diff options
| author | Adrian Freihofer <adrian.freihofer@gmail.com> | 2023-08-16 12:58:20 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-08-19 05:56:58 -1000 |
| commit | 3d4850b3eac151a17bb174f18f8dda4707dc104f (patch) | |
| tree | 060ba97a183ac830c4778183b8b9e829ccb4fe17 /meta/recipes-devtools/dmidecode/dmidecode_3.3.bb | |
| parent | 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd (diff) | |
| download | poky-3d4850b3eac151a17bb174f18f8dda4707dc104f.tar.gz | |
dmidecode: fixup for CVE-2023-30630
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:
+ u32 len;
+ u8 *table;
...
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", crafted[0x05],
- opt.dumpfile);
- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x05], table, len);
It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.
(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/dmidecode/dmidecode_3.3.bb')
| -rw-r--r-- | meta/recipes-devtools/dmidecode/dmidecode_3.3.bb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb index b99c2ea99d..c0f6b45313 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb +++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb | |||
| @@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" | |||
| 6 | 6 | ||
| 7 | SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \ | 7 | SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \ |
| 8 | file://0001-Committing-changes-from-do_unpack_extra.patch \ | 8 | file://0001-Committing-changes-from-do_unpack_extra.patch \ |
| 9 | file://CVE-2023-30630_1.patch \ | 9 | file://CVE-2023-30630_1a.patch \ |
| 10 | file://CVE-2023-30630_1b.patch \ | ||
| 10 | file://CVE-2023-30630_2.patch \ | 11 | file://CVE-2023-30630_2.patch \ |
| 11 | file://CVE-2023-30630_3.patch \ | 12 | file://CVE-2023-30630_3.patch \ |
| 12 | file://CVE-2023-30630_4.patch \ | 13 | file://CVE-2023-30630_4.patch \ |
