!39 fix CVE-2020-8252
From: @wangxiao65 Reviewed-by: @jackie_wu123,@zhengyuhanghans Signed-off-by: @zhengyuhanghans
This commit is contained in:
openeuler-ci-bot
Gitee
commit
6234edb86b
45
CVE-2020-8252.patch
Normal file
45
CVE-2020-8252.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
|
||||
From: Ben Noordhuis <info@bnoordhuis.nl>
|
||||
Date: Mon, 24 Aug 2020 11:42:27 +0200
|
||||
Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
|
||||
|
||||
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
|
||||
("unix: do not require PATH_MAX to be defined") from September 2018.
|
||||
|
||||
_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
|
||||
the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
|
||||
is always 256, the real max is often much bigger.
|
||||
|
||||
This commit fixes buffer overruns when processing very long paths in
|
||||
uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
|
||||
enough memory to store the result.
|
||||
|
||||
Fixes: https://github.com/libuv/libuv/issues/2965
|
||||
PR-URL: https://github.com/libuv/libuv/pull/2966
|
||||
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
||||
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
|
||||
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
||||
Reviewed-By: Jameson Nash <vtjnash@gmail.com>
|
||||
---
|
||||
|
||||
deps/uv/src/unix/internal.h | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/deps/uv/src/unix/internal.h b/deps/uv/src/unix/internal.h
|
||||
index 47f2200..82f7bc9 100644
|
||||
--- a/deps/uv/src/unix/internal.h
|
||||
+++ b/deps/uv/src/unix/internal.h
|
||||
@@ -61,9 +61,7 @@
|
||||
# include <AvailabilityMacros.h>
|
||||
#endif
|
||||
|
||||
-#if defined(_POSIX_PATH_MAX)
|
||||
-# define UV__PATH_MAX _POSIX_PATH_MAX
|
||||
-#elif defined(PATH_MAX)
|
||||
+#if defined(PATH_MAX)
|
||||
# define UV__PATH_MAX PATH_MAX
|
||||
#else
|
||||
# define UV__PATH_MAX 8192
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%bcond_with bootstrap
|
||||
%global baserelease 3
|
||||
%global baserelease 4
|
||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||
%global nodejs_epoch 1
|
||||
%global nodejs_major 10
|
||||
@ -73,6 +73,7 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
||||
Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
|
||||
Patch4: 0004-src-avoid-OOB-read-in-URL-parser.patch
|
||||
Patch5: CVE-2020-8252.patch
|
||||
|
||||
BuildRequires: python2-devel python3-devel zlib-devel gcc >= 6.3.0
|
||||
BuildRequires: gcc-c++ >= 6.3.0 nodejs-packaging chrpath libatomic
|
||||
@ -460,6 +461,9 @@ end
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 6 2020 wangxiao <wangxiao65@huawei.com> 1:10.21.0-4
|
||||
- fix CVE-2020-8252
|
||||
|
||||
* Sat Nov 28 2020 wutao <wutao61@huawei.com> 1:10.21.0-3
|
||||
- fix conflicts between help and docs packages
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user