From de512045185dd8ac9b2bb2cbb189809d49006189 Mon Sep 17 00:00:00 2001
From: "Maxin B. John" <maxin.john@enea.com>
Date: Wed, 7 Jan 2015 13:11:43 +0100
Subject: coreutils: Fix CVE-2014-9471

Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

$ touch '--date=TZ="123"345" @1'
*** Error in `touch': free(): invalid pointer: 0x00007fffd33e55e0 ***
Aborted

$ date '--date=TZ="123"345" @1'
date[394]: segfault at 7fff24000000 ip 00007f6dd5b73404 sp 00007fff27cce8f8
error 4 in libc-2.20.so[7f6dd5af7000+199000]
Segmentation fault

(From OE-Core rev: 54debe63cbd38dba56895541c434f895e158f70b)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/coreutils/coreutils_8.22.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/coreutils/coreutils_8.22.bb')

diff --git a/meta/recipes-core/coreutils/coreutils_8.22.bb b/meta/recipes-core/coreutils/coreutils_8.22.bb
index f85bacabd3..4a1aee6260 100644
--- a/meta/recipes-core/coreutils/coreutils_8.22.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.22.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            file://dummy_help2man.patch \
            file://fix-for-dummy-man-usage.patch \
            file://fix-selinux-flask.patch \
+           file://date-tz-crash.patch \
           "
 
 SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2"
-- 
cgit v1.2.3-54-g00ecf