From: Lee Chee Yang <chee.yang.lee@intel.com>
Date: Tue, 10 Aug 2021 03:45:30 +0000 (+0800)
Subject: libsolv: fix CVE-2021-3200
X-Git-Tag: yocto-3.1.11~81
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=e8e06e4175c010a7dc0a4e3598b70b89d43f8475;p=openembedded-core.git

libsolv: fix CVE-2021-3200

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
new file mode 100644
index 0000000000..74164ab495
--- /dev/null
+++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
@@ -0,0 +1,67 @@
+From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Mon, 14 Dec 2020 11:12:00 +0100
+Subject: [PATCH] testcase_read: error out if repos are added or the system is
+ changed too late
+
+We must not add new solvables after the considered map was created, the solver
+was created, or jobs were added. We may not changed the system after jobs have
+been added.
+
+(Jobs may point inside the whatproviedes array, so we must not invalidate this
+area.)
+
+Upstream-Status: Backport 
+https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
+CVE: CVE-2021-3200
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ext/testcase.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 0be7a213..8fb6d793 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+   Id *genid = 0;
+   int ngenid = 0;
+   Queue autoinstq;
++  int oldjobsize = job ? job->count : 0;
+ 
+   if (resultp)
+     *resultp = 0;
+@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int prio, subprio;
+ 	  const char *rdata;
+ 
++	  if (pool->considered)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
++	      continue;
++	    }
++	  if (solv)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
++	      continue;
++	    }
++	  if (job && job->count != oldjobsize)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
++	      continue;
++	    }
+ 	  prepared = 0;
+           if (!poolflagsreset)
+ 	    {
+@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int i;
+ 
+ 	  /* must set the disttype before the arch */
++	  if (job && job->count != oldjobsize)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
++	      continue;
++	    }
+ 	  prepared = 0;
+ 	  if (strcmp(pieces[2], "*") != 0)
+ 	    {
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
index 1cf5e2eb29..eadf04aa5a 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
 DEPENDS = "expat zlib"
 
 SRC_URI = "git://github.com/openSUSE/libsolv.git \
+           file://CVE-2021-3200.patch \
 "
 
 SRCREV = "605dd2645ef899e2b7c95709476fb51e28d7e378"