10 files changed, 434 insertions, 0 deletions
diff --git a/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
new file mode 100644
index 0000000000..32846f50be
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
@@ -0,0 +1,129 @@
+From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
+From: Yuliy Pisetsky <ypisetsky@fb.com>
+Date: Thu, 01 Jan 2015 23:36:55 +0000
+Subject: grep -F: fix a heap buffer (read) overrun
+grep's read buffer is often filled to its full size, except when
+reading the final buffer of a file.  In that case, the number of
+bytes read may be far less than the size of the buffer.  However, for
+certain unusual pattern/text combinations, grep -F would mistakenly
+examine bytes in that uninitialized region of memory when searching
+for a match.  With carefully chosen inputs, one can cause grep -F to
+read beyond the end of that buffer altogether.  This problem arose via
+commit v2.18-90-g73893ff with the introduction of a more efficient
+heuristic using what is now the memchr_kwset function. The use of
+that function in bmexec_trans could leave TP much larger than EP,
+and the subsequent call to bm_delta2_search would mistakenly access
+beyond end of the main input read buffer.
+* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
+do not call bm_delta2_search.
+* tests/kwset-abuse: New file.
+* tests/Makefile.am (TESTS): Add it.
+* NEWS (Bug fixes): Mention it.
+Prior to this patch, this command would trigger a UMR:
+  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
+  Use of uninitialised value of size 8
+     at 0x4142BE: bmexec_trans (kwset.c:657)
+     by 0x4143CA: bmexec (kwset.c:678)
+     by 0x414973: kwsexec (kwset.c:848)
+     by 0x414DC4: Fexecute (kwsearch.c:128)
+     by 0x404E2E: grepbuf (grep.c:1238)
+     by 0x4054BF: grep (grep.c:1417)
+     by 0x405CEB: grepdesc (grep.c:1645)
+     by 0x405EC1: grep_command_line_arg (grep.c:1692)
+     by 0x4077D4: main (grep.c:2570)
+See the accompanying test for how to trigger the heap buffer overrun.
+Thanks to Nima Aghdaii for testing and finding numerous
+ways to break early iterations of this patch.
+Fixes CVE-2015-1345.
+Upstream-Status: Backport
+---
+diff --git a/NEWS b/NEWS
+index 975440d..3835d8d 100644
+--- a/NEWS
+++ b/NEWS
+@@ -2,6 +2,11 @@ GNU grep NEWS                                    -*- outline -*-
+ 
+ * Noteworthy changes in release ?.? (????-??-??) [?]
+ 
+** Bug fixes
+
+  grep no longer reads from uninitialized memory or from beyond the end
+  of the heap-allocated input buffer.
+
+ 
+ * Noteworthy changes in release 2.21 (2014-11-23) [stable]
+ 
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
+++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+                     if (! tp)
+                       return -1;
+                     tp++;
+                    if (ep <= tp)
+                      break;
+                   }
+               }
+           }
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 2cba2cd..0508cd2 100644
+--- a/tests/Makefile.am
+++ b/tests/Makefile.am
+@@ -75,6 +75,7 @@ TESTS =                                               \
+   inconsistent-range                           \
+   invalid-multibyte-infloop                    \
+   khadafy                                      \
+  kwset-abuse                                  \
+   long-line-vs-2GiB-read                       \
+   match-lines                                  \
+   max-count-overread                           \
+diff --git a/tests/kwset-abuse b/tests/kwset-abuse
+new file mode 100755
+index 0000000..6d8ec0c
+--- a/dev/null
+++ b/tests/kwset-abuse
+@@ -0,0 +1,32 @@
+#! /bin/sh
+# Evoke a segfault in a hard-to-reach code path of kwset.c.
+# This bug affected grep versions 2.19 through 2.21.
+#
+# Copyright (C) 2015 Free Software Foundation, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+
+fail=0
+
+# This test case chooses a haystack of size 260,000, since prodding
+# with gdb showed a reallocation slightly larger than that in fillbuf.
+# To reach the buggy code, the needle must have length < 1/11 that of
+# the haystack, and 10,000 is a nice round number that fits the bill.
+printf '%0260000dXy\n' 0 | grep -F $(printf %010000dy 0)
+
+test $? = 1 || fail=1
+
+Exit $fail
+--
+cgit v0.9.0.2
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/Makevars b/meta/recipes-extended/grep/grep-2.5.1a/Makevars
new file mode 100644
index 0000000000..8b09f53b0f
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/Makevars
@@ -0,0 +1,25 @@
+# Makefile variables for PO directory in any package using GNU gettext.
+# Usually the message domain is the same as the package name.
+DOMAIN = $(PACKAGE)
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file.  Set this to the copyright holder of the surrounding
+# package.  (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.)  Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright.  The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Free Software Foundation, Inc.
