diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2018-09-16 18:16:23 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-21 08:15:19 -0700 |
commit | 60d99a4e64fdddbbe5863fa5879c813fa004600b (patch) | |
tree | 84e4e2a680a3578fa0d885741ce03080e3344d0b /meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | |
parent | f82738fd14f18fab368b397faac2f70167b16b8a (diff) | |
download | openembedded-core-contrib-60d99a4e64fdddbbe5863fa5879c813fa004600b.tar.gz |
libarchive: Update 3.3.2 -> 3.3.3
This upgrades to 3.3.3 release and drop the backported patches when
doing the recipe update.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch deleted file mode 100644 index e85fec40aa..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch +++ /dev/null @@ -1,37 +0,0 @@ -libarchive-3.3.2: Fix CVE-2017-14166 - -[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935 - -archive_read_support_format_xar: heap-based buffer overflow in xml_data - -Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71] -CVE: CVE-2017-14166 -Bug: 935 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c -index 7a22beb..93eeacc 100644 ---- a/libarchive/archive_read_support_format_xar.c -+++ b/libarchive/archive_read_support_format_xar.c -@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) - uint64_t l; - int digit; - -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - digit = *p - '0'; - while (digit >= 0 && digit < 10 && char_cnt-- > 0) { -@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) - { - int64_t l; - int digit; -- -+ -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - while (char_cnt-- > 0) { - if (*p >= '0' && *p <= '7') |