new file mode 100644
@@ -0,0 +1,45 @@
+From 7073a366ee71639a1902eefb7500e14acb920f64 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Mon, 4 Apr 2022 23:52:49 -0700
+Subject: [PATCH] zgrep: avoid exploit via multi-newline file names
+
+* zgrep.in: The issue with the old code is that with multiple
+newlines, the N-command will read the second line of input,
+then the s-commands will be skipped because it's not the end
+of the file yet, then a new sed cycle starts and the pattern
+space is printed and emptied. So only the last line or two get
+escaped. This patch makes sed read all lines into the pattern
+space and then do the escaping.
+
+This vulnerability was discovered by:
+cleemy desu wayo working with Trend Micro Zero Day Initiative
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c]
+CVE: CVE-2022-1271
+
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+---
+ zgrep.in | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/zgrep.in b/zgrep.in
+index 3efdb52..d391291 100644
+--- a/zgrep.in
++++ b/zgrep.in
+@@ -222,9 +222,13 @@ do
+ '* | *'&'* | *'\'* | *'|'*)
+ i=$(printf '%s\n' "$i" |
+ sed '
+- $!N
+- $s/[&\|]/\\&/g
+- $s/\n/\\n/g
++ :start
++ $!{
++ N
++ b start
++ }
++ s/[&\|]/\\&/g
++ s/\n/\\n/g
+ ');;
+ esac
+ sed_script="s|^|$i:|"
@@ -4,6 +4,7 @@ LICENSE = "GPLv3+"
SRC_URI = "${GNU_MIRROR}/gzip/${BP}.tar.gz \
file://run-ptest \
+ file://CVE-2022-1271.patch \
"
SRC_URI_append_class-target = " file://wrong-path-fix.patch"
zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c] CVE: CVE-2022-1271 Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> --- .../gzip/gzip-1.10/CVE-2022-1271.patch | 45 +++++++++++++++++++ meta/recipes-extended/gzip/gzip_1.10.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch