From 193236933b0f4ab91b1625b64e2187e2db4e0e8f Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Fri, 5 Apr 2019 15:28:33 -0400 Subject: reset upstream subtrees to HEAD Reset the following subtrees on HEAD: poky: 8217b477a1(master) meta-xilinx: 64aa3d35ae(master) meta-openembedded: 0435c9e193(master) meta-raspberrypi: 490a4441ac(master) meta-security: cb6d1c85ee(master) Squashed patches: meta-phosphor: drop systemd 239 patches meta-phosphor: mrw-api: use correct install path Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d Signed-off-by: Brad Bishop --- .../gnulib/gnulib/CVE-2018-17942.patch | 88 ---------------------- .../recipes-support/gnulib/gnulib_2017-08-20.18.bb | 40 ---------- .../recipes-support/gnulib/gnulib_2018-03-07.03.bb | 40 ++++++++++ 3 files changed, 40 insertions(+), 128 deletions(-) delete mode 100644 meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch delete mode 100644 meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb create mode 100644 meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb (limited to 'meta-openembedded/meta-oe/recipes-support/gnulib') diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch deleted file mode 100644 index 77e82b167..000000000 --- a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch +++ /dev/null @@ -1,88 +0,0 @@ -From e91600a7aae3bafbefbe13abf771e61badd16286 Mon Sep 17 00:00:00 2001 -From: Changqing Li -Date: Tue, 16 Oct 2018 14:26:11 +0800 -Subject: [PATCH] vasnprintf: Fix heap memory overrun bug. - -Reported by Ben Pfaff in -. - -* lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of -memory. -* tests/test-vasnprintf.c (test_function): Add another test. - -Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=gnulib.git; -a=commitdiff;h=278b4175c9d7dd47c1a3071554aac02add3b3c35] - -CVE: CVE-2018-17942 - -Signed-off-by: Changqing Li ---- - ChangeLog | 8 ++++++++ - lib/vasnprintf.c | 4 +++- - tests/test-vasnprintf.c | 19 ++++++++++++++++++- - 3 files changed, 29 insertions(+), 2 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 9864353..5ff76a3 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,11 @@ -+2018-09-23 Bruno Haible -+ vasnprintf: Fix heap memory overrun bug. -+ Reported by Ben Pfaff in -+ . -+ * lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of -+ memory. -+ * tests/test-vasnprintf.c (test_function): Add another test. -+ - 2017-08-21 Paul Eggert - - vc-list-files: port to Solaris 10 -diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c -index 2e4eb19..45de49f 100644 ---- a/lib/vasnprintf.c -+++ b/lib/vasnprintf.c -@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes) - size_t a_len = a.nlimbs; - /* 0.03345 is slightly larger than log(2)/(9*log(10)). */ - size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1); -- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes)); -+ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the -+ digits of a, followed by 1 byte for the terminating NUL. */ -+ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1)); - if (c_ptr != NULL) - { - char *d_ptr = c_ptr; -diff --git a/tests/test-vasnprintf.c b/tests/test-vasnprintf.c -index 2dd869f..ff68d5c 100644 ---- a/tests/test-vasnprintf.c -+++ b/tests/test-vasnprintf.c -@@ -53,7 +53,24 @@ test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...)) - ASSERT (result != NULL); - ASSERT (strcmp (result, "12345") == 0); - ASSERT (length == 5); -- if (size < 6) -+ if (size < 5 + 1) -+ ASSERT (result != buf); -+ ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); -+ if (result != buf) -+ free (result); -+ } -+ /* Note: This test assumes IEEE 754 representation of 'double' floats. */ -+ for (size = 0; size <= 8; size++) -+ { -+ size_t length; -+ char *result; -+ memcpy (buf, "DEADBEEF", 8); -+ length = size; -+ result = my_asnprintf (buf, &length, "%2.0f", 1.6314159265358979e+125); -+ ASSERT (result != NULL); -+ ASSERT (strcmp (result, "163141592653589790215729350939528493057529598899734151772468186268423257777068536614838678161083520756952076273094236944990208") == 0); -+ ASSERT (length == 126); -+ if (size < 126 + 1) - ASSERT (result != buf); - ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0); - if (result != buf) --- -2.7.4 - diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb deleted file mode 100644 index e04881055..000000000 --- a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2017-08-20.18.bb +++ /dev/null @@ -1,40 +0,0 @@ -SUMMARY = "The GNU portability library" -DESCRIPTION = "A collection of software subroutines which are designed to \ -be usable on many operating systems. The goal of the project \ -is to make it easy for free software authors to make their \ -software run on many operating systems. Since source is designed \ -to be copied from gnulib, it is not a library per-se, as much \ -as a collection of portable idioms to be used in other projects." - -HOMEPAGE = "http://www.gnu.org/software/gnulib/" -SECTION = "devel" -LICENSE = "LGPLv2+" - -LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" -SRCREV = "b23000de1e47c7d580e0e220966dd1ee42a5e5bc" - -SRC_URI = "git://git.sv.gnu.org/gnulib;protocol=git \ - file://CVE-2018-17942.patch \ -" - -S = "${WORKDIR}/git" - -do_install () { - cd ${S} - git checkout master - git clone ${S} ${D}/${datadir}/gnulib - cd ${D}/${datadir}/gnulib - git am ${WORKDIR}/CVE-2018-17942.patch -} - -do_patch[noexec] = "1" -do_configure[noexec] = "1" -do_compile[noexec] = "1" -do_package[noexec] = "1" -do_packagedata[noexec] = "1" -deltask package_write_ipk -deltask package_write_deb -deltask package_write_rpm -deltask do_deploy_archives - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb new file mode 100644 index 000000000..146747eee --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb @@ -0,0 +1,40 @@ +SUMMARY = "The GNU portability library" +DESCRIPTION = "A collection of software subroutines which are designed to \ +be usable on many operating systems. The goal of the project \ +is to make it easy for free software authors to make their \ +software run on many operating systems. Since source is designed \ +to be copied from gnulib, it is not a library per-se, as much \ +as a collection of portable idioms to be used in other projects." + +HOMEPAGE = "http://www.gnu.org/software/gnulib/" +SECTION = "devel" +LICENSE = "LGPLv2+" + +LIC_FILES_CHKSUM = "file://COPYING;md5=56a22a6e5bcce45e2c8ac184f81412b5" +SRCREV = "0d6e3307bbdb8df4d56043d5f373eeeffe4cbef3" + +SRC_URI = "git://git.sv.gnu.org/gnulib.git \ +" + +S = "${WORKDIR}/git" + +inherit utils + +do_install () { + cd ${S} + check_git_config + git checkout master + git clone ${S} ${D}/${datadir}/gnulib +} + +do_patch[noexec] = "1" +do_configure[noexec] = "1" +do_compile[noexec] = "1" +do_package[noexec] = "1" +do_packagedata[noexec] = "1" +deltask package_write_ipk +deltask package_write_deb +deltask package_write_rpm +deltask do_deploy_archives + +BBCLASSEXTEND = "native" -- cgit v1.2.1