From aec5bccc175e8ec7422095abe8ea86f99f74ad50 Mon Sep 17 00:00:00 2001 From: Oleksandr Kravchuk Date: Sun, 26 Jul 2020 21:42:13 +0200 Subject: [PATCH] re2c: update to 2.0 CVE patch dropped as a backport present in the nre release. RP: Remove dropped CVE patch Signed-off-by: Oleksandr Kravchuk Signed-off-by: Richard Purdie --- .../re2c/re2c/CVE-2020-11958.patch | 41 ------------------- .../re2c/{re2c_1.3.bb => re2c_2.0.bb} | 6 +-- 2 files changed, 2 insertions(+), 45 deletions(-) delete mode 100644 meta/recipes-support/re2c/re2c/CVE-2020-11958.patch rename meta/recipes-support/re2c/{re2c_1.3.bb => re2c_2.0.bb} (74%) diff --git a/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch b/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch deleted file mode 100644 index 43462e642a..0000000000 --- a/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch +++ /dev/null @@ -1,41 +0,0 @@ -From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001 -From: Ulya Trofimovich -Date: Fri, 17 Apr 2020 22:47:14 +0100 -Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo). - -The crash happened in a rare case of a very long lexeme that doen't fit -into the buffer, forcing buffer reallocation. - -The crash was caused by an incorrect calculation of the shift offset -(it was smaller than necessary). As a consequence, the data from buffer -start and up to the beginning of the current lexeme was not discarded -(as it should have been), resulting in less free space for new data than -expected. - -Upstream-Status: Backport [https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a] -CVE: CVE-2020-11958 -Signed-off-by: Lee Chee Yang ---- - src/parse/scanner.cc | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc -index 1d6e9efa..bd651314 100644 ---- a/src/parse/scanner.cc -+++ b/src/parse/scanner.cc -@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need) - if (!buf) fatal("out of memory"); - - memmove(buf, tok, copy); -- shift_ptrs_and_fpos(buf - bot); -+ shift_ptrs_and_fpos(buf - tok); - delete [] bot; - bot = buf; - - free = BSIZE - copy; - } - -+ DASSERT(lim + free <= bot + BSIZE); - if (!read(free)) { - eof = lim; - memset(lim, 0, YYMAXFILL); diff --git a/meta/recipes-support/re2c/re2c_1.3.bb b/meta/recipes-support/re2c/re2c_2.0.bb similarity index 74% rename from meta/recipes-support/re2c/re2c_1.3.bb rename to meta/recipes-support/re2c/re2c_2.0.bb index e9053acdf6..b73b024072 100644 --- a/meta/recipes-support/re2c/re2c_1.3.bb +++ b/meta/recipes-support/re2c/re2c_2.0.bb @@ -5,10 +5,8 @@ SECTION = "devel" LICENSE = "PD" LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d" -SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz \ - file://CVE-2020-11958.patch \ -" -SRC_URI[sha256sum] = "f37f25ff760e90088e7d03d1232002c2c2672646d5844fdf8e0d51a5cd75a503" +SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz" +SRC_URI[sha256sum] = "89a9d7ee14be10e3779ea7b2c8ea4a964afce6e76b8dbcd5479940681db46d20" UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" BBCLASSEXTEND = "native nativesdk" -- 2.40.1