== Series Details ==
Series: Fix inconsistent indentation
Revision: 1
URL : https://patchwork.openembedded.org/series/13647/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the
>From 23438137cea726c9144db29b593b7034f5ac2408 Mon Sep 17 00:00:00 2001
From: Alexander Hedges
Date: Tue, 21 Aug 2018 19:17:50 +0200
This removes some extra spaces.
Signed-off-by: Alexander Hedges
---
As a side note, doing the development linux-style on the mailing list via
patches
is a real
Ping
Regards
Ankur
On Mon 20 Aug, 2018, 9:12 PM Ankur Tyagi, wrote:
> Initially I thought of doing that but then dropped it because it would
> create a dependency on syslog configuration file.
> If in future syslog configuration parameter (LOGFILE) gets renamed, then
> we need to make
While invoking mtools frequently, the unblocking request
caused race issue. Here is an example of syslinux
[snip]
dd if=/dev/zero of=floppy.img bs=1024 count=144
losetup /dev/loop1 floppy.img
mkdosfs /dev/loop1
syslinux -i /dev/loop1
|plain floppy: device "/proc/6351/fd/3" busy (Resource
The perl distribution "XML-Parser" relies for configuration
on the tooling of Devel::CheckLib - which is not aware of
sysroot locations nor of reasonable compiler/link definitions
from outside.
This causes
ERROR: libxml-parser-perl-2.44-r0 do_package_qa: QA Issue: package
libxml-parser-perl
The modern the time, the improvements in ExtUtils::MakeMaker.
Nowadays, .packlist and perllocal.pod aren't touched anymore when appropriate
flags set during configure stage. Controlling the flags globally avoids
dual-life recipes need share patching.
Further: remove prepending ${PERL_ARCHLIB} in
>From 23438137cea726c9144db29b593b7034f5ac2408 Mon Sep 17 00:00:00 2001
From: Alexander Hedges
Date: Tue, 21 Aug 2018 19:17:50 +0200
This removes some extra spaces.
Signed-off-by: Alexander Hedges
---
meta/recipes-bsp/u-boot/u-boot.inc | 54 +++---
1 file changed, 27
hi,
On Wed, Aug 22, 2018 at 4:25 AM Randy MacLeod
wrote:
>
> On 08/21/2018 11:04 AM, Wang, Yang (Young) wrote:
> > Hi All,
> >
> > I'm working on this ticket:
> > https://bugzilla.yoctoproject.org/show_bug.cgi?id=12372
>
> Thanks for investigating the bug/enhancement and posting your thoughts.
>
On 2018年08月22日 10:46, ChenQi wrote:
And also a few other failures:
https://autobuilder.yocto.io/builders/nightly-qa-extras/builds/1242/steps/BuildImages_7/logs/stdio
https://autobuilder.yocto.io/builders/nightly-multilib/builds/1255/steps/BuildImages_3/logs/stdio
It adds extra package
The crypto API for AEAD ciphers changed in recent kernels, so that
associated data is now part of both source and destination scatter
gathers. The source, destination and associated data buffers need
to be stiched accordingly for the operations to succeed.
Signed-off-by: Hongzhi.Song
---
On Wed, 22 Aug 2018, 20:02 Martin Jansa, wrote:
> Your 1st parameter is wrong, compare again with the example I gave you
> (don't include "brcm/" path in 1st param, because you want the symlink to
> point to just brcmfmac43430-sdio.AP6212.txt like you did in the version
> after cd).
>
That
On Thu, Aug 16, 2018 at 9:48 PM, Anuj Mittal wrote:
> On 08/17/2018 03:31 AM, Andre McCurdy wrote:
>> On Wed, Aug 15, 2018 at 11:26 PM, Anuj Mittal wrote:
>>> Enable profile guided optimization (pgo) for python3. Enabling pgo in
>>> python is generally as simple as invoking the target
Although the relative_symlinks class converts any absolute symlinks
in ${D} into relative symlinks automatically, it's a little clearer
to create relative symlinks directly where possible.
Signed-off-by: Andre McCurdy
---
meta/recipes-connectivity/openssl/openssl_1.0.2p.bb | 11 +++
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libarchive/libarchive/CVE-2017-14503.patch | 33 ++
.../libarchive/libarchive_3.3.2.bb | 1 +
2 files changed, 34 insertions(+)
Remove existing files before overwriting them
Archive should extract only the latest same-named entry.