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used.  It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch b/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch
new file mode 100644
index 0000000000..5a4149cfc0
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Inappropriate [Poky Specific this is gplv2 version]
+Signed-off-by Saul Wold <sgw@linux.intel.com>
+Index: grep-2.5.1a/doc/grep.texi
+===================================================================
+--- grep-2.5.1a.orig/doc/grep.texi
+++ grep-2.5.1a/doc/grep.texi
+@@ -288,7 +288,7 @@ This version number should be included i
+ Print a usage message briefly summarizing these command-line options
+ and the bug-reporting address, then exit.
+ 
+-@itemx --binary-files=@var{type}
+@item --binary-files=@var{type}
+ @opindex --binary-files
+ @cindex binary files
+ If the first few bytes of a file indicate that the file contains binary
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch b/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch
new file mode 100644
index 0000000000..3b91520fb2
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch
@@ -0,0 +1,17 @@
+Always use locale.h as HAVE_LOCALE_H is no longer handled by ./configure
+Upstream-Status: Inappropriate [ old version that will not be maintained ]
+Signed-off-by: Alex DAMIAN <alexandru.damian@intel.com>
+diff --recursive --unified grep-2.5.1a-orig/lib/hard-locale.c grep-2.5.1a/lib/hard-locale.c
+--- grep-2.5.1a-orig/lib/hard-locale.c  2001-03-04 07:33:12.000000000 +0200
+++ grep-2.5.1a/lib/hard-locale.c       2013-03-11 17:05:52.086444891 +0200
+@@ -38,9 +38,7 @@
+ # endif
+ #endif
+ 
+-#if HAVE_LOCALE_H
+ # include <locale.h>
+-#endif
+ 
+ #if HAVE_STRING_H
+ # include <string.h>
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch b/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch
new file mode 100644
index 0000000000..57463355a7
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch
@@ -0,0 +1,15 @@
+Enable operation with later versions of gettext.
+Upstream-Status: Inappropriate
+RP 2012/10/19
+Index: grep-2.5.1a/configure.in
+===================================================================
+--- grep-2.5.1a.orig/configure.in       2012-10-19 12:57:51.646970204 +0000
+++ grep-2.5.1a/configure.in    2012-10-19 12:59:49.946968803 +0000
+@@ -140,4 +140,4 @@
+        AC_CHECK_LIB(pcre, pcre_exec)
+ fi
+ 
+-AC_OUTPUT(Makefile lib/Makefile lib/posix/Makefile src/Makefile tests/Makefile po/Makefile.in intl/Makefile doc/Makefile m4/Makefile vms/Makefile bootstrap/Makefile, [sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile; echo timestamp > stamp-h])
+AC_OUTPUT(Makefile lib/Makefile lib/posix/Makefile src/Makefile tests/Makefile po/Makefile.in intl/Makefile doc/Makefile m4/Makefile vms/Makefile bootstrap/Makefile, [echo timestamp > stamp-h])
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
new file mode 100644
index 0000000000..059d0687b3
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
@@ -0,0 +1,32 @@
+The patch to fix CVE-2012-5667
+Reference: https://bugzilla.redhat.com/attachment.cgi?id=686605&action=diff
+Multiple integer overflows in GNU Grep before 2.11 might allow
+context-dependent attackers to execute arbitrary code via vectors
+involving a long input line that triggers a heap-based buffer overflow.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
+Upstream-Status: Inappropriate [other]
+This version of GNU Grep has been abandoned upstream and they are no longer
+accepting patches.  This is not a backport.
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ grep.c |    7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+--- a/src/grep.c        2013-05-15 13:39:33.359191769 +0800
+++ a/src/grep.c        2013-05-15 13:50:22.609191882 +0800
+@@ -306,6 +306,11 @@ fillbuf (size_t save, struct stats const
+   int cc = 1;
+   char *readbuf;
+   size_t readsize;
+  const size_t max_save = INT_MAX / 2;
+
+  /* Limit the amount of saved data to INT_MAX to fix CVE-2012-5667 */
+  if (save > max_save)
+     error (2, 0, _("line too long"));
+ 
+   /* Offset from start of buffer to start of old stuff
+      that we want to save.  */
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch
new file mode 100644
index 0000000000..3ccce5fc36
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch
@@ -0,0 +1,52 @@
+Upstream-Status: Pending
+automake 1.12 has depricated automatic de-ANSI-fication support
+this patch avoids these kinds of errors:
+| configure.in:33: error: automatic de-ANSI-fication support has been removed
+| /srv/home/nitin/builds/build-gcc47/tmp/sysroots/x86_64-linux/usr/share/aclocal-1.12/protos.m4:12: AM_C_PROTOTYPES is expanded from...
+| configure.in:33: the top level
+| autom4te: m4 failed with exit status: 1
+...
+| lib/Makefile.am:2: error: automatic de-ANSI-fication support has been removed
+| src/Makefile.am:2: error: automatic de-ANSI-fication support has been removed
+| autoreconf: automake failed with exit status: 1
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/05/04
+Index: grep-2.5.1a/configure.in
+===================================================================
+--- grep-2.5.1a.orig/configure.in
+++ grep-2.5.1a/configure.in
+@@ -30,7 +30,6 @@ AC_PROG_RANLIB
+ 
+ dnl Checks for typedefs, structures, and compiler characteristics.
