summaryrefslogtreecommitdiffstats
path: root/import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
diff options
context:
space:
mode:
authorBrad Bishop <bradleyb@fuzziesquirrel.com>2018-02-01 10:27:11 -0500
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-03-12 22:51:39 -0400
commit6e60e8b2b2bab889379b380a28a167a0edd9d1d3 (patch)
treef12f54d5ba8e74e67e5fad3651a1e125bb8f4191 /import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
parent509842add85b53e13164c1569a1fd43d5b8d91c5 (diff)
downloadblackbird-openbmc-6e60e8b2b2bab889379b380a28a167a0edd9d1d3.tar.gz
blackbird-openbmc-6e60e8b2b2bab889379b380a28a167a0edd9d1d3.zip
Yocto 2.3
Move OpenBMC to Yocto 2.3(pyro). Tested: Built and verified Witherspoon and Palmetto images Change-Id: I50744030e771f4850afc2a93a10d3507e76d36bc Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com> Resolves: openbmc/openbmc#2461
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch')
-rw-r--r--import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch33
1 files changed, 0 insertions, 33 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
deleted file mode 100644
index a40a9f30b..000000000
--- a/import-layers/yocto-poky/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-The patch to fix CVE-2012-5667
-Reference: https://bugzilla.redhat.com/attachment.cgi?id=686605&action=diff
-
-Multiple integer overflows in GNU Grep before 2.11 might allow
-context-dependent attackers to execute arbitrary code via vectors
-involving a long input line that triggers a heap-based buffer overflow.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
-
-Upstream-Status: Inappropriate [other]
-This version of GNU Grep has been abandoned upstream and they are no longer
-accepting patches. This is not a backport.
-CVE: CVE-2012-5667
-
-Signed-off-by: Ming Liu <ming.liu@windriver.com>
----
- grep.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
---- a/src/grep.c 2013-05-15 13:39:33.359191769 +0800
-+++ a/src/grep.c 2013-05-15 13:50:22.609191882 +0800
-@@ -306,6 +306,11 @@ fillbuf (size_t save, struct stats const
- int cc = 1;
- char *readbuf;
- size_t readsize;
-+ const size_t max_save = INT_MAX / 2;
-+
-+ /* Limit the amount of saved data to INT_MAX to fix CVE-2012-5667 */
-+ if (save > max_save)
-+ error (2, 0, _("line too long"));
-
- /* Offset from start of buffer to start of old stuff
- that we want to save. */
OpenPOWER on IntegriCloud