I think this should be reverted. Sorry, I had given comments at the time patch was sent but missed this in zeus review.
http://lists.openembedded.org/pipermail/openembedded-core/2020-January/291826.html This CVE is not applicable to 1.0.7. This is not failing because the CVE patch file is not included in SRC_URI in recipe. Thanks, Anuj > -----Original Message----- > From: openembedded-core-boun...@lists.openembedded.org <openembedded-core- > boun...@lists.openembedded.org> On Behalf Of Armin Kuster > Sent: Tuesday, February 4, 2020 11:06 PM > To: openembedded-c...@openembedded.org > Subject: [OE-core] [zeus 5/8] bzip2: Fix CVE-2019-12900 > > From: Sana Kazi <sana.k...@kpit.com> > > Added patch for CVE-2019-12900 as backport from upstream. > Fixes out of bound access discovered while fuzzying karchive. > > Tested by: sana.k...@kpit.com > > Signed-off-by: Saloni Jain <saloni.j...@kpit.com> > Signed-off-by: Armin Kuster <akuster...@gmail.com> > --- > .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 +++++++++++++++++++ > 1 file changed, 36 insertions(+) > create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019- > 12900.patch > > diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > new file mode 100644 > index 0000000000..9859d9d1a2 > --- /dev/null > +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > @@ -0,0 +1,36 @@ > +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 > +From: Albert Astals Cid <aa...@kde.org> > +Date: Tue, 28 May 2019 19:35:18 +0200 > +Subject: [PATCH] Make sure nSelectors is not out of range > + > +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf > +which is > +UChar selectorMtf[BZ_MAX_SELECTORS]; > +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid > +memory access Fixes out of bounds access discovered while fuzzying > +karchive > + > +Link: > +https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef > +9824db71a8ffee5962cdbc.patch > + > +Upstream-Status: Backport > +CVE: CVE-2019-12900.patch > +Signed-off-by: Saloni Jain <saloni.j...@kpit.com> > +--- > + decompress.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/decompress.c b/decompress.c index ab6a624..f3db91d 100644 > +--- a/decompress.c > ++++ b/decompress.c > +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) > + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); > + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); > + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); > +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); > ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) > ++ RETURN(BZ_DATA_ERROR); > + for (i = 0; i < nSelectors; i++) { > + j = 0; > + while (True) { > +-- > +2.22.0 > -- > 2.17.1 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