+ AC_SYS_LARGEFILE
+-AM_C_PROTOTYPES
+ AC_TYPE_SIZE_T
+ AC_CHECK_TYPE(ssize_t, int)
+ AC_C_CONST
+Index: grep-2.5.1a/lib/Makefile.am
+===================================================================
+--- grep-2.5.1a.orig/lib/Makefile.am
+++ grep-2.5.1a/lib/Makefile.am
+@@ -1,5 +1,5 @@
+ #
+-AUTOMAKE_OPTIONS = ../src/ansi2knr
+AUTOMAKE_OPTIONS = 
+ 
+ SUBDIRS = posix
+ 
+Index: grep-2.5.1a/src/Makefile.am
+===================================================================
+--- grep-2.5.1a.orig/src/Makefile.am
+++ grep-2.5.1a/src/Makefile.am
+@@ -1,5 +1,5 @@
+ ## Process this file with automake to create Makefile.in
+-AUTOMAKE_OPTIONS = ansi2knr no-dependencies
+AUTOMAKE_OPTIONS = no-dependencies
+ 
+ LN = ln
+ 
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch b/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch
new file mode 100644
index 0000000000..de054fc755
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch
@@ -0,0 +1,55 @@
+Upstream-Status: Inappropriate [licensing]
+# Fix to use mempcpy instead of __mempcpy. This is needed for uclibc which
+# doesn't define __mempcpy, only mempcpy. Since both uclibc and glibc have
+# mempcpy, we'll just use that instead.
+# Patch source: OpenEmbedded
+Index: grep-2.5.1/intl/localealias.c
+===================================================================
+--- grep-2.5.1.orig/intl/localealias.c  2002-03-14 00:39:06.000000000 +1100
+++ grep-2.5.1/intl/localealias.c       2007-05-17 13:53:58.000000000 +1000
+@@ -65,7 +65,7 @@
+ # define strcasecmp __strcasecmp
+ 
+ # ifndef mempcpy
+-#  define mempcpy __mempcpy
+#  error "mempcpy not detected"
+ # endif
+ # define HAVE_MEMPCPY  1
+ # define HAVE___FSETLOCKING    1
+Index: grep-2.5.1/lib/getopt.c
+===================================================================
+--- grep-2.5.1.orig/lib/getopt.c        2001-03-04 16:33:12.000000000 +1100
+++ grep-2.5.1/lib/getopt.c     2007-05-17 13:51:44.000000000 +1000
+@@ -326,7 +326,7 @@
+        nonoption_flags_len = nonoption_flags_max_len = 0;
+       else
+        {
+-         memset (__mempcpy (new_str, __getopt_nonoption_flags,
+         memset (mempcpy (new_str, __getopt_nonoption_flags,
+                             nonoption_flags_max_len),
+                  '\0', top + 1 - nonoption_flags_max_len);
+          nonoption_flags_max_len = top + 1;
+@@ -437,7 +437,7 @@
+              if (__getopt_nonoption_flags == NULL)
+                nonoption_flags_max_len = -1;
+              else
+-               memset (__mempcpy (__getopt_nonoption_flags, orig_str, len),
+               memset (mempcpy (__getopt_nonoption_flags, orig_str, len),
+                        '\0', nonoption_flags_max_len - len);
+            }
+        }
+Index: grep-2.5.1/lib/regex.c
+===================================================================
+--- grep-2.5.1.orig/lib/regex.c 2001-04-03 04:04:45.000000000 +1000
+++ grep-2.5.1/lib/regex.c      2007-05-17 13:51:48.000000000 +1000
+@@ -7842,7 +7842,7 @@
+       if (msg_size > errbuf_size)
+         {
+ #if defined HAVE_MEMPCPY || defined _LIBC
+-         *((char *) __mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
+         *((char *) mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
+ #else
+           memcpy (errbuf, msg, errbuf_size - 1);
+           errbuf[errbuf_size - 1] = 0;
diff --git a/meta/recipes-extended/grep/grep_2.19.bb b/meta/recipes-extended/grep/grep_2.19.bb
new file mode 100644
index 0000000000..d60ce5e389
--- /dev/null
+++ b/meta/recipes-extended/grep/grep_2.19.bb
@@ -0,0 +1,41 @@
+SUMMARY = "GNU grep utility"
+HOMEPAGE = "http://savannah.gnu.org/projects/grep/"
+BUGTRACKER = "http://savannah.gnu.org/bugs/?group=grep"
+SECTION = "console/utils"
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8006d9c814277c1bfc4ca22af94b59ee"
+SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.xz \
+           file://grep2.19-CVE-2015-1345.patch \
+           "
+SRC_URI[md5sum] = "ac732142227d9fe9567d71301e127979"
+SRC_URI[sha256sum] = "6388295be48cfcaf7665d9cd3914e6625ea000e9414132bfefd45cf1d8eec34d"
+inherit autotools gettext texinfo
+EXTRA_OECONF = "--disable-perl-regexp"
+do_configure_prepend () {
+        rm -f ${S}/m4/init.m4
+}
+do_install () {
+        autotools_do_install
+        install -d ${D}${base_bindir}
+        mv ${D}${bindir}/grep ${D}${base_bindir}/grep
+        mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep
+        mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep
+        rmdir ${D}${bindir}/
+}
+inherit update-alternatives
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "grep egrep fgrep"
+ALTERNATIVE_LINK_NAME[grep] = "${base_bindir}/grep"
+ALTERNATIVE_LINK_NAME[egrep] = "${base_bindir}/egrep"
+ALTERNATIVE_LINK_NAME[fgrep] = "${base_bindir}/fgrep"
+export CONFIG_SHELL="/bin/sh"
diff --git a/meta/recipes-extended/grep/grep_2.5.1a.bb b/meta/recipes-extended/grep/grep_2.5.1a.bb
new file mode 100644
index 0000000000..1ce112e43d
--- /dev/null
+++ b/meta/recipes-extended/grep/grep_2.5.1a.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Pattern matching utilities"
+DESCRIPTION = "The GNU versions of commonly used grep utilities.  The grep command searches one or more input \
+files for lines containing a match to a specified pattern."