Extracted regular file should not be writtent into existing block
device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523
Affects perl <= 5.26.2
Signed-off-by: Jagadeesh
sfe_copy_data_fp: check value of "max" variable for being normal
and check elements of the data[] array for being finite.
Both checks use functions provided by the header as declared
by the C99 standard.
Fixes #317
CVE-2017-14245
CVE-2017-14246
Affects libsndfile1 = 1.0.28
Signed-off-by:
On Wed, Aug 22, 2018 at 1:10 PM, Ryan Harkin wrote:
> On Wed, 22 Aug 2018, 20:02 Martin Jansa, wrote:
>>
>> Your 1st parameter is wrong, compare again with the example I gave you
>> (don't include "brcm/" path in 1st param, because you want the symlink to
>> point to just
Hi,
to test my patches, I moved my layers from sumo to recent master and
see similar linker (=gold) errors in different recipes. Up to now
there are:
meta-qt5-extra/kwallet:
FAILED: bin/libkwalletbackend5.so.5.49.0
: &&
double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it
Hi Richard
On Wed, Aug 22, 2018 at 2:45 PM wrote:
>
> On Tue, 2018-08-21 at 16:58 +0200, Ricardo Ribalda Delgado wrote:
> > RTLDLIST table does not include /lib/ld-linux-x86-64.so.2, resulting
> > on the following error:
> >
> > root@qt5122:~# ldd ./qtec_webcam
> > not a dynamic executable
> >
HI Richard
On Wed, Aug 22, 2018 at 3:05 PM wrote:
>
> On Wed, 2018-08-22 at 15:02 +0200, Ricardo Ribalda Delgado wrote:
> > On Wed, Aug 22, 2018 at 3:00 PM
> > wrote:
> > >
> > > On Wed, 2018-08-22 at 14:48 +0200, Ricardo Ribalda Delgado wrote:
> > > > On Wed, Aug 22, 2018 at 2:45 PM > > > rg>
lineedit: do not tab-complete any strings which have control characters
function old new delta
add_match 41 68 +27
Affects busybox <= 1.27.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../busybox/busybox/CVE-2017-16544.patch | 44 ++
sfe_copy_data_fp: check value of "max" variable for being normal
and check elements of the data[] array for being finite.
Both checks use functions provided by the header as declared
by the C99 standard.
Fixes #317
CVE-2017-14245
CVE-2017-14246
Affects libsndfile1 = 1.0.28
Signed-off-by:
Open newly created files with O_EXCL to prevent symlink tricks.
When reopening hardlinks for writing the actual content, use append
mode instead. This is compatible with the write-only permissions but
is not destructive in case we got redirected to somebody elses file,
verify the target before
CVE-2017-14160: fix bounds check on very low sample rates.
Affects libvorbis = 1.3.5
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libvorbis/libvorbis/CVE-2017-14160.patch | 33 ++
.../libvorbis/libvorbis_1.3.5.bb | 2 ++
2 files changed, 35
revision: quit pruning diff more quickly when possible
When the revision traversal machinery is given a pathspec,
we must compute the parent-diff for each commit to determine
which ones are TREESAME. We set the QUICK diff flag to avoid
looking at more entries than we need; we really just care
disallow creation (of empty files) in read-only mode; reported by
Michal Zalewski, feedback & ok deraadt@
Affects openssh < 7.6
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../openssh/openssh/CVE-2017-15906.patch | 38 ++
From: Jeremy Puhlman
slirp: correct size computation while concatenating mbuf
While reassembling incoming fragmented datagrams, 'm_cat' routine
extends the 'mbuf' buffer, if it has insufficient room. It computes
a wrong buffer size, which leads to overwriting adjacent heap buffer
area. Correct
smtp: use the upload buffer size for scratch buffer malloc
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500
Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
Affects curl >= 7.54.1 && curl <= 7.60.0
Signed-off-by:
double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it
Fix potential access violation, use runtime user dir instead of tmp dir.
pcmanfm = 1.2.5
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../recipes-sato/pcmanfm/files/CVE-2017-8934.patch | 60 ++
meta/recipes-sato/pcmanfm/pcmanfm_1.2.5.bb | 3 +-
2 files changed, 62
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then
he
larger cache will be copied and overflow the new smaller heap based
buffer.
Reported-by: Dario Weisser
CVE:
nbd/server: CVE-2017-15119 Reject options larger than 32M
The NBD spec gives us permission to abruptly disconnect on clients
that send outrageously large option requests, rather than having
to spend the time reading to the end of the option. No real
option request requires that much data
osdep: Fix ROUND_UP(64-bit, 32-bit)
When using bit-wise operations that exploit the power-of-two
nature of the second argument of ROUND_UP(), we still need to
ensure that the mask is as wide as the first argument (done
by using a ternary to force proper arithmetic promotion).
Unpatched,
multiboot: bss_end_addr can be zero
The multiboot spec
(https://www.gnu.org/software/grub/manual/multiboot/),
section 3.1.3, allows for bss_end_addr to be zero.
A zero bss_end_addr signifies there is no .bss section.
Affects qemu < v2.12.0
Signed-off-by: Jagadeesh Krishnanjanappa
---
(perl #132227) restart a node if we change to uni rules within the node and
encounter...
This could lead to a buffer overflow.
(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
Affects perl >= 5.18 && perl <= 5.26
Signed-off-by: Jagadeesh Krishnanjanappa
---
qga: check bytes count read by guest-file-read
While reading file content via 'guest-file-read' command,
'qmp_guest_file_read' routine allocates buffer of count+1
bytes. It could overflow for large values of 'count'.
Add check to avoid it.
Affects qemu < v3.0.0
Signed-off-by: Jagadeesh
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libarchive/libarchive/CVE-2017-14503.patch | 33 ++
.../libarchive/libarchive_3.3.2.bb | 1 +
2 files changed, 34 insertions(+)
== Series Details ==
Series: "[ROCKO,V2] sqlite3: CVE-2017-1..." and 33 more
Revision: 1
URL : https://patchwork.openembedded.org/series/13666/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have
== Series Details ==
Series: kernel: yocto: Add dependency on do_prepare_recipe_sysroot
Revision: 1
URL : https://patchwork.openembedded.org/series/13667/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several
skipIfInDataVar will skip a test if a value is in a certain variable.
Signed-off-by: Richard Leitner
---
meta/lib/oeqa/core/decorator/data.py | 14 ++
1 file changed, 14 insertions(+)
diff --git a/meta/lib/oeqa/core/decorator/data.py
b/meta/lib/oeqa/core/decorator/data.py
index
stream_decoder.c: Fix a memory leak
Leak reported by Secunia Research.
Affects flac = 1.3.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../flac/files/CVE-2017-6888.patch | 31 ++
meta/recipes-multimedia/flac/flac_1.3.2.bb | 3 ++-
2 files
From: Ferret on Shark
Remove existing files before overwriting them
Archive should extract only the latest same-named entry.
Extracted regular file should not be writtent into existing block
device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523
Affects perl <= 5.26.2
From: Ferret on Shark
submodule-config: verify submodule names as paths
Submodule "names" come from the untrusted .gitmodules file,
but we blindly append them to $GIT_DIR/modules to create our
on-disk repo paths. This means you can do bad things by
putting "../" into the name (among other
From: Ferret on Shark
ecc: Add blinding for ECDSA.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
randomized nonce B.
--
CVE-id: CVE-2018-0495
Affects libgcrypt < 1.7.10 and libgcrypt < 1.8.3
Signed-off-by: Jagadeesh Krishnanjanappa
---
bash-completion: (umount) use findmnt, escape a space in paths
# mount /dev/sdc1 /mnt/test/foo\ bar
# umount
has to return "/mnt/test/foo\ bar".
Changes:
* don't use mount | awk output, we have findmnt
* force compgen use \n as entries separator
Affects util-linux < 2.32-rc1
CVE-2017-14160: fix bounds check on very low sample rates.
Affects libvorbis = 1.3.5
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libvorbis/libvorbis/CVE-2017-14160.patch | 33 ++
.../libvorbis/libvorbis_1.3.5.bb | 2 ++
2 files changed, 35
lineedit: do not tab-complete any strings which have control characters
function old new delta
add_match 41 68 +27
Affects busybox <= 1.27.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../busybox/busybox/CVE-2017-16544.patch | 44 ++
Reject excessively large primes in DH key generation.
