summaryrefslogtreecommitdiffstats
path: root/external/poky/meta/recipes-devtools/file/file
diff options
context:
space:
mode:
Diffstat (limited to 'external/poky/meta/recipes-devtools/file/file')
-rw-r--r--external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch30
-rw-r--r--external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch120
-rw-r--r--external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch27
-rw-r--r--external/poky/meta/recipes-devtools/file/file/debian-742262.patch27
4 files changed, 0 insertions, 204 deletions
diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch
deleted file mode 100644
index 5c3d6f73..00000000
--- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8904.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 94b7501f48e134e77716e7ebefc73d6bbe72ba55 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 18 Feb 2019 17:30:41 +0000
-Subject: [PATCH] PR/62: spinpx: Avoid non-nul-terminated string read.
-
-Upstream-Status: Backport
-CVE: CVE-2019-8904
-Affects < 5.36
-[Fixup for thud context]
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- src/readelf.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-Index: git/src/readelf.c
-===================================================================
---- git.orig/src/readelf.c
-+++ git/src/readelf.c
-@@ -558,8 +558,8 @@ do_bid_note(struct magic_set *ms, unsign
- }
- if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 &&
- type == NT_GO_BUILD_ID && descsz < 128) {
-- if (file_printf(ms, ", Go BuildID=%s",
-- (char *)&nbuf[doff]) == -1)
-+ if (file_printf(ms, ", Go BuildID=%.*s",
-+ CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1)
- return 1;
- return 1;
- }
diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
deleted file mode 100644
index a55b94c6..00000000
--- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8905_CVE-2019-8907.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 18 Feb 2019 17:46:56 +0000
-Subject: [PATCH] PR/62: spinpx: limit size of file_printable.
-
-Upstream-Status: Backport
-CVE: CVE-2019-8905
-CVE: CVE-2019-8907
-affects < 5.36
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- src/file.h | 4 ++--
- src/funcs.c | 9 +++++----
- src/readelf.c | 7 ++++---
- src/softmagic.c | 14 ++++++++------
- 4 files changed, 19 insertions(+), 15 deletions(-)
-
-Index: git/src/file.h
-===================================================================
---- git.orig/src/file.h
-+++ git/src/file.h
-@@ -501,7 +501,7 @@ protected int file_looks_utf8(const unsi
- size_t *);
- protected size_t file_pstring_length_size(const struct magic *);
- protected size_t file_pstring_get_length(const struct magic *, const char *);
--protected char * file_printable(char *, size_t, const char *);
-+protected char * file_printable(char *, size_t, const char *, size_t);
- #ifdef __EMX__
- protected int file_os2_apptype(struct magic_set *, const char *, const void *,
- size_t);
-Index: git/src/funcs.c
-===================================================================
---- git.orig/src/funcs.c
-+++ git/src/funcs.c
-@@ -595,12 +595,13 @@ file_pop_buffer(struct magic_set *ms, fi
- * convert string to ascii printable format.
- */
- protected char *
--file_printable(char *buf, size_t bufsiz, const char *str)
-+file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
- {
-- char *ptr, *eptr;
-+ char *ptr, *eptr = buf + bufsiz - 1;
- const unsigned char *s = (const unsigned char *)str;
-+ const unsigned char *es = s + slen;
-
-- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
-+ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
- if (isprint(*s)) {
- *ptr++ = *s;
- continue;
-Index: git/src/readelf.c
-===================================================================
---- git.orig/src/readelf.c
-+++ git/src/readelf.c
-@@ -750,7 +750,7 @@ do_core_note(struct magic_set *ms, unsig
- if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
- "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
- file_printable(sbuf, sizeof(sbuf),
-- CAST(char *, pi.cpi_name)),
-+ CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
- elf_getu32(swap, (uint32_t)pi.cpi_pid),
- elf_getu32(swap, pi.cpi_euid),
- elf_getu32(swap, pi.cpi_egid),
-@@ -1655,7 +1655,8 @@ dophn_exec(struct magic_set *ms, int cla
- return -1;
- if (interp[0])
- if (file_printf(ms, ", interpreter %s",
-- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
-+ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
-+ == -1)
- return -1;
- return 0;
- }
-Index: git/src/softmagic.c
-===================================================================
---- git.orig/src/softmagic.c
-+++ git/src/softmagic.c
-@@ -616,8 +616,8 @@ mprint(struct magic_set *ms, struct magi
- case FILE_LESTRING16:
- if (m->reln == '=' || m->reln == '!') {
- if (file_printf(ms, F(ms, desc, "%s"),
-- file_printable(sbuf, sizeof(sbuf), m->value.s))
-- == -1)
-+ file_printable(sbuf, sizeof(sbuf), m->value.s,
-+ sizeof(m->value.s))) == -1)
- return -1;
- t = ms->offset + m->vallen;
- }
-@@ -644,7 +644,8 @@ mprint(struct magic_set *ms, struct magi
- }
-
- if (file_printf(ms, F(ms, desc, "%s"),
-- file_printable(sbuf, sizeof(sbuf), str)) == -1)
-+ file_printable(sbuf, sizeof(sbuf), str,
-+ sizeof(p->s) - (str - p->s))) == -1)
- return -1;
-
- if (m->type == FILE_PSTRING)
-@@ -750,7 +751,7 @@ mprint(struct magic_set *ms, struct magi
- return -1;
- }
- rval = file_printf(ms, F(ms, desc, "%s"),
-- file_printable(sbuf, sizeof(sbuf), cp));
-+ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
- free(cp);
-
- if (rval == -1)
-@@ -777,7 +778,8 @@ mprint(struct magic_set *ms, struct magi
- break;
- case FILE_DER:
- if (file_printf(ms, F(ms, desc, "%s"),
-- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
-+ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
-+ sizeof(ms->ms_value.s))) == -1)
- return -1;
- t = ms->offset;
- break;
diff --git a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch
deleted file mode 100644
index 1079ac66..00000000
--- a/external/poky/meta/recipes-devtools/file/file/CVE-2019-8906.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Wed, 2 Jan 2019 19:44:14 +0000
-Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
-
-Upstream-Status: Backport
-CVE: CVE-2019-8906
-Affects < 5.36
-[Fixup for thud context]
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- src/readelf.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-Index: git/src/readelf.c
-===================================================================
---- git.orig/src/readelf.c
-+++ git/src/readelf.c
-@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig
- char sbuf[512];
- struct NetBSD_elfcore_procinfo pi;
- memset(&pi, 0, sizeof(pi));
-- memcpy(&pi, nbuf + doff, descsz);
-+ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
-
- if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
- "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
diff --git a/external/poky/meta/recipes-devtools/file/file/debian-742262.patch b/external/poky/meta/recipes-devtools/file/file/debian-742262.patch
deleted file mode 100644
index 319f9dbc..00000000
--- a/external/poky/meta/recipes-devtools/file/file/debian-742262.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-The awk pattern was checked *before* the Perl pattern, so the
-perl script with BEGIN{...} would be reported as awk, this patch fixes it.
-
-Upstream-Status: Backport [debian]
-
-Signed-off-by: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-
-Rebase on 5.31
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
----
- magic/Magdir/commands | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/magic/Magdir/commands b/magic/Magdir/commands
-index f6ad1c8..f79e7dd 100644
---- a/magic/Magdir/commands
-+++ b/magic/Magdir/commands
-@@ -57,6 +57,7 @@
- 0 string/wt #!\ /usr/bin/awk awk script text executable
- !:mime text/x-awk
- 0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text
-+!:strength - 12
-
- # AT&T Bell Labs' Plan 9 shell
- 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable