summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorTheo Gaige <tgaige.opensource@witekio.com>2026-05-19 15:26:14 +0200
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-05-21 08:57:48 +0530
commit7acc7441941f8af0bb78700f62e926da2bbc12c9 (patch)
tree8114535c9ec820a4732357a3ad661143f2ded5c4 /meta-oe
parenta587f53a0eff978246f7aec466fb42588c339056 (diff)
downloadmeta-openembedded-7acc7441941f8af0bb78700f62e926da2bbc12c9.tar.gz
dash: fix CVE-2026-31323
Backport upstream fix for CVE-2026-31323 [1]. [1] https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3 Signed-off-by: Theo Gaige <tgaige.opensource@witekio.com> Reviewed-by: Bruno Vernay <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch43
-rw-r--r--meta-oe/recipes-shells/dash/dash_0.5.12.bb5
2 files changed, 47 insertions, 1 deletions
diff --git a/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch b/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch
new file mode 100644
index 0000000000..a5e66dab65
--- /dev/null
+++ b/meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch
@@ -0,0 +1,43 @@
1From eeebf52119df7a74ee5187268ca3030d4c701f20 Mon Sep 17 00:00:00 2001
2From: Muchen Hou <996029583@qq.com>
3Date: Mon, 13 Apr 2026 10:28:29 +0800
4Subject: [PATCH] arith: Fix CVE-2026-31323 INTMAX_MIN / -1 overflow
5
6Division and remainder currently guard against division by zero, but not
7against the signed overflow case INTMAX_MIN / -1. On affected systems
8this can trigger SIGFPE during arithmetic expansion.
9
10Add an explicit guard before evaluating division or remainder.
11
12Signed-off-by: Muchen Hou <996029583@qq.com>
13
14Merge the overflow check with the zero division check.
15
16Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
17(cherry picked from commit 0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3)
18
19CVE: CVE-2026-31323
20Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3]
21Signed-off-by: Theo Gaige <tgaige.opensource@witekio.com>
22---
23 src/arith_yacc.c | 4 ++--
24 1 file changed, 2 insertions(+), 2 deletions(-)
25
26diff --git a/src/arith_yacc.c b/src/arith_yacc.c
27index 1a087c3..b978ef0 100644
28--- a/src/arith_yacc.c
29+++ b/src/arith_yacc.c
30@@ -98,8 +98,8 @@ static intmax_t do_binop(int op, intmax_t a, intmax_t b)
31 default:
32 case ARITH_REM:
33 case ARITH_DIV:
34- if (!b)
35- yyerror("division by zero");
36+ if (!b || (a == INTMAX_MIN && b == -1))
37+ yyerror("division error");
38 return op == ARITH_REM ? a % b : a / b;
39 case ARITH_MUL:
40 return a * b;
41--
422.43.0
43
diff --git a/meta-oe/recipes-shells/dash/dash_0.5.12.bb b/meta-oe/recipes-shells/dash/dash_0.5.12.bb
index 1bf3625760..1e8f62bb92 100644
--- a/meta-oe/recipes-shells/dash/dash_0.5.12.bb
+++ b/meta-oe/recipes-shells/dash/dash_0.5.12.bb
@@ -7,7 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b5262b4a1a1bff72b48e935531976d2e"
7 7
8inherit autotools update-alternatives 8inherit autotools update-alternatives
9 9
10SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz" 10SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz \
11 file://CVE-2026-31323.patch \
12"
13
11SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a" 14SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a"
12 15
13CVE_PRODUCT = "dash:dash" 16CVE_PRODUCT = "dash:dash"