CVE-2018-0732
Affects openssl 1.0.2 to 1.0.2o
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../openssl/openssl-1.0.2o/CVE-2018-0732.patch | 47 ++
.../recipes-connectivity/openssl/openssl_1.0.2o.bb | 1 +
2 files
CVE-2017-15286: Make sure the tableColumnList() routine of the command-line
shell does not cause a null-pointer dereference in an error condition.
Affects sqlite3 < 3.21
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../sqlite/files/CVE-2017-15286.patch | 34 ++
sfe_copy_data_fp: check value of "max" variable for being normal
and check elements of the data[] array for being finite.
Both checks use functions provided by the header as declared
by the C99 standard.
Fixes #317
CVE-2017-14245
CVE-2017-14246
Affects libsndfile1 = 1.0.28
Signed-off-by:
CVE-2017-18018-1:
doc: clarify chown/chgrp --dereference defaults
* doc/coreutils.texi: the documentation for the --dereference
flag of chown/chgrp states that it is the default mode of
operation. Document that this is only the case when operating
non-recursively.
CVE-2017-18018-2:
doc:
io-gif: Fail quickly when image dimensions are too big
Fail quickly when the dimensions would create an image that's bigger
than MAXINT bytes long.
See https://bugzilla.gnome.org/show_bug.cgi?id=765094
https://bugzilla.gnome.org/show_bug.cgi?id=785973
Affects gdk-pixbuf <= 2.36.8
From: Ferret on Shark
(perl #131844) fix various space calculation issues in
pp_pack.c
- for the originally reported case, if the start/cur pointer is in the
top 75% of the address space the add (cur) + glen addition would
overflow, resulting in the condition failing incorrectly.
- the
proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!
For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by
multiboot: bss_end_addr can be zero
The multiboot spec
(https://www.gnu.org/software/grub/manual/multiboot/),
section 3.1.3, allows for bss_end_addr to be zero.
A zero bss_end_addr signifies there is no .bss section.
Affects qemu < v2.12.0
Signed-off-by: Jagadeesh Krishnanjanappa
---
v2:
qga: check bytes count read by guest-file-read
While reading file content via 'guest-file-read' command,
'qmp_guest_file_read' routine allocates buffer of count+1
bytes. It could overflow for large values of 'count'.
Add check to avoid it.
Affects qemu < v3.0.0
Signed-off-by: Jagadeesh
(perl #131844) fix various space calculation issues in
pp_pack.c
- for the originally reported case, if the start/cur pointer is in the
top 75% of the address space the add (cur) + glen addition would
overflow, resulting in the condition failing incorrectly.
- the addition of the existing
submodule-config: verify submodule names as paths
Submodule "names" come from the untrusted .gitmodules file,
but we blindly append them to $GIT_DIR/modules to create our
on-disk repo paths. This means you can do bad things by
putting "../" into the name (among other things).
Let's sanity-check
Remove existing files before overwriting them
Archive should extract only the latest same-named entry.
Extracted regular file should not be writtent into existing block
device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523
Affects perl <= 5.26.2
Signed-off-by: Jagadeesh
ecc: Add blinding for ECDSA.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
randomized nonce B.
