All of lore.kernel.org
 help / color / mirror / Atom feed
From: Khem Raj <raj.khem@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] musl: Upgrade to master tip
Date: Mon,  7 Nov 2016 09:08:49 -0800	[thread overview]
Message-ID: <20161107170849.3602-1-raj.khem@gmail.com> (raw)

Drop backported patch

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-core/musl/files/CVE-2016-8859.patch | 79 ------------------------
 meta/recipes-core/musl/musl_git.bb               |  3 +-
 2 files changed, 1 insertion(+), 81 deletions(-)
 delete mode 100644 meta/recipes-core/musl/files/CVE-2016-8859.patch

diff --git a/meta/recipes-core/musl/files/CVE-2016-8859.patch b/meta/recipes-core/musl/files/CVE-2016-8859.patch
deleted file mode 100644
index 82da86f..0000000
--- a/meta/recipes-core/musl/files/CVE-2016-8859.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Thu, 6 Oct 2016 18:34:58 -0400
-Subject: [PATCH] fix missing integer overflow checks in regexec buffer size
- computations
-
-most of the possible overflows were already ruled out in practice by
-regcomp having already succeeded performing larger allocations.
-however at least the num_states*num_tags multiplication can clearly
-overflow in practice. for safety, check them all, and use the proper
-type, size_t, rather than int.
-
-also improve comments, use calloc in place of malloc+memset, and
-remove bogus casts.
-
-Upstream-Status: Backport
-CVE: CVE-2016-8859
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- src/regex/regexec.c | 23 ++++++++++++++++++-----
- 1 file changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/src/regex/regexec.c b/src/regex/regexec.c
-index 16c5d0a..dd52319 100644
---- a/src/regex/regexec.c
-+++ b/src/regex/regexec.c
-@@ -34,6 +34,7 @@
- #include <wchar.h>
- #include <wctype.h>
- #include <limits.h>
-+#include <stdint.h>
- 
- #include <regex.h>
- 
-@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
- 
-   /* Allocate memory for temporary data required for matching.	This needs to
-      be done for every matching operation to be thread safe.  This allocates
--     everything in a single large block from the stack frame using alloca()
--     or with malloc() if alloca is unavailable. */
-+     everything in a single large block with calloc(). */
-   {
--    int tbytes, rbytes, pbytes, xbytes, total_bytes;
-+    size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
-     char *tmp_buf;
-+
-+    /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
-+     * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
-+    if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
-+      goto error_exit;
-+
-+    /* Likewise check rbytes. */
-+    if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
-+      goto error_exit;
-+
-+    /* Likewise check pbytes. */
-+    if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
-+      goto error_exit;
-+
-     /* Compute the length of the block we need. */
-     tbytes = sizeof(*tmp_tags) * num_tags;
-     rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
-@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
-       + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes;
- 
-     /* Allocate the memory. */
--    buf = xmalloc((unsigned)total_bytes);
-+    buf = calloc(total_bytes, 1);
-     if (buf == NULL)
-       return REG_ESPACE;
--    memset(buf, 0, (size_t)total_bytes);
- 
-     /* Get the various pointers within tmp_buf (properly aligned). */
-     tmp_tags = (void *)buf;
--- 
-2.7.4
-
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 1ee56b6..63f3334 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -3,7 +3,7 @@
 
 require musl.inc
 
-SRCREV = "39494a273eaa6b714e0fa0c59ce7a1f5fbc80a1e"
+SRCREV = "7597fc25a2743d49500926a286da71f8e033936c"
 
 PV = "1.1.15+git${SRCPV}"
 
@@ -11,7 +11,6 @@ PV = "1.1.15+git${SRCPV}"
 
 SRC_URI = "git://git.musl-libc.org/musl \
            file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
-           file://CVE-2016-8859.patch \
           "
 
 S = "${WORKDIR}/git"
-- 
2.10.2



             reply	other threads:[~2016-11-07 17:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-07 17:08 Khem Raj [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-05-27  7:47 [PATCH] musl: Upgrade to master tip Khem Raj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161107170849.3602-1-raj.khem@gmail.com \
    --to=raj.khem@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.