Compare commits

...

85 Commits

Author SHA1 Message Date
Peter Korsgaard 8a0e4e865a Update for 2017.02.11
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 21:08:40 +02:00
André Hentschel ab61f3fa1e wireshark: bump version to 2.2.14 (security)
Security fixes since 2.2.12:

- wnpa-sec-2018-15
  The MP4 dissector could crash. (Bug 13777)
- wnpa-sec-2018-16
  The ADB dissector could crash. (Bug 14460)
- wnpa-sec-2018-17
  The IEEE 802.15.4 dissector could crash. (Bug 14468)
- wnpa-sec-2018-18
  The NBAP dissector could crash. (Bug 14471)
- wnpa-sec-2018-19
  The VLAN dissector could crash. (Bug 14469)
- wnpa-sec-2018-20
  The LWAPP dissector could crash. (Bug 14467)
- wnpa-sec-2018-23
  The Kerberos dissector could crash. (Bug 14576)
- wnpa-sec-2018-05
  The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335
- wnpa-sec-2018-06
  Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible.
- wnpa-sec-2018-07
  The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334
- wnpa-sec-2018-09
  The FCP dissector could crash. Bug 14374, CVE-2018-7336
- wnpa-sec-2018-10
  The SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320
- wnpa-sec-2018-11
  The pcapng file parser could crash. Bug 14403, CVE-2018-7420
- wnpa-sec-2018-12
  The IPMI dissector could crash. Bug 14409, CVE-2018-7417
- wnpa-sec-2018-13
  The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418
-  wnpa-sec-2018-14
  The NBAP disssector could crash. Bug 14443, CVE-2018-7419

Full release notes:

  https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c5c87c2bb6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:42:38 +02:00
Fabio Estevam b0aeb1d4e3 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2661d47425)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:59 +02:00
Peter Korsgaard dff55ea20e python-webpy: use webpy-0.39 tag
No functional change, but upstream has now tagged the release, so use the
tag instead of the sha1.

https://github.com/webpy/webpy/issues/449

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01320bb9ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:19 +02:00
Peter Korsgaard 5c3e92de2d python-webpy: security bump to version 0.39
>From the changelog:

2018-02-28 0.39
* Fixed a security issue with the form module (tx Orange Tsai)
* Fixed a security issue with the db module (tx Adrián Brav and Orange Tsai)

2016-07-08 0.38
..
* Fixed a potential remote exeution risk in `reparam` (tx Adrián Brav)

License files are still not included on pypi, so continue to use the git
repo. Upstream has unfortunately not tagged 0.39, so use the latest commit
on the 0.39 branch.  A request to fix this has been submitted:

https://github.com/webpy/webpy/issues/449

0.39 now uses setuptools, so change the _SETUP_TYPE.

Add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce559162fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:41:09 +02:00
Peter Korsgaard 64d9f21af2 python-webpy: needs hashlib support in python
webpy uses hashlib for session handling, so ensure it is available:

web/session.py:    import hashlib
web/session.py:    sha1 = hashlib.sha1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 543b0d50fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:40:52 +02:00
Peter Korsgaard 9bdc177bea openblas: drop SSE_GENERIC target
Fixes #10856

The SSE_GENERIC target fails to build with a "sgemm_kernel.o: No such file
or directory" error. Several upstream bug reports exist for this:

https://github.com/xianyi/OpenBLAS/issues/502
https://github.com/xianyi/OpenBLAS/issues/685

In both cases, upstream suggests using a different target definition
instead.  E.G.  from issue 685:

You may use NORTHWOOD on x86: make TARGET=NORTHWOOD that uses SSE2
instructions.  It's very hard to find non-SSE2 x86 CPUs today.  For x86-64
use the PRESCOTT target

So drop the SSE_GENERIC target.  The only x86_64 variant we support not
covered by a more specific openblas target is the default variant, nocona
and jaguar.

Nocona was a Xeon variant of the P4 "Prescott" architecture, so use the
PRESCOTT openblas target:

https://en.wikipedia.org/wiki/Xeon#Nocona_and_Irwindale

Jaguar is from the Bobcat family, so use the BOBCAT openblas target:

https://en.wikipedia.org/wiki/List_of_AMD_microprocessors#Bobcat_core_architecture_(APU)

[Peter: add Jaguar as pointed out by Arnout]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 5e6fa93483)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:36:56 +02:00
Sasha Shyrokov 0aab750960 opencv3: fix Python module build for Python 3.x
When the OpenCV3 Python support is enabled with Python 3.x, it builds
properly, and the resulting .so file is built for the target
architecture, but its name is wrong:

  output/target/usr/lib/python3.6/site-packages/cv2.cpython-36m-x86_64-linux-gnu.so

This prevents Python 3.x from importing the module:

>>> import cv2
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'cv2'

In order to fix this, we simply need to pass PKG_PYTHON_DISTUTILS_ENV
in the environment. The Python module then gets named:

  output/target/usr/lib/python3.6/site-packages/cv2.cpython-36m-arm-linux-gnueabi.so

And can be imported properly:

>>> import cv2
>>>

This solution was suggested by Arnout Vandecappelle in
https://stackoverflow.com/questions/49059035/buildroot-opencv3-python-package-builds-for-the-wrong-target.

