diff options
author | Jussi Kukkonen <jussi.kukkonen@intel.com> | 2016-04-26 15:19:48 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-06-15 18:05:23 +0100 |
commit | ee0188f1e0bdb65bf2dd0e68c1bd4a51f32a4da8 (patch) | |
tree | d01bb29ac5e96870563c238d540f1392f1a03966 /meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch | |
parent | 5b076f945a0d563dcc9c60e893d58eb0bf39a8e4 (diff) | |
download | openembedded-core-contrib-ee0188f1e0bdb65bf2dd0e68c1bd4a51f32a4da8.tar.gz |
vte: Upgrade to 0.44.1
* License change LGPL 2.0 -> LGPL 2.1+
* vte-termcap is no more
* API break: current version seems to be parallel installable
with old one, but I did not opt for that.
* Add patch to avoid stack protection by default
* Use libtool-cross: libtool adds "-nostdlib" when g++ is used,
and this leads to a link failure on PIE builds: "undefined
reference to __init_array_start". libtool-cross has a hack to
avoid "-nostdlib"
(From OE-Core rev: dc21182ada418cf3917ae8319494d219462c5bfd)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch')
-rw-r--r-- | meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch deleted file mode 100644 index 9b9980397a..0000000000 --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch +++ /dev/null @@ -1,136 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2012-2738 -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 -From: Christian Persch <chpe@gnome.org> -Date: Sat, 19 May 2012 19:36:09 +0200 -Subject: [PATCH 1/2] emulation: Limit integer arguments to 65535 - -To guard against malicious sequences containing excessively big numbers, -limit all parsed numbers to 16 bit range. Doing this here in the parsing -routine is a catch-all guard; this doesn't preclude enforcing -more stringent limits in the handlers themselves. - -https://bugzilla.gnome.org/show_bug.cgi?id=676090 ---- - src/table.c | 2 +- - src/vteseq.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/table.c b/src/table.c -index 140e8c8..85cf631 100644 ---- a/src/table.c -+++ b/src/table.c -@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array, - if (G_UNLIKELY (*array == NULL)) { - *array = g_value_array_new(1); - } -- g_value_set_long(&value, total); -+ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT)); - g_value_array_append(*array, &value); - } while (i++ < arginfo->length); - g_value_unset(&value); -diff --git a/src/vteseq.c b/src/vteseq.c -index 7ef4c8c..10991db 100644 ---- a/src/vteseq.c -+++ b/src/vteseq.c -@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal, - GValueArray *params, - VteTerminalSequenceHandler handler) - { -- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG); -+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT); - } - - static void --- -2.4.9 (Apple Git-60) - - -From cf1ad453a8def873c49cf6d88162593402f32bb2 Mon Sep 17 00:00:00 2001 -From: Christian Persch <chpe@gnome.org> -Date: Sat, 19 May 2012 20:04:12 +0200 -Subject: [PATCH 2/2] emulation: Limit repetitions - -Don't allow malicious sequences to cause excessive repetitions. - -https://bugzilla.gnome.org/show_bug.cgi?id=676090 ---- - src/vteseq.c | 25 ++++++++++++++++++------- - 1 file changed, 18 insertions(+), 7 deletions(-) - -diff --git a/src/vteseq.c b/src/vteseq.c -index 10991db..209522f 100644 ---- a/src/vteseq.c -+++ b/src/vteseq.c -@@ -1392,7 +1392,7 @@ vte_sequence_handler_dc (VteTerminal *terminal, GValueArray *params) - static void - vte_sequence_handler_DC (VteTerminal *terminal, GValueArray *params) - { -- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_dc); -+ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_dc); - } - - /* Delete a line at the current cursor position. */ -@@ -1785,7 +1785,7 @@ vte_sequence_handler_reverse_index (VteTerminal *terminal, GValueArray *params) - static void - vte_sequence_handler_RI (VteTerminal *terminal, GValueArray *params) - { -- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_nd); -+ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_nd); - } - - /* Save cursor (position). */ -@@ -2777,8 +2777,7 @@ vte_sequence_handler_insert_lines (VteTerminal *terminal, GValueArray *params) - { - GValue *value; - VteScreen *screen; -- long param, end, row; -- int i; -+ long param, end, row, i, limit; - screen = terminal->pvt->screen; - /* The default is one. */ - param = 1; -@@ -2796,7 +2795,13 @@ vte_sequence_handler_insert_lines (VteTerminal *terminal, GValueArray *params) - } else { - end = screen->insert_delta + terminal->row_count - 1; - } -- /* Insert the new lines at the cursor. */ -+ -+ /* Only allow to insert as many lines as there are between this row -+ * and the end of the scrolling region. See bug #676090. -+ */ -+ limit = end - row + 1; -+ param = MIN (param, limit); -+ - for (i = 0; i < param; i++) { - /* Clear a line off the end of the region and add one to the - * top of the region. */ -@@ -2817,8 +2822,7 @@ vte_sequence_handler_delete_lines (VteTerminal *terminal, GValueArray *params) - { - GValue *value; - VteScreen *screen; -- long param, end, row; -- int i; -+ long param, end, row, i, limit; - - screen = terminal->pvt->screen; - /* The default is one. */ -@@ -2837,6 +2841,13 @@ vte_sequence_handler_delete_lines (VteTerminal *terminal, GValueArray *params) - } else { - end = screen->insert_delta + terminal->row_count - 1; - } -+ -+ /* Only allow to delete as many lines as there are between this row -+ * and the end of the scrolling region. See bug #676090. -+ */ -+ limit = end - row + 1; -+ param = MIN (param, limit); -+ - /* Clear them from below the current cursor. */ - for (i = 0; i < param; i++) { - /* Insert a line at the end of the region and remove one from --- -2.4.9 (Apple Git-60) - |