From patchwork Fri Nov 11 02:13:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 81769 Delivered-To: patch@linaro.org Received: by 10.140.97.165 with SMTP id m34csp1051333qge; Thu, 10 Nov 2016 18:28:50 -0800 (PST) X-Received: by 10.99.97.15 with SMTP id v15mr647404pgb.10.1478831330493; Thu, 10 Nov 2016 18:28:50 -0800 (PST) Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id k71si7684085pfb.249.2016.11.10.18.28.49; Thu, 10 Nov 2016 18:28:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from review.yoctoproject.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id A561671A92; Fri, 11 Nov 2016 02:28:40 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pf0-f195.google.com (mail-pf0-f195.google.com [209.85.192.195]) by mail.openembedded.org (Postfix) with ESMTP id 8D80F71A27 for ; Fri, 11 Nov 2016 02:13:31 +0000 (UTC) Received: by mail-pf0-f195.google.com with SMTP id n85so492281pfi.3 for ; Thu, 10 Nov 2016 18:13:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=AraSXZKICNXSQE7Rw5Zl4eggyeUCw8gRsAfIc5nvVYE=; b=mbn+2ZeRCeFCFB41MHswPoFY/f0wCy3j/Q2Q6CUzOJZ8C4bHH9hqDD95q+esIjlpD/ fiV0X7FzVKtCFMoB5jBzcK6Ni8xxZOjadofVmMfK1AbGbb3bQygaDbEyblRopI2yaVMw 2Pl/gheM7LlSWedt1EKhByKH3WMegw3a9KHtW2roKBHQnt+sB05wpPYh+b5n+tsGBmzc ocJ193676Y+YRYk84u8xkbq4S4edIhpcTuTsZDxUsi6jJ/WbOMIBjj6ib4VViNa2r96H 0X7fxXOge1c4w9xcf3iojdXwLFY6ElcjaLiiKM/5P82OIcLofVhlUd61MMdZfAPVuqFp 1xAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=AraSXZKICNXSQE7Rw5Zl4eggyeUCw8gRsAfIc5nvVYE=; b=Xg25SnRnRYeO+OR7zno7JHXtaOaa+7NDRStKAfGxoRjK/y7eLEu/E/uhdM/2A0jGbK CZhMHgAOtAc+RImJ+mdslQYNMZ6IBs28XhlunxCxJ9Qr+zjXcoUQDYOodZ5+AQtzA9uf Drw/kIUKmlRFlSxthZrA0gVOmKmtVT/jp7TTwxGIhIs8JvVoKIPK1T8paW9gwanQAzv2 SKCpbKnJcKUlST5wAMra7TABlOD7V2yPVNbcFpadgNzTfzYoN/bFlBUIF4/HFycNAJff fg5AKXBDylkubKhFh32VxbJ3TeD3yrcdtiIr/bzwQm3EGRxsW4m5hqmxrUEyV1WHV+w4 9zyw== X-Gm-Message-State: ABUngvfSlyJf1rHfSjpFtsHSyT2gFXjwfXIeNVzLBUwwProns61kYKVRAIHp43F/Su78Hw== X-Received: by 10.99.152.25 with SMTP id q25mr545435pgd.36.1478830412246; Thu, 10 Nov 2016 18:13:32 -0800 (PST) Received: from localhost.localdomain (c-76-102-32-192.hsd1.ca.comcast.net. [76.102.32.192]) by smtp.gmail.com with ESMTPSA id vz6sm10227854pab.15.2016.11.10.18.13.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Nov 2016 18:13:31 -0800 (PST) From: Khem Raj To: openembedded-core@lists.openembedded.org Date: Thu, 10 Nov 2016 18:13:26 -0800 Message-Id: <20161111021326.26750-1-raj.khem@gmail.com> X-Mailer: git-send-email 2.10.2 Subject: [OE-core] [PATCH V2] musl: Update to latest on master X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Khem Raj --- meta/recipes-core/musl/files/CVE-2016-8859.patch | 79 ------------------------ meta/recipes-core/musl/musl_git.bb | 3 +- 2 files changed, 1 insertion(+), 81 deletions(-) delete mode 100644 meta/recipes-core/musl/files/CVE-2016-8859.patch -- 2.10.2 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-core/musl/files/CVE-2016-8859.patch b/meta/recipes-core/musl/files/CVE-2016-8859.patch deleted file mode 100644 index 82da86f..0000000 --- a/meta/recipes-core/musl/files/CVE-2016-8859.patch +++ /dev/null @@ -1,79 +0,0 @@ -From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001 -From: Rich Felker -Date: Thu, 6 Oct 2016 18:34:58 -0400 -Subject: [PATCH] fix missing integer overflow checks in regexec buffer size - computations - -most of the possible overflows were already ruled out in practice by -regcomp having already succeeded performing larger allocations. -however at least the num_states*num_tags multiplication can clearly -overflow in practice. for safety, check them all, and use the proper -type, size_t, rather than int. - -also improve comments, use calloc in place of malloc+memset, and -remove bogus casts. - -Upstream-Status: Backport -CVE: CVE-2016-8859 - -Signed-off-by: Armin Kuster - ---- - src/regex/regexec.c | 23 ++++++++++++++++++----- - 1 file changed, 18 insertions(+), 5 deletions(-) - -diff --git a/src/regex/regexec.c b/src/regex/regexec.c -index 16c5d0a..dd52319 100644 ---- a/src/regex/regexec.c -+++ b/src/regex/regexec.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include - -@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, - - /* Allocate memory for temporary data required for matching. This needs to - be done for every matching operation to be thread safe. This allocates -- everything in a single large block from the stack frame using alloca() -- or with malloc() if alloca is unavailable. */ -+ everything in a single large block with calloc(). */ - { -- int tbytes, rbytes, pbytes, xbytes, total_bytes; -+ size_t tbytes, rbytes, pbytes, xbytes, total_bytes; - char *tmp_buf; -+ -+ /* Ensure that tbytes and xbytes*num_states cannot overflow, and that -+ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */ -+ if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states)) -+ goto error_exit; -+ -+ /* Likewise check rbytes. */ -+ if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next))) -+ goto error_exit; -+ -+ /* Likewise check pbytes. */ -+ if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos))) -+ goto error_exit; -+ - /* Compute the length of the block we need. */ - tbytes = sizeof(*tmp_tags) * num_tags; - rbytes = sizeof(*reach_next) * (tnfa->num_states + 1); -@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string, - + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes; - - /* Allocate the memory. */ -- buf = xmalloc((unsigned)total_bytes); -+ buf = calloc(total_bytes, 1); - if (buf == NULL) - return REG_ESPACE; -- memset(buf, 0, (size_t)total_bytes); - - /* Get the various pointers within tmp_buf (properly aligned). */ - tmp_tags = (void *)buf; --- -2.7.4 - diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb index 1ee56b6..d4467bc 100644 --- a/meta/recipes-core/musl/musl_git.bb +++ b/meta/recipes-core/musl/musl_git.bb @@ -3,7 +3,7 @@ require musl.inc -SRCREV = "39494a273eaa6b714e0fa0c59ce7a1f5fbc80a1e" +SRCREV = "4078a5c31fa67987051c2180db7a07702534032f" PV = "1.1.15+git${SRCPV}" @@ -11,7 +11,6 @@ PV = "1.1.15+git${SRCPV}" SRC_URI = "git://git.musl-libc.org/musl \ file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ - file://CVE-2016-8859.patch \ " S = "${WORKDIR}/git"