From 27b265641d5c13040268ac70b70bfe84fb092763 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Wed, 17 Feb 2016 01:29:02 +0100 Subject: dpkg: Update to 1.18.4 Update dpkg version to 1.18.4 . This adds nios2 architecture support among other fixes. One patch was updated so it would apply to 1.18.4. Signed-off-by: Marek Vasut Cc: Alexander Kanavin Cc: Richard Purdie Cc: Ross Burton Signed-off-by: Richard Purdie --- .../dpkg/dpkg/dpkg-CVE-2015-0860.patch | 35 ---------------------- 1 file changed, 35 deletions(-) delete mode 100644 meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch (limited to 'meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch') diff --git a/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch b/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch deleted file mode 100644 index 2fd3c3bb90..0000000000 --- a/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 708e60ea4e16afb1d85da60dd73cb374a987653d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Hanno=20B=C3=B6ck?= -Date: Thu, 19 Nov 2015 20:03:10 +0100 -Subject: [PATCH 1/1] dpkg-deb: Fix off-by-one write access on ctrllenbuf - variable - -This affects old format .deb packages. - -CVE: CVE-2015-0860 -Warned-by: afl -Signed-off-by: Guillem Jover - -Upstream-Status: Backport - -Signed-off-by: Catalin Enache ---- - dpkg-deb/extract.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dpkg-deb/extract.c b/dpkg-deb/extract.c -index 5a9587a..e39fb35 100644 ---- a/dpkg-deb/extract.c -+++ b/dpkg-deb/extract.c -@@ -247,7 +247,7 @@ extracthalf(const char *debar, const char *dir, - if (errstr) - ohshit(_("archive has invalid format version: %s"), errstr); - -- r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf)); -+ r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf) - 1); - if (r < 0) - read_fail(r, debar, _("archive control member size")); - if (sscanf(ctrllenbuf, "%jd%c%d", &ctrllennum, &nlc, &dummy) != 2 || --- -1.9.1 - -- cgit 1.2.3-korg