mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

less: 471 -> 478

Browse Source 
* Remove backport patch 0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch.
* The LICENSE's checksum changed because of year changed, the contents
  are the same.

(From OE-Core rev: 505f351ede9dd1eb0e6f01080ea24080697dadf4)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Robert Yang
2015-07-08 00:23:46 -07:00
committed by Richard Purdie
parent 5de2efa167
commit d32b383c3a
2 changed files with 3 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
-49
View File
@@ -1,49 +0,0 @@
From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001
From: Junling Zheng <zhengjunling@huawei.com>
Date: Fri, 24 Apr 2015 11:24:04 +0800
Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8
An out of bounds read access in the UTF-8 decoding can be triggered with
a malformed file in the tool less. The access happens in the function
is_utf8_well_formed due to a truncated multibyte character in the sample
file.
The bug does not crash less, it can only be made visible by running less
with valgrind or compiling it with Address Sanitizer.
Version 475 of less contains a fix for this issue. The file version.c
contains some entry mentioning this issue (without any credit):
- v475 3/2/15 Fix possible buffer overrun with invalid UTF-8
The fix is in the file line.c. We derive this patch from:
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:
https://bugs.mageia.org/show_bug.cgi?id=15567
Upstream Status: Backported
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
line.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/line.c b/line.c
index 89495a3..474be2c 100644
--- a/line.c
+++ b/line.c
@@ -807,7 +807,7 @@ pappend(c, pos)
mbc_buf[mbc_buf_index++] = c;
if (mbc_buf_index < mbc_buf_len)
return (0);
- if (is_utf8_well_formed(mbc_buf))
+ if (is_utf8_well_formed(mbc_buf, mbc_buf_index))
r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos);
else
/* Complete, but not shortest form, sequence. */
--
1.9.1
meta/recipes-extended/less/less_471.bb → meta/recipes-extended/less/less_478.bb
+3 -4
View File
@@ -21,15 +21,14 @@ SECTION = "console/utils"
LICENSE = "GPLv3+ | BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7"
file://LICENSE;md5=48c26a307f91af700e1f00585f215aaf"
DEPENDS = "ncurses"
SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \
"
SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950"
SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8"
SRC_URI[md5sum] = "934fcc9f137b9ef66a943c224f413d39"
SRC_URI[sha256sum] = "495c7df52199a0c7e6bfbbe7697b2b54f4bf197c8b10b43957762d74483574ce"
inherit autotools update-alternatives