Hi! As discussed earlier in:
* https://lists.yoctoproject.org/g/meta-intel/topic/98338236 This patch can be pulled from: * URL: https://gitlab.com/ugeuder-patches/meta-intel.git * branch: patches/dunfell/zlib-intel/correct-fix-CVE-2022-37434 Regards, Uwe -- >8 -- >From 38369c4c9f75320359861a266941e8d09bf7e0cc Mon Sep 17 00:00:00 2001 From: Uwe Geuder <[email protected]> Date: Sun, 23 Apr 2023 22:43:09 +0300 Subject: [PATCH] zlib: Clarify fix of CVE-2022-37434 The previous fix added a patch that * was incomplete * was not even used in probably most builds because the zlib recipe in openembedded / poky contains a file with the same name. Remove the incomplete patch in order to make it clear that the complete patch from openembedded / poky is used. Fixes: e64954db ("zlib: fix CVE-2022-37434") Signed-off-by: Uwe Geuder <[email protected]> --- recipes-core/zlib/files/CVE-2022-37434.patch | 37 -------------------- 1 file changed, 37 deletions(-) delete mode 100644 recipes-core/zlib/files/CVE-2022-37434.patch diff --git a/recipes-core/zlib/files/CVE-2022-37434.patch b/recipes-core/zlib/files/CVE-2022-37434.patch deleted file mode 100644 index 052cdf60..00000000 --- a/recipes-core/zlib/files/CVE-2022-37434.patch +++ /dev/null @@ -1,37 +0,0 @@ -From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 -From: Mark Adler <[email protected]> -Date: Sat, 30 Jul 2022 15:51:11 -0700 -Subject: [PATCH] Fix a bug when getting a gzip header extra field with - inflate(). - -If the extra field was larger than the space the user provided with -inflateGetHeader(), and if multiple calls of inflate() delivered -the extra header data, then there could be a buffer overflow of the -provided space. This commit assures that provided space is not -exceeded. - -Upstream-Status: Backport -[ https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 ] -CVE: CVE-2022-37434 -Signed-off-by: Chee Yang Lee <[email protected]> ---- - inflate.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/inflate.c b/inflate.c -index 7be8c6366..7a7289749 100644 ---- a/inflate.c -+++ b/inflate.c -@@ -763,9 +763,10 @@ int flush; - copy = state->length; - if (copy > have) copy = have; - if (copy) { -+ len = state->head->extra_len - state->length; - if (state->head != Z_NULL && -- state->head->extra != Z_NULL) { -- len = state->head->extra_len - state->length; -+ state->head->extra != Z_NULL && -+ len < state->head->extra_max) { - zmemcpy(state->head->extra + len, next, - len + copy > state->head->extra_max ? - state->head->extra_max - len : copy); -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7936): https://lists.yoctoproject.org/g/meta-intel/message/7936 Mute This Topic: https://lists.yoctoproject.org/mt/98459333/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-intel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
