2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
new file mode 100644
index 0000000000..3eab65dcf1
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
@@ -0,0 +1,42 @@
+From 80dca40bbb36b7b1630bb5a43d62b3ff21b4e064 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 25 Nov 2024 23:43:49 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it’s large for this batch it’s likely to be large for the next
+batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
+shrink it.  Do not assume hold_size can be bufsize.
+CVE: CVE-2024-0684
+Upstream-Status: Backport [c4c5ed8f4e9cd55a12966d4f520e3a13101637d9]
+The original patch is tweaked to fit the current version.
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+diff --git a/src/split.c b/src/split.c
+index 4b1b144..e44e867 100644
+--- a/src/split.c
+++ b/src/split.c
+@@ -785,10 +785,7 @@ line_bytes_split (uintmax_t n_bytes, char *buf, size_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xrealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
+-- 
+2.25.1
diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb
index 8a2fbeca32..1cce9192ec 100644
--- a/meta/recipes-core/coreutils/coreutils_9.0.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
           file://0001-local.mk-fix-cross-compiling-problem.patch \
           file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
           file://run-ptest \
+           file://0001-split-do-not-shrink-hold-buffer.patch \
           "
 SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce"

diff --git a/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch new file mode 100644 index 0000000000..3eab65dcf1 --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch
@@ -0,0 +1,42 @@
		1	From 80dca40bbb36b7b1630bb5a43d62b3ff21b4e064 Mon Sep 17 00:00:00 2001
		2	From: Chen Qi <Qi.Chen@windriver.com>
		3	Date: Mon, 25 Nov 2024 23:43:49 -0800
		4	Subject: [PATCH] split: do not shrink hold buffer
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	* src/split.c (line_bytes_split): Do not shrink hold buffer.
		10	If it’s large for this batch it’s likely to be large for the next
		11	batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
		12	shrink it. Do not assume hold_size can be bufsize.
		13
		14	CVE: CVE-2024-0684
		15
		16	Upstream-Status: Backport [c4c5ed8f4e9cd55a12966d4f520e3a13101637d9]
		17
		18	The original patch is tweaked to fit the current version.
		19
		20	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		21	---
		22	src/split.c \| 3 ---
		23	1 file changed, 3 deletions(-)
		24
		25	diff --git a/src/split.c b/src/split.c
		26	index 4b1b144..e44e867 100644
		27	--- a/src/split.c
		28	+++ b/src/split.c
		29	@@ -785,10 +785,7 @@ line_bytes_split (uintmax_t n_bytes, char *buf, size_t bufsize)
		30	{
		31	cwrite (n_out == 0, hold, n_hold);
		32	n_out += n_hold;
		33	- if (n_hold > bufsize)
		34	- hold = xrealloc (hold, bufsize);
		35	n_hold = 0;
		36	- hold_size = bufsize;
		37	}
		38
		39	/* Output to eol if present. */
		40	--
		41	2.25.1
		42


diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb index 8a2fbeca32..1cce9192ec 100644 --- a/meta/recipes-core/coreutils/coreutils_9.0.bb +++ b/meta/recipes-core/coreutils/coreutils_9.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
20	file://0001-local.mk-fix-cross-compiling-problem.patch \	20	file://0001-local.mk-fix-cross-compiling-problem.patch \
21	file://e8b56ebd536e82b15542a00c888109471936bfda.patch \	21	file://e8b56ebd536e82b15542a00c888109471936bfda.patch \
22	file://run-ptest \	22	file://run-ptest \
		23	file://0001-split-do-not-shrink-hold-buffer.patch \
23	"	24	"
24		25
25	SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce"	26	SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce"