[oe-commits] [openembedded-core] 20/34: unzip: refresh patches

git at git.openembedded.org git at git.openembedded.org
Wed Mar 7 14:35:23 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master
in repository openembedded-core.

commit b45ce6dbbd459ecc96eae76b5695927dbda1dbb4
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Wed Nov 15 16:45:42 2017 +0000

    unzip: refresh patches
    
    The patch tool will apply patches by default with "fuzz", which is where if the
    hunk context isn't present but what is there is close enough, it will force the
    patch in.
    
    Whilst this is useful when there's just whitespace changes, when applied to
    source it is possible for a patch applied with fuzz to produce broken code which
    still compiles (see #10450).  This is obviously bad.
    
    We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
    that to be realistic the existing patches with fuzz need to be rebased and
    reviewed.
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 .../unzip/unzip/10-cve-2014-8140-test-compr-eb.patch         | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
index c989df1..ca4aaad 100644
--- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -9,9 +9,11 @@ CVE: CVE-2014-8140
 
 Signed-off-by: Roy Li <rongqing.li at windriver.com>
 
---- a/extract.c
-+++ b/extract.c
-@@ -2232,10 +2232,17 @@
+Index: unzip60/extract.c
+===================================================================
+--- unzip60.orig/extract.c
++++ unzip60/extract.c
+@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si
      if (compr_offset < 4)                /* field is not compressed: */
          return PK_OK;                    /* do nothing and signal OK */
  
@@ -30,5 +32,5 @@ Signed-off-by: Roy Li <rongqing.li at windriver.com>
 +     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
 +        return IZ_EF_TRUNC;             /* no/bad compressed data! */
  
-     if (
- #ifdef INT_16BIT
+     method = makeword(eb + (EB_HEADSIZE + compr_offset));
+     if ((method == STORED) &&

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list