From patchwork Tue Mar 5 16:30:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 159670 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp5163032jad; Tue, 5 Mar 2019 08:30:28 -0800 (PST) X-Google-Smtp-Source: APXvYqyrSRHHjrxkBHlIdzk0VgtxT4fBu2EwQPGKlvK0+kCmWTpiylthvvDZaekJ12uImcKs1tLb X-Received: by 2002:a17:902:7682:: with SMTP id m2mr2054965pll.311.1551803428838; Tue, 05 Mar 2019 08:30:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551803428; cv=none; d=google.com; s=arc-20160816; b=IDUeAd/8JBphAETUfzM4YbHUcKm1NwF4YFM2Xi+30ir0dpLODhSfWRu0YhIN/MB+ol 6pMryYseILXnWfTRBCVT13WE/URFvCEglNm5mj0nmFOx3SCWPfkdeRRulqmPUu9UElWE zRRkRDJNQ8o+kui6UKmcZgY0Z74E5CzzN+88Pt9pl5zz6pvL7dlve1bSdPDtE5vd2LNH 8gxoAQlazAtmWqoo1Yz+Dv2+RssqYs7m/+aQ5qWOf/g3Kj09f5jmzQn12qT0E2+0gIha rZ0gayp6Le/7x67wzYNm/RbNh7z2P7+8fm1QSb87YTwzfMniiJZJKAiHtxrFdVCZ+Myv Bc7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=7/ttE87AkDoO+IoI8cf93aJKRZHOFRGvt8QCeRAVOd8=; b=s/a57iuXwwgSQKyPlQfUo+5WQA9/AP2bxNqG8+gOTTyk/DOUF1g1LB4GHFrF3uU3vo Wur+2qPsw0aD/B/XqZRwQQlr+RS89tS+8mdQaU+KH94QOAnJsdbM99OlqVzgOZW41uIe 0IVrnts1SoiIgeCJBeiVCzQUxNL7SxG67WC5av76NsPOgcPu9sas+jaMm+1R4KIxGNey BHeIDVGAV4OeupaJ7BI93IgFdb4bJg3v/IV2qxXiP9fv/oNBg8Y85awjcsJKa15ug9Xe FN7L3m6WgXps8ybvvtLUqKdc/48fvl536PWxatd4D0RRQg18bAoUe/XDR/bExcW9NDWF PQdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=sP910Eq7; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id 125si8844731pfz.148.2019.03.05.08.30.28; Tue, 05 Mar 2019 08:30:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=sP910Eq7; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id C1F8C7C727; Tue, 5 Mar 2019 16:30:25 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mail.openembedded.org (Postfix) with ESMTP id 8002D79D4A for ; Tue, 5 Mar 2019 16:30:09 +0000 (UTC) Received: by mail-wm1-f50.google.com with SMTP id f3so3199165wmj.4 for ; Tue, 05 Mar 2019 08:30:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=fKD0wsXIyyG7h6OcAuY5I5MDRXCPqOd6HpwgUygawVs=; b=sP910Eq7ObryQR+qqy0HpET05MgOQkg41ds2iFtPqiVNe+3ySsympvk7xvDOFbaeHW Pf3eVtMCPuWUhuEmzhSMdiz2vl+kO/YkmD8SDlTTRJl5AqjWtYu0/ks/E2y27EGqiKlR 1iB/EW9D0PEnZueNVEfMttrX6tajBQ8srs9VYzROIKQmxv7mPtwt1/8kSML4owwXZkFP Ou/iBtGGur031bC4Z7bfcjQtILXBYcwD/k3N22mK8JYQoJ/Lq0+btU5b4JlchW3x/xZz IOMIeMui3nZ51jBmMEPJUpVXDhvzR0wV4cpUUC4kq2zxV117ZXW/sk6QgJteANgvm+5u 5yoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=fKD0wsXIyyG7h6OcAuY5I5MDRXCPqOd6HpwgUygawVs=; b=qE/ItOf8zrZn9Jl5Hhhp3rRpXk/u/P6ulimYdvZ6F8HDKL7VosQIqUiQDoWAtQahgG b0N+5SLpMGYVzVNXFbBbSmLREyQnrk+Rt5W2Bz2lvtfgMBin6zUG46uYgzAyd8bZiBVh iZBqY6elqw2onSOnx+rMCFBvdVGyXDrD6jkyLd09x2UmBilMUZEzuN7fChzvU8fIuRjp GZJPBesrBXKhDgGAoEu20DmYpbxg9ff4GZ+OXo3JMwsJOOy/kVOYtMEXsQ+AfcMbINoT +gTSAZcNNtvZE923n5RGRZ62I8aZxOP8HHdD+yZEjcTkXtsWzJREsIqTQrTNVrpXtwQ1 BrbQ== X-Gm-Message-State: APjAAAV6lUdU0GOGFO7JCboszpkWJBa2kjMXQsR+42DR++gQc2a2oRdY xp7y1qtWqtzrnJyQ8PyXBJD4HKMDx+s= X-Received: by 2002:a7b:c7da:: with SMTP id z26mr3329899wmk.151.1551803409758; Tue, 05 Mar 2019 08:30:09 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id e6sm10511265wrt.14.2019.03.05.08.30.