse.com/show_bug.cgi?id=979282
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/getulong.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+diff --git a/lib/getulong.c b/lib/getulong.c
+index 61579ca..08d2c1a 100644
+--- a/lib/getulong.c
+++ b/lib/getulong.c
+@@ -44,22 +44,19 @@
+  */
+ int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+ {
+-       long long int val;
+       unsigned long int val;
+        char *endptr;
+ 
+        errno = 0;
+-       val = strtoll (numstr, &endptr, 0);
+       val = strtoul (numstr, &endptr, 0);
+        if (    ('\0' == *numstr)
+             || ('\0' != *endptr)
+             || (ERANGE == errno)
+-            /*@+ignoresigns@*/
+-            || (val != (unsigned long int)val)
+-            /*@=ignoresigns@*/
+           ) {
+                return 0;
+        }
+ 
+-       *result = (unsigned long int)val;
+       *result = val;
+        return 1;
+ }
+ 
+-- 
+1.9.1
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 18eba72895..f3f5bf6f07 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -22,6 +22,7 @@ SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
           file://CVE-2017-2616.patch \
           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
           file://CVE-2018-7169.patch \
+           file://CVE-2016-6252.patch \
           "
 SRC_URI_append_class-target = " \

diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch new file mode 100644 index 0000000000..bdaba5eecd --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
@@ -0,0 +1,48 @@
		1	From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
		2	From: Sebastian Krahmer <krahmer@suse.com>
		3	Date: Wed, 3 Aug 2016 11:51:07 -0500
		4	Subject: [PATCH] Simplify getulong
		5
		6	Use strtoul to read an unsigned long, rather than reading
		7	a signed long long and casting it.
		8
		9	https://bugzilla.suse.com/show_bug.cgi?id=979282
		10
		11	Upstream-Status: Backport
		12	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		13	---
		14	lib/getulong.c \| 9 +++------
		15	1 file changed, 3 insertions(+), 6 deletions(-)
		16
		17	diff --git a/lib/getulong.c b/lib/getulong.c
		18	index 61579ca..08d2c1a 100644
		19	--- a/lib/getulong.c
		20	+++ b/lib/getulong.c
		21	@@ -44,22 +44,19 @@
		22	*/
		23	int getulong (const char numstr, /@out@/unsigned long int result)
		24	{
		25	- long long int val;
		26	+ unsigned long int val;
		27	char *endptr;
		28
		29	errno = 0;
		30	- val = strtoll (numstr, &endptr, 0);
		31	+ val = strtoul (numstr, &endptr, 0);
		32	if ( ('\0' == *numstr)
		33	\|\| ('\0' != *endptr)
		34	\|\| (ERANGE == errno)
		35	- /@+ignoresigns@/
		36	- \|\| (val != (unsigned long int)val)
		37	- /@=ignoresigns@/
		38	) {
		39	return 0;
		40	}
		41
		42	- *result = (unsigned long int)val;
		43	+ *result = val;
		44	return 1;
		45	}
		46
		47	--
		48	1.9.1


diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 18eba72895..f3f5bf6f07 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc
@@ -22,6 +22,7 @@ SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
22	file://CVE-2017-2616.patch \	22	file://CVE-2017-2616.patch \
23	${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \	23	${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
24	file://CVE-2018-7169.patch \	24	file://CVE-2018-7169.patch \
		25	file://CVE-2016-6252.patch \
25	"	26	"
26		27
27	SRC_URI_append_class-target = " \	28	SRC_URI_append_class-target = " \