1 files changed, 0 insertions, 137 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
deleted file mode 100644
index 987e959db2..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Mon, 21 Dec 2020 08:56:43 +0530
-Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
-The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
-area and is not allowed.  The from_euc_kr function used to skip two bytes
-when told to skip over the unknown designation, potentially running over
-the buffer end.
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
-CVE: CVE-2019-25013
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
- iconvdata/Makefile      |  3 ++-
- iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
- iconvdata/euc-kr.c      |  6 +----
- iconvdata/ksc5601.h     |  6 ++---
- 4 files changed, 59 insertions(+), 9 deletions(-)
- create mode 100644 iconvdata/bug-iconv13.c
-diff --git a/iconvdata/Makefile b/iconvdata/Makefile
-index 4ec2741cdc..85009f3390 100644
--- a/iconvdata/Makefile
-+++ b/iconvdata/Makefile
-@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
- ifeq (yes,$(build-shared))
- tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
-        tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
-       bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4
-+       bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
-+       bug-iconv13
- ifeq ($(have-thread-library),yes)
- tests += bug-iconv3
- endif
-diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
-new file mode 100644
-index 0000000000..87aaff398e
--- /dev/null
-+++ b/iconvdata/bug-iconv13.c
-@@ -0,0 +1,53 @@
-+/* bug 24973: Test EUC-KR module
-+   Copyright (C) 2020 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+  iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
-+  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+  /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
-+     areas, which are not allowed and should be skipped over due to
-+     //IGNORE.  The trailing 0xfe also is an incomplete sequence, which
-+     should be checked first.  */
-+  char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
-+  char *inptr = input;
-+  size_t insize = sizeof (input);
-+  char output[4];
-+  char *outptr = output;
-+  size_t outsize = sizeof (output);
-+
-+  /* This used to crash due to buffer overrun.  */
-+  TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
-+  TEST_VERIFY (errno == EINVAL);
-+  /* The conversion should produce one character, the converted null
-+     character.  */
-+  TEST_VERIFY (sizeof (output) - outsize == 1);
-+
-+  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
-index b0d56cf3ee..1045bae926 100644
--- a/iconvdata/euc-kr.c
-+++ b/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
-                                                                              \
-     if (ch <= 0x9f)                                                          \
-       ++inptr;                                                               \
-    /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are                   \
-       user-defined areas.  */                                               \
-    else if (__builtin_expect (ch == 0xa0, 0)                                \
-            || __builtin_expect (ch > 0xfe, 0)                               \
-            || __builtin_expect (ch == 0xc9, 0))                             \
-+    else if (__glibc_unlikely (ch == 0xa0))                                  \
-       {                                                                              \
-        /* This is illegal.  */                                               \
-        STANDARD_FROM_LOOP_ERR_HANDLER (1);                                   \
-diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
-index d3eb3a4ff8..f5cdc72797 100644
--- a/iconvdata/ksc5601.h
-+++ b/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
-   unsigned char ch2;
-   int idx;
- 
-+  if (avail < 2)
-+    return 0;
-+
-   /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
- 
-   if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
-       || (ch - offset) == 0x49)
-     return __UNKNOWN_10646_CHAR;
- 
-  if (avail < 2)
-    return 0;
-
-   ch2 = (*s)[1];
-   if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
-     return __UNKNOWN_10646_CHAR;
-- 
-2.27.0

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch deleted file mode 100644 index 987e959db2..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch +++ /dev/null
@@ -1,137 +0,0 @@
1	From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
2	From: Andreas Schwab <schwab@suse.de>
3	Date: Mon, 21 Dec 2020 08:56:43 +0530
4	Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
5
6	The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
7	area and is not allowed. The from_euc_kr function used to skip two bytes
8	when told to skip over the unknown designation, potentially running over
9	the buffer end.
