Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / bba38f38e7e41525c30116a2fe990d113b8157da^! / . / poky / meta / recipes-bsp / lrzsz / lrzsz-0.12.20 / cve-2018-10195.patch
commitbba38f38e7e41525c30116a2fe990d113b8157da[log] [tgz]
authorBrad Bishop <bradleyb@fuzziesquirrel.com>Thu Aug 23 16:11:46 2018 +0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Thu Sep 27 07:47:44 2018 -0400
tree14a0d015f4b144a97c51c896e7a3135b600760a6
parent36b84cde8facab568630eec811e483cf1fc50848 [diff] [blame]
poky: sumo refresh 51872d3f99..3b8dc3a88e

Update poky to sumo HEAD.

Andrej Valek (1):
      wpa-supplicant: fix CVE-2018-14526

Armin Kuster (2):
      xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
      binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.

Bruce Ashfield (3):
      linux-yocto/4.12: update to v4.12.28
      linux-yocto/4.14: update to v4.14.62
      linux-yocto/4.14: update to v4.14.67

Changqing Li (6):
      libexif: patch for CVE-2017-7544
      squashfs-tools: patch for CVE-2015-4645(4646)
      libcroco: patch for CVE-2017-7960
      libid3tag: patch for CVE-2004-2779
      libice: patch for CVE-2017-2626
      apr-util: fix ptest fail problem

Chen Qi (2):
      util-linux: upgrade 2.32 -> 2.32.1
      busybox: move init related configs to init.cfg

Jagadeesh Krishnanjanappa (2):
      libarchive: CVE-2017-14501
      libcgroup: CVE-2018-14348

Jon Szymaniak (1):
      cve-check.bbclass: detect CVE IDs listed on multiple lines

Joshua Lock (1):
      os-release: fix to install in the expected location

Khem Raj (1):
      serf: Fix Sconstruct build with python 3.7

Konstantin Shemyak (1):
      cve-check.bbclass: do not download the CVE DB in package-specific tasks

Mike Looijmans (1):
      busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail

Ross Burton (1):
      lrzsz: fix CVE-2018-10195

Sinan Kaya (3):
      busybox: CVE-2017-15874
      libpng: CVE-2018-13785
      sqlite3: CVE-2018-8740

Yadi.hu (1):
      busybox: handle syslog

Yi Zhao (2):
      blktrace: Security fix CVE-2018-10689
      taglib: Security fix CVE-2018-11439

Zheng Ruoqin (1):
      glibc: fix CVE-2018-11237

Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

diff --git a/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch b/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch
new file mode 100644
index 0000000..dea2986
--- /dev/null
+++ b/poky/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch

@@ -0,0 +1,28 @@
+Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver.
+
+Patch taken from Fedora.
+
+CVE: CVE-2018-10195
+Upstream-Status: Inappropriate (dead upstream)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c
+--- lrzsz-0.12.20/src/zm.c	Tue Dec 29 09:48:38 1998
++++ lrzsz-0.12.20.new/src/zm.c	Tue Oct  8 12:46:58 2002
+@@ -431,10 +431,12 @@
+ 	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, 
+ 		Zendnames[(frameend-ZCRCE)&3]));
+ 	crc = 0;
+-	do {
+-		zsendline(*buf); crc = updcrc((0377 & *buf), crc);
+-		buf++;
+-	} while (--length>0);
++
++	for( ; length; length--) {
++	  zsendline(*buf); crc = updcrc((0377 & *buf), crc);
++	  buf++;
++	}
++
+ 	xsendline(ZDLE); xsendline(frameend);
+ 	crc = updcrc(frameend, crc);
+ 
\ No newline at end of file