--
CVE-id: CVE-2018-0495
Affects libgcrypt < 1.7.10 and libgcrypt < 1.8.3
Signed-off-by: Jagadeesh Krishnanjanappa
---
v2:
Corrected "From:" address
On Tue, 2018-08-21 at 16:58 +0200, Ricardo Ribalda Delgado wrote:
> RTLDLIST table does not include /lib/ld-linux-x86-64.so.2, resulting
> on the following error:
>
> root@qt5122:~# ldd ./qtec_webcam
> not a dynamic executable
>
> Signed-off-by: Ricardo Ribalda Delgado
> ---
>
* Merge the two tests together as having them separate is pointless
* Test that ldd runs correctly
* Add in a dependency on the "ldd" package being installed instead of
the sdk tools feature
Signed-off-by: Richard Purdie
---
meta/lib/oeqa/runtime/cases/ldd.py | 15 +++
1 file
On Wed, 2018-08-22 at 14:48 +0200, Ricardo Ribalda Delgado wrote:
> On Wed, Aug 22, 2018 at 2:45 PM
> wrote:
> >
> > On Tue, 2018-08-21 at 16:58 +0200, Ricardo Ribalda Delgado wrote:
> > > RTLDLIST table does not include /lib/ld-linux-x86-64.so.2,
> > > resulting
> > > on the following error:
>
On Wed, 2018-08-22 at 15:02 +0200, Ricardo Ribalda Delgado wrote:
> On Wed, Aug 22, 2018 at 3:00 PM
> wrote:
> >
> > On Wed, 2018-08-22 at 14:48 +0200, Ricardo Ribalda Delgado wrote:
> > > On Wed, Aug 22, 2018 at 2:45 PM > > rg>
> > > wrote:
> > > >
> > > > On Tue, 2018-08-21 at 16:58 +0200,
(perl #132227) restart a node if we change to uni rules within the node and
encounter...
This could lead to a buffer overflow.
(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
Affects perl >= 5.18 && perl <= 5.26
Signed-off-by: Jagadeesh Krishnanjanappa
---
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by
stream_decoder.c: Fix a memory leak
Leak reported by Secunia Research.
Affects flac = 1.3.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../flac/files/CVE-2017-6888.patch | 31 ++
meta/recipes-multimedia/flac/flac_1.3.2.bb | 3 ++-
2 files
submodule-config: verify submodule names as paths
Submodule "names" come from the untrusted .gitmodules file,
but we blindly append them to $GIT_DIR/modules to create our
on-disk repo paths. This means you can do bad things by
putting "../" into the name (among other things).
Let's sanity-check
Reject excessively large primes in DH key generation.
CVE-2018-0732
Affects openssl 1.0.2 to 1.0.2o
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../openssl/openssl-1.0.2o/CVE-2018-0732.patch | 46 ++
.../recipes-connectivity/openssl/openssl_1.0.2o.bb | 1 +
2 files
ecc: Add blinding for ECDSA.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
randomized nonce B.
--
CVE-id: CVE-2018-0495
Affects libgcrypt < 1.7.10 and libgcrypt < 1.8.3
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libgcrypt/files/CVE-2018-0495.patch| 76
Remove existing files before overwriting them
Archive should extract only the latest same-named entry.
Extracted regular file should not be writtent into existing block
device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523
Affects perl <= 5.26.2
Signed-off-by: Jagadeesh
On Wed, 2018-08-22 at 15:13 +0200, Ricardo Ribalda Delgado wrote:
> > Here I see:
> >
> > $ MACHINE=qemux86-64 bitbake glibc -e | grep ^RTLDLIST=
> > RTLDLIST="/lib/ld-linux-x86-64.so.2"
>
> The output of RTLDLIST that I shared was from
> root@qt5122:~# cat /usr/bin/ldd | grep ^RTLD
>
* CVE-2018-6798-1
The proximal cause is several instances in regexec.c of the code
assuming that the input was valid UTF-8, whereas the input was too short
for what the start byte claimed it would be.
I grepped through the core for any other similar uses, and did not find
any.
(cherry
* CVE-2018-130-1
[2.7] bpo-31530: Stop crashes when iterating over a file on multiple threads
* CVE-2018-130-2
Multiple threads iterating over a file can corrupt the file's internal readahead
buffer resulting in crashes. To fix this, cache buffer state thread-locally for
the duration of a
bash-completion: (umount) use findmnt, escape a space in paths
# mount /dev/sdc1 /mnt/test/foo\ bar
# umount
has to return "/mnt/test/foo\ bar".
Changes:
* don't use mount | awk output, we have findmnt
* force compgen use \n as entries separator
Affects util-linux < 2.32-rc1
io-gif: Fail quickly when image dimensions are too big
Fail quickly when the dimensions would create an image that's bigger
than MAXINT bytes long.
See https://bugzilla.gnome.org/show_bug.cgi?id=765094
https://bugzilla.gnome.org/show_bug.cgi?id=785973
Affects gdk-pixbuf <= 2.36.8
CVE-2017-18018-1:
doc: clarify chown/chgrp --dereference defaults
* doc/coreutils.texi: the documentation for the --dereference
flag of chown/chgrp states that it is the default mode of
operation. Document that this is only the case when operating
non-recursively.
