1 files changed, 0 insertions, 33 deletions
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
deleted file mode 100644
index a40a9f30bc..0000000000
--- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-The patch to fix CVE-2012-5667
-Reference: https://bugzilla.redhat.com/attachment.cgi?id=686605&action=diff
-Multiple integer overflows in GNU Grep before 2.11 might allow
-context-dependent attackers to execute arbitrary code via vectors
-involving a long input line that triggers a heap-based buffer overflow.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
-Upstream-Status: Inappropriate [other]
-This version of GNU Grep has been abandoned upstream and they are no longer
-accepting patches.  This is not a backport.
-CVE: CVE-2012-5667
-Signed-off-by: Ming Liu <ming.liu@windriver.com>
---
- grep.c |    7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
--- a/src/grep.c        2013-05-15 13:39:33.359191769 +0800
-+++ a/src/grep.c        2013-05-15 13:50:22.609191882 +0800
-@@ -306,6 +306,11 @@ fillbuf (size_t save, struct stats const
-   int cc = 1;
-   char *readbuf;
-   size_t readsize;
-+  const size_t max_save = INT_MAX / 2;
-+
-+  /* Limit the amount of saved data to INT_MAX to fix CVE-2012-5667 */
-+  if (save > max_save)
-+     error (2, 0, _("line too long"));
- 
-   /* Offset from start of buffer to start of old stuff
-      that we want to save.  */

diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch deleted file mode 100644 index a40a9f30bc..0000000000 --- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch +++ /dev/null
@@ -1,33 +0,0 @@
1	The patch to fix CVE-2012-5667
2	Reference: https://bugzilla.redhat.com/attachment.cgi?id=686605&action=diff
3
4	Multiple integer overflows in GNU Grep before 2.11 might allow
5	context-dependent attackers to execute arbitrary code via vectors
6	involving a long input line that triggers a heap-based buffer overflow.
7
8	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
9
10	Upstream-Status: Inappropriate [other]
11	This version of GNU Grep has been abandoned upstream and they are no longer
12	accepting patches. This is not a backport.
13	CVE: CVE-2012-5667
14
15	Signed-off-by: Ming Liu <ming.liu@windriver.com>
16	---
17	grep.c \| 7 +++----
18	1 file changed, 3 insertions(+), 4 deletions(-)
19
20	--- a/src/grep.c 2013-05-15 13:39:33.359191769 +0800
21	+++ a/src/grep.c 2013-05-15 13:50:22.609191882 +0800
22	@@ -306,6 +306,11 @@ fillbuf (size_t save, struct stats const
23	int cc = 1;
24	char *readbuf;
25	size_t readsize;
26	+ const size_t max_save = INT_MAX / 2;
27	+
28	+ /* Limit the amount of saved data to INT_MAX to fix CVE-2012-5667 */
29	+ if (save > max_save)
30	+ error (2, 0, _("line too long"));
31
32	/* Offset from start of buffer to start of old stuff
33	that we want to save. */