main/ell: upgrade to 0.21

cherry-pick fix-out-of-bounds-access from development branch cherry-pick T1-timeout-crash from development branch Closes !30
2026-05-04 20:06:43 +02:00 · 2019-08-20 16:24:54 +02:00 · 2019-08-20 16:24:54 +02:00 · 5bd2b48bfa
commit 5bd2b48bfa
parent 17d23ebc78
3 changed files with 68 additions and 4 deletions
--- a/main/ell/APKBUILD
+++ b/main/ell/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Milan P. Stanić <mps@arvanta.net>
 # Maintainer: Milan P. Stanić <mps@arvanta.net>
 pkgname=ell
-pkgver=0.20
+pkgver=0.21
 pkgrel=0
 pkgdesc="Linux library for embedded development"
 url="https://01.org/ell"
@ -12,7 +12,10 @@ makedepends="glib-dev linux-headers"
 checkdepends="dbus"
 subpackages="$pkgname-dev"
 source="https://mirrors.edge.kernel.org/pub/linux/libs/ell/$pkgname-${pkgver}.tar.gz
-	musl-fixes-testsuite.patch"
+	musl-fixes-testsuite.patch
+	fix-out-of-bounds-access.patch
+	fix-T1-timeout-crash.patch"
+
 builddir="$srcdir/$pkgname-${pkgver}"

 build() {
@ -38,5 +41,7 @@ package() {
 	make DESTDIR="$pkgdir" install
 }

-sha512sums="81af94b6a1b1bf17267c5e7bba4f01609fb08b8de9b4dff7c20f4e41baa77fff0af2aa6b627d613b4b851d34149371c7f89449970dc1f5e7a0898ed436356fae  ell-0.20.tar.gz
-ee93edab6618343bec00db9c4a5279a8f4cbb6ecf6ae62cac99c688377bb4ca4f04d5bc6a32a702071d16e8988f4c0eff2291fb04e91b8f9ed909ce88329f67f  musl-fixes-testsuite.patch"
+sha512sums="aee0f1e564a24009212777b8ad517ce014d6033f424f914ffa4ebb6c348f55decfd380233660a6fa65e0de0111717ef8e2c1f2d15822f6335cab2e0b45856609  ell-0.21.tar.gz
+ee93edab6618343bec00db9c4a5279a8f4cbb6ecf6ae62cac99c688377bb4ca4f04d5bc6a32a702071d16e8988f4c0eff2291fb04e91b8f9ed909ce88329f67f  musl-fixes-testsuite.patch
+0db52fdfc2c8a483daeffe83bf52c79d1877459b17752f253c1ba429fd14828fdd1ed11b5bcbf9acc9600821efb62ee92df0418c82d3f513ec6d7ea209f4d1d9  fix-out-of-bounds-access.patch
+82beb3ff864588387492c5058dded17408f27b72c6f79552c5942721bf3a1437bed1cd02dd9736dbbdc08b44fc8f5f75ce28a33f5e3091cb0e5dae6d476296e8  fix-T1-timeout-crash.patch"
--- a/main/ell/fix-T1-timeout-crash.patch
+++ b/main/ell/fix-T1-timeout-crash.patch
@ -0,0 +1,27 @@
+From 352732967a05dc51f1a769b632a1dff996ce2ef5 Mon Sep 17 00:00:00 2001
+From: James Prestwood <james.prestwood@linux.intel.com>
+Date: Tue, 6 Aug 2019 13:46:28 -0700
+Subject: dhcp: fix T1 timeout crash
+
+The timeout user data was being passed as the address to the
+client object, not the client object itself.
+---
+ ell/dhcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ell/dhcp.c b/ell/dhcp.c
+index ca81311..22d903e 100644
+--- a/ell/dhcp.c
+++ b/ell/dhcp.c
+@@ -985,7 +985,7 @@ static void dhcp_client_rx_message(const void *data, size_t len, void *userdata)
+ 		client->timeout_lease =
+ 			l_timeout_create_ms(dhcp_fuzz_secs(client->lease->t1),
+ 						dhcp_client_t1_expired,
+-						&client, NULL);
+						client, NULL);
+ 
+ 		break;
+ 	case DHCP_STATE_INIT_REBOOT:
+-- 
+cgit 1.2-0.3.lf.el7
+
--- a/main/ell/fix-out-of-bounds-access.patch
+++ b/main/ell/fix-out-of-bounds-access.patch
@ -0,0 +1,32 @@
+From 589e33d98a3574e987507684710dbc10fc5bcbf2 Mon Sep 17 00:00:00 2001
+From: James Prestwood <james.prestwood@linux.intel.com>
+Date: Tue, 6 Aug 2019 16:08:49 -0400
+Subject: dhcp-transport: fix out-of-bounds access
+
+If len was odd the iovec was getting accessed out of bounds. 'j' needed
+to be decremented after the for loop. In addition, the iov_len was not
+being used to access the last byte of iov_base.
+---
+ ell/dhcp-transport.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ell/dhcp-transport.c b/ell/dhcp-transport.c
+index b43dfbd..56db9dd 100644
+--- a/ell/dhcp-transport.c
+++ b/ell/dhcp-transport.c
+@@ -78,9 +78,11 @@ uint16_t _dhcp_checksumv(const struct iovec *iov, size_t iov_cnt)
+ 			sum += check[i];
+ 	}
+ 
+	j--;
+
+ 	if (len & 0x01) {
+ 		const uint8_t *odd = iov[j].iov_base;
+-		sum += odd[len - 1];
+		sum += odd[iov[j].iov_len - 1];
+ 	}
+ 
+ 	while (sum >> 16)
+-- 
+cgit 1.2-0.3.lf.el7
+