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Mar 2019 08:30:09 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 5 Mar 2019 16:30:00 +0000 Message-Id: <20190305163003.16745-2-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190305163003.16745-1-ross.burton@intel.com> References: <20190305163003.16745-1-ross.burton@intel.com> Subject: [OE-core] [PATCH 2/5] icu: fix CVE-2018-18928 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- meta/recipes-support/icu/icu/CVE-2018-18928.patch | 63 +++++++++++++++++++++++ meta/recipes-support/icu/icu_63.1.bb | 1 + 2 files changed, 64 insertions(+) create mode 100644 meta/recipes-support/icu/icu/CVE-2018-18928.patch -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-support/icu/icu/CVE-2018-18928.patch b/meta/recipes-support/icu/icu/CVE-2018-18928.patch new file mode 100644 index 00000000000..19c50e4e76a --- /dev/null +++ b/meta/recipes-support/icu/icu/CVE-2018-18928.patch @@ -0,0 +1,63 @@ +CVE: CVE-2018-18928 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001 +From: Shane Carr +Date: Mon, 29 Oct 2018 23:52:44 -0700 +Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing. + +--- + i18n/fmtable.cpp | 2 +- + i18n/number_decimalquantity.cpp | 5 ++++- + test/intltest/numfmtst.cpp | 8 ++++++++ + 6 files changed, 31 insertions(+), 4 deletions(-) + +diff --git a/i18n/fmtable.cpp b/i18n/fmtable.cpp +index 45c7024fc29..8601d95f4a6 100644 +--- a/i18n/fmtable.cpp ++++ b/i18n/fmtable.cpp +@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) { + // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). + if (fDecimalQuantity->isZero()) { + fDecimalStr->append("0", -1, status); +- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { ++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); + } else { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); +diff --git a/i18n/number_decimalquantity.cpp b/i18n/number_decimalquantity.cpp +index 47b930a564b..d5dd7ae694c 100644 +--- a/i18n/number_decimalquantity.cpp ++++ b/i18n/number_decimalquantity.cpp +@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const { + } + result.append(u'E'); + int32_t _scale = upperPos + scale; +- if (_scale < 0) { ++ if (_scale == INT32_MIN) { ++ result.append({u"-2147483648", -1}); ++ return result; ++ } else if (_scale < 0) { + _scale *= -1; + result.append(u'-'); + } else { +diff --git a/test/intltest/numfmtst.cpp b/test/intltest/numfmtst.cpp +index 34355939113..8d52dc122bf 100644 +--- a/test/intltest/numfmtst.cpp ++++ b/test/intltest/numfmtst.cpp +@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() { + assertEquals(u"Should not overflow and should parse only the first exponent", + u"1E-2147483647", + {sp.data(), sp.length(), US_INV}); ++ ++ // Test edge case overflow of exponent ++ result = Formattable(); ++ nf->parse(u".0003e-2147483644", result, status); ++ sp = result.getDecimalNumber(status); ++ assertEquals(u"Should not overflow", ++ u"3E-2147483648", ++ {sp.data(), sp.length(), US_INV}); + } + + void NumberFormatTest::Test13840_ParseLongStringCrash() { diff --git a/meta/recipes-support/icu/icu_63.1.bb b/meta/recipes-support/icu/icu_63.1.bb index e593dc1bdbd..961f022ad7a 100644 --- a/meta/recipes-support/icu/icu_63.1.bb +++ b/meta/recipes-support/icu/icu_63.1.bb @@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \ file://icu-pkgdata-large-cmd.patch \ file://fix-install-manx.patch \ file://0002-Add-ARC-support.patch \ + file://CVE-2018-18928.patch \ " SRC_URI_append_class-target = "\