diff options
| author | Theo Gaige <tgaige.opensource@witekio.com> | 2026-05-19 15:26:14 +0200 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-05-21 08:57:48 +0530 |
| commit | 7acc7441941f8af0bb78700f62e926da2bbc12c9 (patch) | |
| tree | 8114535c9ec820a4732357a3ad661143f2ded5c4 /meta-oe | |
| parent | a587f53a0eff978246f7aec466fb42588c339056 (diff) | |
| download | meta-openembedded-7acc7441941f8af0bb78700f62e926da2bbc12c9.tar.gz | |
dash: fix CVE-2026-31323
Backport upstream fix for CVE-2026-31323 [1].
[1] https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3
Signed-off-by: Theo Gaige <tgaige.opensource@witekio.com>
Reviewed-by: Bruno Vernay <bruno.vernay@se.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe')
| -rw-r--r-- | meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch | 43 | ||||
| -rw-r--r-- | meta-oe/recipes-shells/dash/dash_0.5.12.bb | 5 |
2 files changed, 47 insertions, 1 deletions
diff --git a/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch b/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch new file mode 100644 index 0000000000..a5e66dab65 --- /dev/null +++ b/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | From eeebf52119df7a74ee5187268ca3030d4c701f20 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Muchen Hou <996029583@qq.com> | ||
| 3 | Date: Mon, 13 Apr 2026 10:28:29 +0800 | ||
| 4 | Subject: [PATCH] arith: Fix CVE-2026-31323 INTMAX_MIN / -1 overflow | ||
| 5 | |||
| 6 | Division and remainder currently guard against division by zero, but not | ||
| 7 | against the signed overflow case INTMAX_MIN / -1. On affected systems | ||
| 8 | this can trigger SIGFPE during arithmetic expansion. | ||
| 9 | |||
| 10 | Add an explicit guard before evaluating division or remainder. | ||
| 11 | |||
| 12 | Signed-off-by: Muchen Hou <996029583@qq.com> | ||
| 13 | |||
| 14 | Merge the overflow check with the zero division check. | ||
| 15 | |||
| 16 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | ||
| 17 | (cherry picked from commit 0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3) | ||
| 18 | |||
| 19 | CVE: CVE-2026-31323 | ||
| 20 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3] | ||
| 21 | Signed-off-by: Theo Gaige <tgaige.opensource@witekio.com> | ||
| 22 | --- | ||
| 23 | src/arith_yacc.c | 4 ++-- | ||
| 24 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 25 | |||
| 26 | diff --git a/src/arith_yacc.c b/src/arith_yacc.c | ||
| 27 | index 1a087c3..b978ef0 100644 | ||
| 28 | --- a/src/arith_yacc.c | ||
| 29 | +++ b/src/arith_yacc.c | ||
| 30 | @@ -98,8 +98,8 @@ static intmax_t do_binop(int op, intmax_t a, intmax_t b) | ||
| 31 | default: | ||
| 32 | case ARITH_REM: | ||
| 33 | case ARITH_DIV: | ||
| 34 | - if (!b) | ||
| 35 | - yyerror("division by zero"); | ||
| 36 | + if (!b || (a == INTMAX_MIN && b == -1)) | ||
| 37 | + yyerror("division error"); | ||
| 38 | return op == ARITH_REM ? a % b : a / b; | ||
| 39 | case ARITH_MUL: | ||
| 40 | return a * b; | ||
| 41 | -- | ||
| 42 | 2.43.0 | ||
| 43 | |||
diff --git a/meta-oe/recipes-shells/dash/dash_0.5.12.bb b/meta-oe/recipes-shells/dash/dash_0.5.12.bb index 1bf3625760..1e8f62bb92 100644 --- a/meta-oe/recipes-shells/dash/dash_0.5.12.bb +++ b/meta-oe/recipes-shells/dash/dash_0.5.12.bb | |||
| @@ -7,7 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b5262b4a1a1bff72b48e935531976d2e" | |||
| 7 | 7 | ||
| 8 | inherit autotools update-alternatives | 8 | inherit autotools update-alternatives |
| 9 | 9 | ||
| 10 | SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz" | 10 | SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz \ |
| 11 | file://CVE-2026-31323.patch \ | ||
| 12 | " | ||
| 13 | |||
| 11 | SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a" | 14 | SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a" |
| 12 | 15 | ||
| 13 | CVE_PRODUCT = "dash:dash" | 16 | CVE_PRODUCT = "dash:dash" |