10
11	Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
12	CVE: CVE-2019-25013
13	Signed-off-by: Scott Murray <scott.murray@konsulko.com>
14	---
15	iconvdata/Makefile \| 3 ++-
16	iconvdata/bug-iconv13.c \| 53 +++++++++++++++++++++++++++++++++++++++++
17	iconvdata/euc-kr.c \| 6 +----
18	iconvdata/ksc5601.h \| 6 ++---
19	4 files changed, 59 insertions(+), 9 deletions(-)
20	create mode 100644 iconvdata/bug-iconv13.c
21
22	diff --git a/iconvdata/Makefile b/iconvdata/Makefile
23	index 4ec2741cdc..85009f3390 100644
24	--- a/iconvdata/Makefile
25	+++ b/iconvdata/Makefile
26	@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
27	ifeq (yes,$(build-shared))
28	tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
29	tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
30	- bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4
31	+ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
32	+ bug-iconv13
33	ifeq ($(have-thread-library),yes)
34	tests += bug-iconv3
35	endif
36	diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
37	new file mode 100644
38	index 0000000000..87aaff398e
39	--- /dev/null
40	+++ b/iconvdata/bug-iconv13.c
41	@@ -0,0 +1,53 @@
42	+/* bug 24973: Test EUC-KR module
43	+ Copyright (C) 2020 Free Software Foundation, Inc.
44	+ This file is part of the GNU C Library.
45	+
46	+ The GNU C Library is free software; you can redistribute it and/or
47	+ modify it under the terms of the GNU Lesser General Public
48	+ License as published by the Free Software Foundation; either
49	+ version 2.1 of the License, or (at your option) any later version.
50	+
51	+ The GNU C Library is distributed in the hope that it will be useful,
52	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
53	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
54	+ Lesser General Public License for more details.
55	+
56	+ You should have received a copy of the GNU Lesser General Public
57	+ License along with the GNU C Library; if not, see
58	+ <https://www.gnu.org/licenses/>. */
59	+
60	+#include <errno.h>
61	+#include <iconv.h>
62	+#include <stdio.h>
63	+#include <support/check.h>
64	+
65	+static int
66	+do_test (void)
67	+{
68	+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
69	+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
70	+
71	+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
72	+ areas, which are not allowed and should be skipped over due to
73	+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
74	+ should be checked first. */
75	+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
76	+ char *inptr = input;
77	+ size_t insize = sizeof (input);
78	+ char output[4];
79	+ char *outptr = output;
80	+ size_t outsize = sizeof (output);
81	+
82	+ /* This used to crash due to buffer overrun. */
83	+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
84	+ TEST_VERIFY (errno == EINVAL);
85	+ /* The conversion should produce one character, the converted null
86	+ character. */
87	+ TEST_VERIFY (sizeof (output) - outsize == 1);
88	+
89	+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
90	+
91	+ return 0;
92	+}
93	+
94	+#include <support/test-driver.c>
95	diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
96	index b0d56cf3ee..1045bae926 100644
97	--- a/iconvdata/euc-kr.c
98	+++ b/iconvdata/euc-kr.c
99	@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
100	\
101	if (ch <= 0x9f) \
102	++inptr; \
103	- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \
104	- user-defined areas. */ \
105	- else if (__builtin_expect (ch == 0xa0, 0) \
106	- \|\| __builtin_expect (ch > 0xfe, 0) \
107	- \|\| __builtin_expect (ch == 0xc9, 0)) \
108	+ else if (__glibc_unlikely (ch == 0xa0)) \
109	{ \
110	/* This is illegal. */ \
111	STANDARD_FROM_LOOP_ERR_HANDLER (1); \
112	diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
113	index d3eb3a4ff8..f5cdc72797 100644
114	--- a/iconvdata/ksc5601.h
115	+++ b/iconvdata/ksc5601.h
116	@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
117	unsigned char ch2;
118	int idx;
119
120	+ if (avail < 2)
121	+ return 0;
122	+
123	/* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
124
125	if (ch < offset \|\| (ch - offset) <= 0x20 \|\| (ch - offset) >= 0x7e
126	\|\| (ch - offset) == 0x49)
127	return __UNKNOWN_10646_CHAR;
128
129	- if (avail < 2)
130	- return 0;
131	-
132	ch2 = (*s)[1];
133	if (ch2 < offset \|\| (ch2 - offset) <= 0x20 \|\| (ch2 - offset) >= 0x7f)
134	return __UNKNOWN_10646_CHAR;
135	--
136	2.27.0
137