But then the cve should be marked as resolved? Alex
On Mon 20. Feb 2023 at 17.34, Ross Burton <[email protected]> wrote: > Ignore this, "glibc: stable 2.37 branch updates” incorporates it. > > Ross > > > On 20 Feb 2023, at 16:28, Ross Burton via lists.openembedded.org > <[email protected]> wrote: > > > > Signed-off-by: Ross Burton <[email protected]> > > --- > > ...r-grouping-in-printf-width-bug-30068.patch | 84 +++++++++++++++++++ > > meta/recipes-core/glibc/glibc_2.37.bb | 1 + > > 2 files changed, 85 insertions(+) > > create mode 100644 > meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch > > > > diff --git > a/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch > b/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch > > new file mode 100644 > > index 00000000000..9efd39a9eb4 > > --- /dev/null > > +++ > b/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch > > @@ -0,0 +1,84 @@ > > +CVE: CVE-2023-25139 > > +Upstream-Status: Backport > > +Signed-off-by: Ross Burton <[email protected]> > > + > > +From 07b9521fc6369d000216b96562ff7c0ed32a16c4 Mon Sep 17 00:00:00 2001 > > +From: Carlos O'Donell <[email protected]> > > +Date: Thu, 19 Jan 2023 12:50:20 +0100 > > +Subject: [PATCH] Account for grouping in printf width (bug 30068) > > + > > +This is a partial fix for mishandling of grouping when formatting > > +integers. It properly computes the width in the presence of grouping > > +characters when the width is larger than the number of significant > > +digits. The precision related issue is documented in bug 23432. > > + > > +Co-authored-by: Andreas Schwab <[email protected]> > > +(cherry picked from commit c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0) > > +--- > > + stdio-common/Makefile | 2 ++ > > + stdio-common/tst-grouping3.c | 54 +++++++++++++++++++++++++++++ > > + stdio-common/vfprintf-process-arg.c | 22 +++++++++--- > > + 3 files changed, 73 insertions(+), 5 deletions(-) > > + create mode 100644 stdio-common/tst-grouping3.c > > + > > +diff --git a/stdio-common/vfprintf-process-arg.c > b/stdio-common/vfprintf-process-arg.c > > +index 24c9125f9f..8c0fcbcf78 100644 > > +--- a/stdio-common/vfprintf-process-arg.c > > ++++ b/stdio-common/vfprintf-process-arg.c > > +@@ -186,11 +186,17 @@ LABEL (unsigned_number): /* Unsigned number > of base BASE. */ > > + bool octal_marker = (prec <= number_length && number.word != 0 > > + && alt && base == 8); > > + > > +- prec = MAX (0, prec - (workend - string)); > > ++ /* At this point prec_inc is the additional bytes required for the > > ++ specificed precision. It is 0 if the precision would not have > > ++ required additional bytes i.e. the number of input digits is more > > ++ than the precision. It is greater than zero if the precision is > > ++ more than the number of digits without grouping (precision only > > ++ considers digits). */ > > ++ unsigned int prec_inc = MAX (0, prec - (workend - string)); > > + > > + if (!left) > > + { > > +- width -= number_length + prec; > > ++ width -= number_length + prec_inc; > > + > > + if (number.word != 0 && alt && (base == 16 || base == 2)) > > + /* Account for 0X, 0x, 0B or 0b hex or binary marker. */ > > +@@ -221,7 +227,7 @@ LABEL (unsigned_number): /* Unsigned number of > base BASE. */ > > + Xprintf_buffer_putc (buf, spec); > > + } > > + > > +- width += prec; > > ++ width += prec_inc; > > + Xprintf_buffer_pad (buf, L_('0'), width); > > + > > + if (octal_marker) > > +@@ -237,6 +243,8 @@ LABEL (unsigned_number): /* Unsigned number of > base BASE. */ > > + } > > + else > > + { > > ++ /* Perform left justification adjustments. */ > > ++ > > + if (is_negative) > > + { > > + Xprintf_buffer_putc (buf, L_('-')); > > +@@ -263,9 +271,13 @@ LABEL (unsigned_number): /* Unsigned number > of base BASE. */ > > + if (octal_marker) > > + --width; > > + > > +- width -= workend - string + prec; > > ++ /* Adjust the width by subtracting the number of bytes > > ++ required to represent the number with grouping characters > > ++ (NUMBER_LENGTH) and any additional bytes required for > > ++ precision. */ > > ++ width -= number_length + prec_inc; > > + > > +- Xprintf_buffer_pad (buf, L_('0'), prec); > > ++ Xprintf_buffer_pad (buf, L_('0'), prec_inc); > > + > > + if (octal_marker) > > + Xprintf_buffer_putc (buf, L_('0')); > > +-- > > +2.34.1 > > + > > diff --git a/meta/recipes-core/glibc/glibc_2.37.bb > b/meta/recipes-core/glibc/glibc_2.37.bb > > index f299a3004a4..e5689e536ad 100644 > > --- a/meta/recipes-core/glibc/glibc_2.37.bb > > +++ b/meta/recipes-core/glibc/glibc_2.37.bb > > @@ -51,6 +51,7 @@ SRC_URI = > "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ > > > file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ > > > file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ > > + > file://0001-Account-for-grouping-in-printf-width-bug-30068.patch \ > > " > > S = "${WORKDIR}/git" > > B = "${WORKDIR}/build-${TARGET_SYS}" > > -- > > 2.34.1 > > > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177443): https://lists.openembedded.org/g/openembedded-core/message/177443 Mute This Topic: https://lists.openembedded.org/mt/97089377/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
