From 6f8dcde58e2226d5a46f41ab53225134d0e60b4e Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Tue, 16 Oct 2018 10:47:12 +0800 Subject: poky: sumo refresh d240b885f2..eebbc00b25 Update poky to sumo HEAD. Anuj Mittal (1): perl: skip tests that are not useful Armin Kuster (4): tzcode-native: updatet to 2018e tzdata: update to 2018e tzcode: update to 2018f tzdata: update to 2018f Bruce Ashfield (10): kernel-yocto/cfg: configuration warning fixes linux-yocto/4.14/4.18: address kernel configuration warnings linux-yocto: configuration warning fixes linux-yocto: tweak RTC configuration linux-yocto/4.14: fix kernel configuration audit warnings linux-yocto/4.14: update to v4.14.71 linux-yocto: enable pci and CRYPTO_DEV_VIRTIO linux-yocto/4.14: fix beaglebone configuration warnings linux-yocto-rt: fixup 4.14 merge issues linux-yocto/4.14: update to v4.14.76 Changqing Li (1): apt: update SRC_URI Chen Qi (2): python: backport patch to fix CVE-2018-1000802 python: backport patch to fix CVE-2018-14647 Dan McGregor (2): os-release: move to nonarch_libdir base-files: change permissions on /sys and /proc Derek Straka (1): python: update to version 2.7.15 Grygorii Tertychnyi (2): cve-check: Allow multiple entries in CVE_PRODUCT curl: extend CVE_PRODUCT Hongxu Jia (2): valgrind: fix compile ptest failure on mips32 nasm: fix CVE-2018-1000667 Hongzhi.Song (1): linux-yocto-rt: Add paravirt_kvm support for qemux86-64 Jagadeesh Krishnanjanappa (1): valgrind: fix ptest compilation for PowerPC64 Peter Kjellerstedt (1): curl: Include the complete license information Richard Purdie (2): yocto-uninative: Upgrade to verson 2.3 which includes glibc 2.28 oeqa/selftest/runtime_test: Ensure we build/use gnupg-native Ross Burton (2): python: clean up ptest python: don't use runtime checks to identify float endianism Zhixiong Chi (1): curl: CVE-2018-14618 Change-Id: I4b7aa481ed2a57c3551c4a45d30350f2376444cc Signed-off-by: Brad Bishop --- .../recipes-support/curl/curl/CVE-2018-14618.patch | 37 ++++++++++++++++++++++ poky/meta/recipes-support/curl/curl_7.61.0.bb | 5 +-- 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch (limited to 'poky/meta/recipes-support') diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch new file mode 100644 index 000000000..db07b436d --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch @@ -0,0 +1,37 @@ +From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 13 Aug 2018 10:35:52 +0200 +Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password + +... since it would cause an integer overflow if longer than (max size_t +/ 2). + +This is CVE-2018-14618 + +Bug: https://curl.haxx.se/docs/CVE-2018-14618.html +Closes #2756 +Reported-by: Zhaoyang Wu + +CVE: CVE-2018-14618 +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi +--- + lib/curl_ntlm_core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c +index e27cab353c..922e85a926 100644 +--- a/lib/curl_ntlm_core.c ++++ b/lib/curl_ntlm_core.c +@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, + unsigned char *ntbuffer /* 21 bytes */) + { + size_t len = strlen(password); +- unsigned char *pw = len ? malloc(len * 2) : strdup(""); ++ unsigned char *pw; + CURLcode result; ++ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ ++ return CURLE_OUT_OF_MEMORY; ++ pw = len ? malloc(len * 2) : strdup(""); + if(!pw) + return CURLE_OUT_OF_MEMORY; diff --git a/poky/meta/recipes-support/curl/curl_7.61.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb index d118c3ff9..31d5d9bda 100644 --- a/poky/meta/recipes-support/curl/curl_7.61.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb @@ -3,16 +3,17 @@ HOMEPAGE = "http://curl.haxx.se/" BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" SECTION = "console/network" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" +LIC_FILES_CHKSUM = "file://COPYING;md5=ef889a37a5a874490ac7ce116396f29a" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://CVE-2018-14618.patch \ " SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c" -CVE_PRODUCT = "libcurl" +CVE_PRODUCT = "curl libcurl" inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy threaded-resolver zlib" -- cgit v1.2.1