diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-devtools/file/file | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-devtools/file/file')
4 files changed, 0 insertions, 204 deletions
diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch deleted file mode 100644 index 5c3d6f73..00000000 --- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 94b7501f48e134e77716e7ebefc73d6bbe72ba55 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Mon, 18 Feb 2019 17:30:41 +0000 -Subject: [PATCH] PR/62: spinpx: Avoid non-nul-terminated string read. - -Upstream-Status: Backport -CVE: CVE-2019-8904 -Affects < 5.36 -[Fixup for thud context] -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/readelf.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -Index: git/src/readelf.c -=================================================================== ---- git.orig/src/readelf.c -+++ git/src/readelf.c -@@ -558,8 +558,8 @@ do_bid_note(struct magic_set *ms, unsign - } - if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 && - type == NT_GO_BUILD_ID && descsz < 128) { -- if (file_printf(ms, ", Go BuildID=%s", -- (char *)&nbuf[doff]) == -1) -+ if (file_printf(ms, ", Go BuildID=%.*s", -+ CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1) - return 1; - return 1; - } diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch deleted file mode 100644 index a55b94c6..00000000 --- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch +++ /dev/null @@ -1,120 +0,0 @@ -From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Mon, 18 Feb 2019 17:46:56 +0000 -Subject: [PATCH] PR/62: spinpx: limit size of file_printable. - -Upstream-Status: Backport -CVE: CVE-2019-8905 -CVE: CVE-2019-8907 -affects < 5.36 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/file.h | 4 ++-- - src/funcs.c | 9 +++++---- - src/readelf.c | 7 ++++--- - src/softmagic.c | 14 ++++++++------ - 4 files changed, 19 insertions(+), 15 deletions(-) - -Index: git/src/file.h -=================================================================== ---- git.orig/src/file.h -+++ git/src/file.h -@@ -501,7 +501,7 @@ protected int file_looks_utf8(const unsi - size_t *); - protected size_t file_pstring_length_size(const struct magic *); - protected size_t file_pstring_get_length(const struct magic *, const char *); --protected char * file_printable(char *, size_t, const char *); -+protected char * file_printable(char *, size_t, const char *, size_t); - #ifdef __EMX__ - protected int file_os2_apptype(struct magic_set *, const char *, const void *, - size_t); -Index: git/src/funcs.c -=================================================================== ---- git.orig/src/funcs.c -+++ git/src/funcs.c -@@ -595,12 +595,13 @@ file_pop_buffer(struct magic_set *ms, fi - * convert string to ascii printable format. - */ - protected char * --file_printable(char *buf, size_t bufsiz, const char *str) -+file_printable(char *buf, size_t bufsiz, const char *str, size_t slen) - { -- char *ptr, *eptr; -+ char *ptr, *eptr = buf + bufsiz - 1; - const unsigned char *s = (const unsigned char *)str; -+ const unsigned char *es = s + slen; - -- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) { -+ for (ptr = buf; ptr < eptr && s < es && *s; s++) { - if (isprint(*s)) { - *ptr++ = *s; - continue; -Index: git/src/readelf.c -=================================================================== ---- git.orig/src/readelf.c -+++ git/src/readelf.c -@@ -750,7 +750,7 @@ do_core_note(struct magic_set *ms, unsig - if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " - "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", - file_printable(sbuf, sizeof(sbuf), -- CAST(char *, pi.cpi_name)), -+ CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)), - elf_getu32(swap, (uint32_t)pi.cpi_pid), - elf_getu32(swap, pi.cpi_euid), - elf_getu32(swap, pi.cpi_egid), -@@ -1655,7 +1655,8 @@ dophn_exec(struct magic_set *ms, int cla - return -1; - if (interp[0]) - if (file_printf(ms, ", interpreter %s", -- file_printable(ibuf, sizeof(ibuf), interp)) == -1) -+ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp))) -+ == -1) - return -1; - return 0; - } -Index: git/src/softmagic.c -=================================================================== ---- git.orig/src/softmagic.c -+++ git/src/softmagic.c -@@ -616,8 +616,8 @@ mprint(struct magic_set *ms, struct magi - case FILE_LESTRING16: - if (m->reln == '=' || m->reln == '!') { - if (file_printf(ms, F(ms, desc, "%s"), -- file_printable(sbuf, sizeof(sbuf), m->value.s)) -- == -1) -+ file_printable(sbuf, sizeof(sbuf), m->value.s, -+ sizeof(m->value.s))) == -1) - return -1; - t = ms->offset + m->vallen; - } -@@ -644,7 +644,8 @@ mprint(struct magic_set *ms, struct magi - } - - if (file_printf(ms, F(ms, desc, "%s"), -- file_printable(sbuf, sizeof(sbuf), str)) == -1) -+ file_printable(sbuf, sizeof(sbuf), str, -+ sizeof(p->s) - (str - p->s))) == -1) - return -1; - - if (m->type == FILE_PSTRING) -@@ -750,7 +751,7 @@ mprint(struct magic_set *ms, struct magi - return -1; - } - rval = file_printf(ms, F(ms, desc, "%s"), -- file_printable(sbuf, sizeof(sbuf), cp)); -+ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len)); - free(cp); - - if (rval == -1) -@@ -777,7 +778,8 @@ mprint(struct magic_set *ms, struct magi - break; - case FILE_DER: - if (file_printf(ms, F(ms, desc, "%s"), -- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1) -+ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s, -+ sizeof(ms->ms_value.s))) == -1) - return -1; - t = ms->offset; - break; diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch deleted file mode 100644 index 1079ac66..00000000 --- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Wed, 2 Jan 2019 19:44:14 +0000 -Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso) - -Upstream-Status: Backport -CVE: CVE-2019-8906 -Affects < 5.36 -[Fixup for thud context] -Signed-off-by: Armin Kuster <akuster@mvista.com> ---- - src/readelf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/src/readelf.c -=================================================================== ---- git.orig/src/readelf.c -+++ git/src/readelf.c -@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig - char sbuf[512]; - struct NetBSD_elfcore_procinfo pi; - memset(&pi, 0, sizeof(pi)); -- memcpy(&pi, nbuf + doff, descsz); -+ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi))); - - if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " - "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", diff --git a/external/poky/meta/recipes-devtools/file/file/debian-742262.patch b/external/poky/meta/recipes-devtools/file/file/debian-742262.patch deleted file mode 100644 index 319f9dbc..00000000 --- a/external/poky/meta/recipes-devtools/file/file/debian-742262.patch +++ /dev/null @@ -1,27 +0,0 @@ -The awk pattern was checked *before* the Perl pattern, so the -perl script with BEGIN{...} would be reported as awk, this patch fixes it. - -Upstream-Status: Backport [debian] - -Signed-off-by: Christoph Biedl <debian.axhn@manchmal.in-ulm.de> -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Rebase on 5.31 - -Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> ---- - magic/Magdir/commands | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/magic/Magdir/commands b/magic/Magdir/commands -index f6ad1c8..f79e7dd 100644 ---- a/magic/Magdir/commands -+++ b/magic/Magdir/commands -@@ -57,6 +57,7 @@ - 0 string/wt #!\ /usr/bin/awk awk script text executable - !:mime text/x-awk - 0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text -+!:strength - 12 - - # AT&T Bell Labs' Plan 9 shell - 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable |