On 2023-02-20 11:35, Alexander Kanavin via lists.openembedded.org wrote:
But then the cve should be marked as resolved?
Yash is new to this game.
Yash,
Please submit an update along the lines of:
https://git.openembedded.org/openembedded-core/commit/?id=ebb0220bf211ec1318a0a7f6a9ab80cf7775a848
and next time you bump glibc/gcc/... indicate that the CVE is fixed by
setting CVE_CHECK_IGNORE.
../Randy
Alex
On Mon 20. Feb 2023 at 17.34, Ross Burton <ross.bur...@arm.com> wrote:
Ignore this, "glibc: stable 2.37 branch updates” incorporates it.
Ross
> On 20 Feb 2023, at 16:28, Ross Burton via lists.openembedded.org
<http://lists.openembedded.org>
<ross.burton=arm....@lists.openembedded.org> wrote:
>
> Signed-off-by: Ross Burton <ross.bur...@arm.com>
> ---
> ...r-grouping-in-printf-width-bug-30068.patch | 84
+++++++++++++++++++
> meta/recipes-core/glibc/glibc_2.37.bb <http://glibc_2.37.bb>
| 1 +
> 2 files changed, 85 insertions(+)
> create mode 100644
meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch
>
> diff --git
a/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch
b/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch
> new file mode 100644
> index 00000000000..9efd39a9eb4
> --- /dev/null
> +++
b/meta/recipes-core/glibc/glibc/0001-Account-for-grouping-in-printf-width-bug-30068.patch
> @@ -0,0 +1,84 @@
> +CVE: CVE-2023-25139
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.bur...@arm.com>
> +
> +From 07b9521fc6369d000216b96562ff7c0ed32a16c4 Mon Sep 17
00:00:00 2001
> +From: Carlos O'Donell <car...@redhat.com>
> +Date: Thu, 19 Jan 2023 12:50:20 +0100
> +Subject: [PATCH] Account for grouping in printf width (bug 30068)
> +
> +This is a partial fix for mishandling of grouping when formatting
> +integers. It properly computes the width in the presence of
grouping
> +characters when the width is larger than the number of significant
> +digits. The precision related issue is documented in bug 23432.
> +
> +Co-authored-by: Andreas Schwab <sch...@suse.de>
> +(cherry picked from commit
c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0)
> +---
> + stdio-common/Makefile | 2 ++
> + stdio-common/tst-grouping3.c | 54
+++++++++++++++++++++++++++++
> + stdio-common/vfprintf-process-arg.c | 22 +++++++++---
> + 3 files changed, 73 insertions(+), 5 deletions(-)
> + create mode 100644 stdio-common/tst-grouping3.c
> +
> +diff --git a/stdio-common/vfprintf-process-arg.c
b/stdio-common/vfprintf-process-arg.c
> +index 24c9125f9f..8c0fcbcf78 100644
> +--- a/stdio-common/vfprintf-process-arg.c
> ++++ b/stdio-common/vfprintf-process-arg.c
> +@@ -186,11 +186,17 @@ LABEL (unsigned_number): /* Unsigned
number of base BASE. */
> + bool octal_marker = (prec <= number_length && number.word != 0
> + && alt && base == 8);
> +
> +- prec = MAX (0, prec - (workend - string));
> ++ /* At this point prec_inc is the additional bytes required
for the
> ++ specificed precision. It is 0 if the precision would not
have
> ++ required additional bytes i.e. the number of input digits
is more
> ++ than the precision. It is greater than zero if the
precision is
> ++ more than the number of digits without grouping
(precision only
> ++ considers digits). */
> ++ unsigned int prec_inc = MAX (0, prec - (workend - string));
> +
> + if (!left)
> + {
> +- width -= number_length + prec;
> ++ width -= number_length + prec_inc;
> +
> + if (number.word != 0 && alt && (base == 16 || base == 2))
> + /* Account for 0X, 0x, 0B or 0b hex or binary marker. */
> +@@ -221,7 +227,7 @@ LABEL (unsigned_number): /* Unsigned
number of base BASE. */
> + Xprintf_buffer_putc (buf, spec);
> + }
> +
> +- width += prec;
> ++ width += prec_inc;
> + Xprintf_buffer_pad (buf, L_('0'), width);
> +
> + if (octal_marker)
> +@@ -237,6 +243,8 @@ LABEL (unsigned_number): /* Unsigned
number of base BASE. */
> + }
> + else
> + {
> ++ /* Perform left justification adjustments. */
> ++
> + if (is_negative)
> + {
> + Xprintf_buffer_putc (buf, L_('-'));
> +@@ -263,9 +271,13 @@ LABEL (unsigned_number): /* Unsigned
number of base BASE. */
> + if (octal_marker)
> + --width;
> +
> +- width -= workend - string + prec;
> ++ /* Adjust the width by subtracting the number of bytes
> ++ required to represent the number with grouping characters
> ++ (NUMBER_LENGTH) and any additional bytes required for
> ++ precision. */
> ++ width -= number_length + prec_inc;
> +
> +- Xprintf_buffer_pad (buf, L_('0'), prec);
> ++ Xprintf_buffer_pad (buf, L_('0'), prec_inc);
> +
> + if (octal_marker)
> + Xprintf_buffer_putc (buf, L_('0'));
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-core/glibc/glibc_2.37.bb
<http://glibc_2.37.bb> b/meta/recipes-core/glibc/glibc_2.37.bb
<http://glibc_2.37.bb>
> index f299a3004a4..e5689e536ad 100644
> --- a/meta/recipes-core/glibc/glibc_2.37.bb <http://glibc_2.37.bb>
> +++ b/meta/recipes-core/glibc/glibc_2.37.bb <http://glibc_2.37.bb>
> @@ -51,6 +51,7 @@ SRC_URI =
"${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
>
file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \
>
file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch
\
>
file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch
\
> + file://0001-Account-for-grouping-in-printf-width-bug-30068.patch \
> "
> S = "${WORKDIR}/git"
> B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.34.1
>
>
>
>
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177550):
https://lists.openembedded.org/g/openembedded-core/message/177550
Mute This Topic: https://lists.openembedded.org/mt/97089377/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-