+SECTION = "console/utils"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
+PR = "r2"
+SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.bz2 \
+           file://uclibc-fix.patch \
+           file://grep_fix_for_automake-1.12.patch \
+           file://gettext.patch \
+           file://fix64-int-to-pointer.patch \
+           file://Makevars \
+           file://grep-CVE-2012-5667.patch \
+           file://fix-for-texinfo-5.1.patch \
+          "
+SRC_URI[md5sum] = "52202fe462770fa6be1bb667bd6cf30c"
+SRC_URI[sha256sum] = "38c8a2bb9223d1fb1b10bdd607cf44830afc92fd451ac4cd07619bf92bdd3132"
+inherit autotools gettext texinfo
+EXTRA_OECONF = "--disable-perl-regexp --disable-ncurses"
+CFLAGS += "-D PROTOTYPES"
+do_configure_prepend () {
+        rm -f ${S}/m4/init.m4
+        cp -f ${WORKDIR}/Makevars ${S}/po/
+}
+do_install () {
+        autotools_do_install
+        install -d ${D}${base_bindir}
+        mv ${D}${bindir}/grep ${D}${base_bindir}/grep
+        mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep
+        mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep
+        rmdir ${D}${bindir}/
+}
+inherit update-alternatives
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "grep egrep fgrep"
+ALTERNATIVE_LINK_NAME[grep] = "${base_bindir}/grep"
+ALTERNATIVE_LINK_NAME[egrep] = "${base_bindir}/egrep"
+ALTERNATIVE_LINK_NAME[fgrep] = "${base_bindir}/fgrep"
+export CONFIG_SHELL="/bin/sh"

diff --git a/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch new file mode 100644 index 0000000000..32846f50be --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
@@ -0,0 +1,129 @@
	1	From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
	2	From: Yuliy Pisetsky <ypisetsky@fb.com>
	3	Date: Thu, 01 Jan 2015 23:36:55 +0000
	4	Subject: grep -F: fix a heap buffer (read) overrun
	5
	6	grep's read buffer is often filled to its full size, except when
	7	reading the final buffer of a file. In that case, the number of
	8	bytes read may be far less than the size of the buffer. However, for
	9	certain unusual pattern/text combinations, grep -F would mistakenly
	10	examine bytes in that uninitialized region of memory when searching
	11	for a match. With carefully chosen inputs, one can cause grep -F to
	12	read beyond the end of that buffer altogether. This problem arose via
	13	commit v2.18-90-g73893ff with the introduction of a more efficient
	14	heuristic using what is now the memchr_kwset function. The use of
	15	that function in bmexec_trans could leave TP much larger than EP,
	16	and the subsequent call to bm_delta2_search would mistakenly access
	17	beyond end of the main input read buffer.
	18
	19	* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
	20	do not call bm_delta2_search.
	21	* tests/kwset-abuse: New file.
	22	* tests/Makefile.am (TESTS): Add it.
	23	* NEWS (Bug fixes): Mention it.
	24
	25	Prior to this patch, this command would trigger a UMR:
	26
	27	printf %0360db 0 \| valgrind src/grep -F $(printf %019dXb 0)
	28
	29	Use of uninitialised value of size 8
	30	at 0x4142BE: bmexec_trans (kwset.c:657)
	31	by 0x4143CA: bmexec (kwset.c:678)
	32	by 0x414973: kwsexec (kwset.c:848)
	33	by 0x414DC4: Fexecute (kwsearch.c:128)
	34	by 0x404E2E: grepbuf (grep.c:1238)
	35	by 0x4054BF: grep (grep.c:1417)
	36	by 0x405CEB: grepdesc (grep.c:1645)
	37	by 0x405EC1: grep_command_line_arg (grep.c:1692)
	38	by 0x4077D4: main (grep.c:2570)
	39
	40	See the accompanying test for how to trigger the heap buffer overrun.
	41
	42	Thanks to Nima Aghdaii for testing and finding numerous
	43	ways to break early iterations of this patch.
	44
	45	Fixes CVE-2015-1345.
	46	Upstream-Status: Backport
	47
	48	---
	49	diff --git a/NEWS b/NEWS
	50	index 975440d..3835d8d 100644
	51	--- a/NEWS
	52	+++ b/NEWS
	53	@@ -2,6 +2,11 @@ GNU grep NEWS -- outline --
	54
	55	* Noteworthy changes in release ?.? (????-??-??) [?]
	56
	57	+** Bug fixes
	58	+
	59	+ grep no longer reads from uninitialized memory or from beyond the end
	60	+ of the heap-allocated input buffer.
	61	+
	62
	63	* Noteworthy changes in release 2.21 (2014-11-23) [stable]
	64
	65	diff --git a/src/kwset.c b/src/kwset.c
	66	index 4003c8d..376f7c3 100644
	67	--- a/src/kwset.c
	68	+++ b/src/kwset.c
	69	@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
	70	if (! tp)
	71	return -1;
	72	tp++;
	73	+ if (ep <= tp)
	74	+ break;
	75	}
	76	}
	77	}
	78	diff --git a/tests/Makefile.am b/tests/Makefile.am
	79	index 2cba2cd..0508cd2 100644
	80	--- a/tests/Makefile.am
	81	+++ b/tests/Makefile.am
	82	@@ -75,6 +75,7 @@ TESTS = \
	83	inconsistent-range \
	84	invalid-multibyte-infloop \
	85	khadafy \
	86	+ kwset-abuse \
	87	long-line-vs-2GiB-read \
	88	match-lines \
	89	max-count-overread \
	90	diff --git a/tests/kwset-abuse b/tests/kwset-abuse
	91	new file mode 100755
	92	index 0000000..6d8ec0c
	93	--- a/dev/null
	94	+++ b/tests/kwset-abuse
	95	@@ -0,0 +1,32 @@
	96	+#! /bin/sh
	97	+# Evoke a segfault in a hard-to-reach code path of kwset.c.
	98	+# This bug affected grep versions 2.19 through 2.21.
	99	+#
	100	+# Copyright (C) 2015 Free Software Foundation, Inc.
	101	+#
	102	+# This program is free software: you can redistribute it and/or modify
	103	+# it under the terms of the GNU General Public License as published by
	104	+# the Free Software Foundation, either version 3 of the License, or
	105	+# (at your option) any later version.
	106	+
	107	+# This program is distributed in the hope that it will be useful,
	108	+# but WITHOUT ANY WARRANTY; without even the implied warranty of
	109	+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	110	+# GNU General Public License for more details.
	111	+
	112	+# You should have received a copy of the GNU General Public License
	113	+# along with this program. If not, see <http://www.gnu.org/licenses/>.
	114	+
	115	+. "${srcdir=.}/init.sh"; path_prepend_ ../src
	116	+
	117	+fail=0
	118	+
	119	+# This test case chooses a haystack of size 260,000, since prodding
	120	+# with gdb showed a reallocation slightly larger than that in fillbuf.
	121	+# To reach the buggy code, the needle must have length < 1/11 that of
	122	+# the haystack, and 10,000 is a nice round number that fits the bill.
	123	+printf '%0260000dXy\n' 0 \| grep -F $(printf %010000dy 0)
	124	+
	125	+test $? = 1 \|\| fail=1
	126	+
	127	+Exit $fail
	128	--
	129	cgit v0.9.0.2


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/Makevars b/meta/recipes-extended/grep/grep-2.5.1a/Makevars new file mode 100644 index 0000000000..8b09f53b0f --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/Makevars
@@ -0,0 +1,25 @@
	1	# Makefile variables for PO directory in any package using GNU gettext.
	2
	3	# Usually the message domain is the same as the package name.
	4	DOMAIN = $(PACKAGE)
	5
	6	# These two variables depend on the location of this directory.
	7	subdir = po
	8	top_builddir = ..
	9
	10	# These options get passed to xgettext.
	11	XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
	12
	13	# This is the copyright holder that gets inserted into the header of the
	14	# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
	15	# package. (Note that the msgstr strings, extracted from the package's
	16	# sources, belong to the copyright holder of the package.) Translators are
	17	# expected to transfer the copyright for their translations to this person
	18	# or entity, or to disclaim their copyright. The empty string stands for
	19	# the public domain; in this case the translators are expected to disclaim
	20	# their copyright.
	21	COPYRIGHT_HOLDER = Free Software Foundation, Inc.
	22
	23	# This is the list of locale categories, beyond LC_MESSAGES, for which the
	24	# message catalogs shall be used. It is usually empty.