CVE-2017-18018-2:
doc:
proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!
For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and
http: restore buffer pointer when bad response-line is parsed
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug:
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--
This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic. The mention CVE is about using this to inject
status-fd lines into the stderr output. Other
On 08/22/2018 09:40 AM, Lukasz Majewski wrote:
Without this patch it happens that do_populate_recipe_sysroot is called
just before do_compile (on multi core build machines).
This is way too late as the .config generated in do_kernel_configme()
is already broken.
The problem is that
Hi Bruce,
> On 08/22/2018 09:40 AM, Lukasz Majewski wrote:
> > Without this patch it happens that do_populate_recipe_sysroot is
> > called just before do_compile (on multi core build machines).
> > This is way too late as the .config generated in
> > do_kernel_configme() is already broken.
> >
>
On 08/22/2018 10:05 AM, Lukasz Majewski wrote:
Hi Bruce,
On 08/22/2018 09:40 AM, Lukasz Majewski wrote:
Without this patch it happens that do_populate_recipe_sysroot is
called just before do_compile (on multi core build machines).
This is way too late as the .config generated in
== Series Details ==
Series: coreutils: CVE-2017-18018 (rev12)
Revision: 12
URL : https://patchwork.openembedded.org/series/13660/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on
== Series Details ==
Series: coreutils: CVE-2017-18018 (rev10)
Revision: 10
URL : https://patchwork.openembedded.org/series/13660/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on
* CVE-2018-6798-1
The proximal cause is several instances in regexec.c of the code
assuming that the input was valid UTF-8, whereas the input was too short
for what the start byte claimed it would be.
I grepped through the core for any other similar uses, and did not find
any.
(cherry
proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!
For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and
qga: check bytes count read by guest-file-read
While reading file content via 'guest-file-read' command,
'qmp_guest_file_read' routine allocates buffer of count+1
bytes. It could overflow for large values of 'count'.
Add check to avoid it.
Affects qemu < v3.0.0
Signed-off-by: Jagadeesh
(perl #131844) fix various space calculation issues in
pp_pack.c
- for the originally reported case, if the start/cur pointer is in the
top 75% of the address space the add (cur) + glen addition would
overflow, resulting in the condition failing incorrectly.
- the addition of the existing
sfe_copy_data_fp: check value of "max" variable for being normal
and check elements of the data[] array for being finite.
Both checks use functions provided by the header as declared
by the C99 standard.
Fixes #317
CVE-2017-14245
CVE-2017-14246
Affects libsndfile1 = 1.0.28
Signed-off-by:
CVE-2017-14160: fix bounds check on very low sample rates.
Affects libvorbis = 1.3.5
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libvorbis/libvorbis/CVE-2017-14160.patch | 33 ++
.../libvorbis/libvorbis_1.3.5.bb | 2 ++
2 files changed, 35
CVE-2017-18018-1:
doc: clarify chown/chgrp --dereference defaults
* doc/coreutils.texi: the documentation for the --dereference
flag of chown/chgrp states that it is the default mode of
operation. Document that this is only the case when operating
non-recursively.
CVE-2017-18018-2:
doc:
* CVE-2018-130-1
[2.7] bpo-31530: Stop crashes when iterating over a file on multiple threads
* CVE-2018-130-2
Multiple threads iterating over a file can corrupt the file's internal readahead
buffer resulting in crashes. To fix this, cache buffer state thread-locally for
the duration of a
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--
This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic. The mention CVE is about using this to inject
status-fd lines into the stderr output. Other
double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it
multiboot: bss_end_addr can be zero
The multiboot spec
(https://www.gnu.org/software/grub/manual/multiboot/),
section 3.1.3, allows for bss_end_addr to be zero.
A zero bss_end_addr signifies there is no .bss section.
Affects qemu < v2.12.0
Signed-off-by: Jagadeesh Krishnanjanappa
---
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa
---
.../libarchive/libarchive/CVE-2017-14503.patch | 33 ++
.../libarchive/libarchive_3.3.2.bb | 1 +
2 files changed, 34 insertions(+)
1 - 100 of 242 matches
Mail list logo