From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../qemu/qemu/CVE-2018-16867.patch | 49 ---------------------- 1 file changed, 49 deletions(-) delete mode 100644 external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch (limited to 'external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch') diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch deleted file mode 100644 index 644459e5..00000000 --- a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-16867.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 61f87388af0af72ad61dee00ddd267b8047049f2 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Mon, 3 Dec 2018 11:10:45 +0100 -Subject: [PATCH] usb-mtp: outlaw slashes in filenames -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Slash is unix directory separator, so they are not allowed in filenames. -Note this also stops the classic escape via "../". - -Fixes: CVE-2018-16867 -Reported-by: Michael Hanselmann -Signed-off-by: Gerd Hoffmann -Reviewed-by: Philippe Mathieu-Daudé -Message-id: 20181203101045.27976-3-kraxel@redhat.com -(cherry picked from commit c52d46e041b42bb1ee6f692e00a0abe37a9659f6) -Signed-off-by: Michael Roth - -Upstream-Status: Backport -CVE: CVE-2018-16867 -Affects: < 3.1.0 - -Signed-off-by: Armin Kuster - ---- - hw/usb/dev-mtp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c -index 1ded7ac..899c8a3 100644 ---- a/hw/usb/dev-mtp.c -+++ b/hw/usb/dev-mtp.c -@@ -1667,6 +1667,12 @@ static void usb_mtp_write_metadata(MTPState *s) - - utf16_to_str(dataset->length, dataset->filename, filename); - -+ if (strchr(filename, '/')) { -+ usb_mtp_queue_result(s, RES_PARAMETER_NOT_SUPPORTED, d->trans, -+ 0, 0, 0, 0); -+ return; -+ } -+ - o = usb_mtp_object_lookup_name(p, filename, dataset->length); - if (o != NULL) { - next_handle = o->handle; --- -2.7.4 - -- cgit 1.2.3-korg