	25	EXTRA_LOCALE_CATEGORIES =


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch b/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch new file mode 100644 index 0000000000..5a4149cfc0 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/fix-for-texinfo-5.1.patch
@@ -0,0 +1,17 @@
	1	Upstream-Status: Inappropriate [Poky Specific this is gplv2 version]
	2
	3	Signed-off-by Saul Wold <sgw@linux.intel.com>
	4
	5	Index: grep-2.5.1a/doc/grep.texi
	6	===================================================================
	7	--- grep-2.5.1a.orig/doc/grep.texi
	8	+++ grep-2.5.1a/doc/grep.texi
	9	@@ -288,7 +288,7 @@ This version number should be included i
	10	Print a usage message briefly summarizing these command-line options
	11	and the bug-reporting address, then exit.
	12
	13	-@itemx --binary-files=@var{type}
	14	+@item --binary-files=@var{type}
	15	@opindex --binary-files
	16	@cindex binary files
	17	If the first few bytes of a file indicate that the file contains binary


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch b/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch new file mode 100644 index 0000000000..3b91520fb2 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/fix64-int-to-pointer.patch
@@ -0,0 +1,17 @@
	1	Always use locale.h as HAVE_LOCALE_H is no longer handled by ./configure
	2	Upstream-Status: Inappropriate [ old version that will not be maintained ]
	3	Signed-off-by: Alex DAMIAN <alexandru.damian@intel.com>
	4
	5	diff --recursive --unified grep-2.5.1a-orig/lib/hard-locale.c grep-2.5.1a/lib/hard-locale.c
	6	--- grep-2.5.1a-orig/lib/hard-locale.c 2001-03-04 07:33:12.000000000 +0200
	7	+++ grep-2.5.1a/lib/hard-locale.c 2013-03-11 17:05:52.086444891 +0200
	8	@@ -38,9 +38,7 @@
	9	# endif
	10	#endif
	11
	12	-#if HAVE_LOCALE_H
	13	# include <locale.h>
	14	-#endif
	15
	16	#if HAVE_STRING_H
	17	# include <string.h>


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch b/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch new file mode 100644 index 0000000000..57463355a7 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/gettext.patch
@@ -0,0 +1,15 @@
	1	Enable operation with later versions of gettext.
	2
	3	Upstream-Status: Inappropriate
	4	RP 2012/10/19
	5
	6	Index: grep-2.5.1a/configure.in
	7	===================================================================
	8	--- grep-2.5.1a.orig/configure.in 2012-10-19 12:57:51.646970204 +0000
	9	+++ grep-2.5.1a/configure.in 2012-10-19 12:59:49.946968803 +0000
	10	@@ -140,4 +140,4 @@
	11	AC_CHECK_LIB(pcre, pcre_exec)
	12	fi
	13
	14	-AC_OUTPUT(Makefile lib/Makefile lib/posix/Makefile src/Makefile tests/Makefile po/Makefile.in intl/Makefile doc/Makefile m4/Makefile vms/Makefile bootstrap/Makefile, [sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile; echo timestamp > stamp-h])
	15	+AC_OUTPUT(Makefile lib/Makefile lib/posix/Makefile src/Makefile tests/Makefile po/Makefile.in intl/Makefile doc/Makefile m4/Makefile vms/Makefile bootstrap/Makefile, [echo timestamp > stamp-h])


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch new file mode 100644 index 0000000000..059d0687b3 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
@@ -0,0 +1,32 @@
	1	The patch to fix CVE-2012-5667
	2	Reference: https://bugzilla.redhat.com/attachment.cgi?id=686605&action=diff
	3
	4	Multiple integer overflows in GNU Grep before 2.11 might allow
	5	context-dependent attackers to execute arbitrary code via vectors
	6	involving a long input line that triggers a heap-based buffer overflow.
	7
	8	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
	9
	10	Upstream-Status: Inappropriate [other]
	11	This version of GNU Grep has been abandoned upstream and they are no longer
	12	accepting patches. This is not a backport.
	13
	14	Signed-off-by Ming Liu <ming.liu@windriver.com>
	15	---
	16	grep.c \| 7 +++----
	17	1 file changed, 3 insertions(+), 4 deletions(-)
	18
	19	--- a/src/grep.c 2013-05-15 13:39:33.359191769 +0800
	20	+++ a/src/grep.c 2013-05-15 13:50:22.609191882 +0800
	21	@@ -306,6 +306,11 @@ fillbuf (size_t save, struct stats const
	22	int cc = 1;
	23	char *readbuf;
	24	size_t readsize;
	25	+ const size_t max_save = INT_MAX / 2;
	26	+
	27	+ /* Limit the amount of saved data to INT_MAX to fix CVE-2012-5667 */
	28	+ if (save > max_save)
	29	+ error (2, 0, _("line too long"));
	30
	31	/* Offset from start of buffer to start of old stuff
	32	that we want to save. */


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch new file mode 100644 index 0000000000..3ccce5fc36 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/grep_fix_for_automake-1.12.patch
@@ -0,0 +1,52 @@
	1	Upstream-Status: Pending
	2
	3	automake 1.12 has depricated automatic de-ANSI-fication support
	4
	5	this patch avoids these kinds of errors:
	6
	7	\| configure.in:33: error: automatic de-ANSI-fication support has been removed
	8	\| /srv/home/nitin/builds/build-gcc47/tmp/sysroots/x86_64-linux/usr/share/aclocal-1.12/protos.m4:12: AM_C_PROTOTYPES is expanded from...
	9	\| configure.in:33: the top level
	10	\| autom4te: m4 failed with exit status: 1
	11	...
	12	\| lib/Makefile.am:2: error: automatic de-ANSI-fication support has been removed
	13	\| src/Makefile.am:2: error: automatic de-ANSI-fication support has been removed
	14	\| autoreconf: automake failed with exit status: 1
	15
	16	Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
	17	2012/05/04
	18
	19	Index: grep-2.5.1a/configure.in
	20	===================================================================
	21	--- grep-2.5.1a.orig/configure.in
	22	+++ grep-2.5.1a/configure.in
	23	@@ -30,7 +30,6 @@ AC_PROG_RANLIB
	24
	25	dnl Checks for typedefs, structures, and compiler characteristics.
	26	AC_SYS_LARGEFILE
	27	-AM_C_PROTOTYPES
	28	AC_TYPE_SIZE_T
	29	AC_CHECK_TYPE(ssize_t, int)
	30	AC_C_CONST
	31	Index: grep-2.5.1a/lib/Makefile.am
	32	===================================================================
	33	--- grep-2.5.1a.orig/lib/Makefile.am
	34	+++ grep-2.5.1a/lib/Makefile.am
	35	@@ -1,5 +1,5 @@
	36	#
	37	-AUTOMAKE_OPTIONS = ../src/ansi2knr
	38	+AUTOMAKE_OPTIONS =
	39
	40	SUBDIRS = posix
	41
	42	Index: grep-2.5.1a/src/Makefile.am
	43	===================================================================
	44	--- grep-2.5.1a.orig/src/Makefile.am
	45	+++ grep-2.5.1a/src/Makefile.am
	46	@@ -1,5 +1,5 @@
	47	## Process this file with automake to create Makefile.in
	48	-AUTOMAKE_OPTIONS = ansi2knr no-dependencies
	49	+AUTOMAKE_OPTIONS = no-dependencies
	50
	51	LN = ln
	52


diff --git a/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch b/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch new file mode 100644 index 0000000000..de054fc755 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.5.1a/uclibc-fix.patch
@@ -0,0 +1,55 @@
	1	Upstream-Status: Inappropriate [licensing]
	2
	3	# Fix to use mempcpy instead of __mempcpy. This is needed for uclibc which
	4	# doesn't define __mempcpy, only mempcpy. Since both uclibc and glibc have
	5	# mempcpy, we'll just use that instead.
	6	# Patch source: OpenEmbedded
	7
	8	Index: grep-2.5.1/intl/localealias.c
	9	===================================================================
	10	--- grep-2.5.1.orig/intl/localealias.c 2002-03-14 00:39:06.000000000 +1100
	11	+++ grep-2.5.1/intl/localealias.c 2007-05-17 13:53:58.000000000 +1000
	12	@@ -65,7 +65,7 @@
	13	# define strcasecmp __strcasecmp
	14
	15	# ifndef mempcpy
	16	-# define mempcpy __mempcpy
	17	+# error "mempcpy not detected"
	18	# endif
	19	# define HAVE_MEMPCPY 1
	20	# define HAVE___FSETLOCKING 1
	21	Index: grep-2.5.1/lib/getopt.c
	22	===================================================================
	23	--- grep-2.5.1.orig/lib/getopt.c 2001-03-04 16:33:12.000000000 +1100
	24	+++ grep-2.5.1/lib/getopt.c 2007-05-17 13:51:44.000000000 +1000
	25	@@ -326,7 +326,7 @@
	26	nonoption_flags_len = nonoption_flags_max_len = 0;
	27	else
	28	{
	29	- memset (__mempcpy (new_str, __getopt_nonoption_flags,
	30	+ memset (mempcpy (new_str, __getopt_nonoption_flags,
	31	nonoption_flags_max_len),
	32	'\0', top + 1 - nonoption_flags_max_len);
	33	nonoption_flags_max_len = top + 1;
	34	@@ -437,7 +437,7 @@
	35	if (__getopt_nonoption_flags == NULL)
	36	nonoption_flags_max_len = -1;
	37	else
	38	- memset (__mempcpy (__getopt_nonoption_flags, orig_str, len),
	39	+ memset (mempcpy (__getopt_nonoption_flags, orig_str, len),
	40	'\0', nonoption_flags_max_len - len);
	41	}
	42	}
	43	Index: grep-2.5.1/lib/regex.c
	44	===================================================================
	45	--- grep-2.5.1.orig/lib/regex.c 2001-04-03 04:04:45.000000000 +1000
	46	+++ grep-2.5.1/lib/regex.c 2007-05-17 13:51:48.000000000 +1000
	47	@@ -7842,7 +7842,7 @@
	48	if (msg_size > errbuf_size)
	49	{
	50	#if defined HAVE_MEMPCPY \|\| defined _LIBC
	51	- ((char ) __mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
	52	+ ((char ) mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
	53	#else
	54	memcpy (errbuf, msg, errbuf_size - 1);
	55	errbuf[errbuf_size - 1] = 0;


diff --git a/meta/recipes-extended/grep/grep_2.19.bb b/meta/recipes-extended/grep/grep_2.19.bb new file mode 100644 index 0000000000..d60ce5e389 --- /dev/null +++ b/meta/recipes-extended/grep/grep_2.19.bb
@@ -0,0 +1,41 @@
	1	SUMMARY = "GNU grep utility"
	2	HOMEPAGE = "http://savannah.gnu.org/projects/grep/"
	3	BUGTRACKER = "http://savannah.gnu.org/bugs/?group=grep"
	4	SECTION = "console/utils"
	5	LICENSE = "GPLv3"
	6	LIC_FILES_CHKSUM = "file://COPYING;md5=8006d9c814277c1bfc4ca22af94b59ee"
	7
	8	SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.xz \
	9	file://grep2.19-CVE-2015-1345.patch \
	10	"
	11
	12	SRC_URI[md5sum] = "ac732142227d9fe9567d71301e127979"
	13	SRC_URI[sha256sum] = "6388295be48cfcaf7665d9cd3914e6625ea000e9414132bfefd45cf1d8eec34d"
	14
	15	inherit autotools gettext texinfo
	16
	17	EXTRA_OECONF = "--disable-perl-regexp"
	18
	19	do_configure_prepend () {
	20	rm -f ${S}/m4/init.m4
	21	}
	22
	23	do_install () {
	24	autotools_do_install
	25	install -d ${D}${base_bindir}
	26	mv ${D}${bindir}/grep ${D}${base_bindir}/grep
	27	mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep
	28	mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep
	29	rmdir ${D}${bindir}/
	30	}
	31
	32	inherit update-alternatives
	33
	34	ALTERNATIVE_PRIORITY = "100"
	35
	36	ALTERNATIVE_${PN} = "grep egrep fgrep"
	37	ALTERNATIVE_LINK_NAME[grep] = "${base_bindir}/grep"
	38	ALTERNATIVE_LINK_NAME[egrep] = "${base_bindir}/egrep"
	39	ALTERNATIVE_LINK_NAME[fgrep] = "${base_bindir}/fgrep"
	40
	41	export CONFIG_SHELL="/bin/sh"


diff --git a/meta/recipes-extended/grep/grep_2.5.1a.bb b/meta/recipes-extended/grep/grep_2.5.1a.bb new file mode 100644 index 0000000000..1ce112e43d --- /dev/null +++ b/meta/recipes-extended/grep/grep_2.5.1a.bb
@@ -0,0 +1,51 @@
	1	SUMMARY = "Pattern matching utilities"
	2	DESCRIPTION = "The GNU versions of commonly used grep utilities. The grep command searches one or more input \
	3	files for lines containing a match to a specified pattern."
	4	SECTION = "console/utils"
	5	LICENSE = "GPLv2"
	6	LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
	7
	8	PR = "r2"
	9
	10	SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.bz2 \
	11	file://uclibc-fix.patch \
	12	file://grep_fix_for_automake-1.12.patch \
	13	file://gettext.patch \
	14	file://fix64-int-to-pointer.patch \
	15	file://Makevars \
	16	file://grep-CVE-2012-5667.patch \
	17	file://fix-for-texinfo-5.1.patch \
	18	"
	19
	20	SRC_URI[md5sum] = "52202fe462770fa6be1bb667bd6cf30c"
	21	SRC_URI[sha256sum] = "38c8a2bb9223d1fb1b10bdd607cf44830afc92fd451ac4cd07619bf92bdd3132"
	22
	23	inherit autotools gettext texinfo
	24
	25	EXTRA_OECONF = "--disable-perl-regexp --disable-ncurses"
	26
	27	CFLAGS += "-D PROTOTYPES"
	28	do_configure_prepend () {
	29	rm -f ${S}/m4/init.m4
	30	cp -f ${WORKDIR}/Makevars ${S}/po/
	31	}
	32
	33	do_install () {
	34	autotools_do_install
	35	install -d ${D}${base_bindir}
	36	mv ${D}${bindir}/grep ${D}${base_bindir}/grep
	37	mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep
	38	mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep
	39	rmdir ${D}${bindir}/
	40	}
	41
	42	inherit update-alternatives
	43
	44	ALTERNATIVE_PRIORITY = "100"
	45
	46	ALTERNATIVE_${PN} = "grep egrep fgrep"
	47	ALTERNATIVE_LINK_NAME[grep] = "${base_bindir}/grep"
	48	ALTERNATIVE_LINK_NAME[egrep] = "${base_bindir}/egrep"
	49	ALTERNATIVE_LINK_NAME[fgrep] = "${base_bindir}/fgrep"
	50
	51	export CONFIG_SHELL="/bin/sh"