With Python 2.x, the module is named just cv2.so so this problem isn't
visible. However, for consistency, we also pass
PKG_PYTHON_DISTUTILS_ENV when building against Python 2.x, by putting
the OPENCV3_CONF_ENV assignment inside the
BR2_PACKAGE_OPENCV3_LIB_PYTHON condition, but outside the
BR2_PACKAGE_PYTHON3/BR2_PACKAGE_PYTHON condition.

Signed-off-by: Sasha Shyrokov <alexander-shyrokov@idexx.com>
[Thomas: extend the commit log, apply the solution to Python 2.x.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8ba80282c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:36:18 +02:00
Valentin Korenblit 02aaa39a14 package/xterm: Avoid freetype2 path poisoning using imake
When imake is installed on the host, it tries to include
freetype headers from host, so we must override ac_cv_path_IMAKE
to avoid this.

Extract from config.log:

configure:14803: checking if we should use imake to help
configure:14820: result: yes
configure:14829: checking for xmkmf
configure:14846: found /usr/bin/xmkmf
configure:14857: result: /usr/bin/xmkmf
configure:14920: testing Using /usr/bin/xmkmf  ...
configure:15015: testing IMAKE_CFLAGS  -I. -I/usr/include/freetype2

Signed-off-by: Valentin Korenblit <valentin.korenblit@smile.fr>
[Thomas: pass ac_cv_path_IMAKE="" as suggested by Romain Naour.]
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d0316dc7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:34:57 +02:00
Fabio Estevam 2fbc20fd26 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6e17a16dc7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:34:10 +02:00
Peter Korsgaard a5951b94bc openssl: security bump to version 1.0.2o
Fixes the following security issues:

Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739)

Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion.  This could result in a Denial Of Service attack.
There are no such structures used within SSL/TLS that come from untrusted
sources so this is considered safe.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte.  This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme.  The module can only be compiled by the HP-UX
assembler, so that only HP-UX PA-RISC targets are affected.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

This issue has been reported in a previous OpenSSL security advisory and a
fix was provided for OpenSSL 1.0.2.  Due to the low severity no fix was
released at that time for OpenSSL 1.1.0.  The fix is now available in
OpenSSL 1.1.0h.

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli.  No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline.  The amount of resources required for such an attack would be
significant.  However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

For more details, see https://www.openssl.org/news/secadv/20180327.txt

The copyright year changed in LICENSE, so adjust the hash to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6938c219d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:25:48 +02:00
Peter Korsgaard c1ce76dba4 sngrep: fix libgcrypt handling
Fixes:
http://autobuild.buildroot.net/results/f1c6494133806b9fc26ae3ce9e9c6a22fa2eda6f/

Commit 6205b75873 (sngrep: gnutls support also needs libgcrypt) ensured
that --with-gnutls is only used when both gnutls and libgcrypt are enabled,
but it didn't ensure libgcrypt gets built before sngrep or told the
configure script where to find libgcrypt-config, breaking the build.

Fix both issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae7d59eaae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:22:04 +02:00
Fabio Estevam 3d5be0c715 linux-headers: bump 4.{1, 4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9ef8f6b061)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:20:51 +02:00
Baruch Siach f7b941d3f5 xerces: add upstream security fix
CVE-2017-12627: dereference of a NULL pointer while processing the path
to the DTD.

xerces 3.2.1 includes this patch. But this version also added
AC_RUN_IFELSE to its configure script, making cross compilation harder.

Switching to cmake is also problematic since the minimum required cmake
version is 3.2.0. The host dependencies check currently allows minimum
cmake version 3.1.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 142c8cc8d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:20:04 +02:00
Fabio Estevam 8666d431c2 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d9534c8163)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:19:01 +02:00
Bernd Kuhls 06c77a5062 package/apache: security bump to version 2.4.33
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.33

Fixes CVE-2017-15710, CVE-2018-1283, CVE-2018-1303, CVE-2018-1301,
CVE-2017-15715, CVE-2018-1312, CVE-2018-1302.

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 65193bf3c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:27 +02:00
Bernd Kuhls 763319e86c package/apache: bump version to 2.4.29
Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 386ca343c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:14 +02:00
Bernd Kuhls bb047db6e6 package/apache: bump to version 2.4.28
Fix for CVE-2017-9798 is included in this release, so this patch is
removed.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Update commit log: not a security bump]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 1cff68251e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:17:09 +02:00
Bernd Kuhls 2801e075c7 package/imagemagick: security bump version to 7.0.7-27
Fixes CVE-2018-6405 (upstream Github PR 964) and many others:
http://www.imagemagick.org/script/changelog.php

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 31086ea1de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:16:08 +02:00
Bernd Kuhls 91d1863955 linux-headers: bump 3.2.x and 4.{14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b83a4d3d69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:15:30 +02:00
Peter Korsgaard 0112c2647a tremor: security bump to fix CVE-2018-5146
Prevent out-of-bounds write in codebook decoding.

Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.

Upstream has migrated from subversion to git, so change to git and bump the
version to include the fix for CVE-2018-5146.

While we're at it, also add a hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80266c9505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:11:04 +02:00
Fabio Estevam 48a3c64c05 linux-headers: bump 3.2.x and 4.{1, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cd0fd09352)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 17:09:14 +02:00
Peter Korsgaard f971d57e1c linux-headers: bump 4.{4,9}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 50cd46b39f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:43:55 +02:00
Peter Korsgaard 9dcd7e340b irssi: security bump to version 1.0.7
Fixes the following security issues:

Use after free when server is disconnected during netsplits.  Incomplete fix
of CVE-2017-7191.  Found by Joseph Bisch.  (CWE-416, CWE-825) -
CVE-2018-7054 [2] was assigned to this issue.

Use after free when SASL messages are received in unexpected order.  Found
by Joseph Bisch.  (CWE-416, CWE-691) - CVE-2018-7053 [3] was assigned to
this issue.

Null pointer dereference when an “empty” nick has been observed by Irssi.
Found by Joseph Bisch.  (CWE-476, CWE-475) - CVE-2018-7050 [4] was assigned
to this issue.

When the number of windows exceed the available space, Irssi would crash due
to Null pointer dereference.  Found by Joseph Bisch.  (CWE-690) -
CVE-2018-7052 [5] was assigned to this issue.

Certain nick names could result in out of bounds access when printing theme
strings.  Found by Oss-Fuzz.  (CWE-126) - CVE-2018-7051 [6] was assigned to
this issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 181ef8a1d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:43:20 +02:00
Baruch Siach abb750fc22 libcurl: security bump to version 7.59.0
CVE-2018-1000120: curl could be fooled into writing a zero byte out of
bounds when curl is told to work on an FTP URL with the setting to only
issue a single CWD command, if the directory part of the URL contains a
"%00" sequence.

https://curl.haxx.se/docs/adv_2018-9cd6.html

CVE-2018-1000121: curl might dereference a near-NULL address when
getting an LDAP URL.

https://curl.haxx.se/docs/adv_2018-97a2.html

CVE-2018-1000122: When asked to transfer an RTSP URL, curl could
calculate a wrong data length to copy from the read buffer.

https://curl.haxx.se/docs/adv_2018-b047.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf3476e5b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:42:39 +02:00
Adam Duskett 122211e827 libpjsip: security bump to 2.7.2
Fixes the following vulnerabilities:

- CVE-2018-1000098: Crash when parsing SDP with an invalid media format
  description

- CVE-2018-1000099: Crash when receiving SDP with invalid fmtp attribute

[Peter: add CVE info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ed0d9d6f36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:42:00 +02:00
Peter Korsgaard 933b01bde6 samba4: security bump to version 4.5.16
CVE-2018-1050: Vulnerability to a denial of service attack when the RPC
spoolss service is configured to be run as an external daemon.

https://www.samba.org/samba/security/CVE-2018-1050.html

CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

https://www.samba.org/samba/security/CVE-2018-1057.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:40:42 +02:00
Fabio Estevam 88b7f14300 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 03b5b444f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:08:06 +02:00
Peter Korsgaard d1c1d929eb linux: Config.in: correct typo in kernel compression format help text
s/build/built/.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d233cc72c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-11 16:07:38 +02:00
Peter Korsgaard 5dea8d17d0 busybox: add upstream post-1.27.2 httpd fix
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ec58149009)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Adam Duskett a7918a7d00 busybox: bump to version 1.27.2
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5cdb463e44)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Thomas Petazzoni 9d821b79c4 busybox: disable new TLS support
Busybox 1.17.1 has added built-in TLS support. Unfortunately, it fails
to build on i686 with gcc 4.8, with:

networking/tls_pstm_mul_comba.c: In function 'pstm_mul_comba':
networking/tls_pstm_mul_comba.c:82:1: error: 'asm' operand has impossible constraints
 asm(                                                      \
 ^
networking/tls_pstm_mul_comba.c:279:4: note: in expansion of macro 'MULADD'
    MULADD(*tmpx++, *tmpy--);
    ^
make[3]: *** [networking/tls_pstm_mul_comba.o] Error 1
make[2]: *** [networking] Error 2

Since TLS support is a new feature in 1.27, and wasn't present until
now, let's disable it to avoid the build failure.

The bug has been reported upstream at
http://lists.busybox.net/pipermail/busybox/2017-July/085713.html.

Fixes:

 http://autobuild.buildroot.net/results/d973f9a2fbf0f52104f4943b902183e9dbf163a7/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d5507262f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Peter Korsgaard d313993607 Revert "busybox: add upstream post-1.26.2 fixes"
This reverts commit ace9345c96.

With the bump to 1.27.x, these are no longer needed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:19:38 +02:00
Adam Duskett b8cad32137 busybox: bump version to 1.27.1
In addition, update busybox-minimal.config and busybox.config by loading the
config files and saving them back.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8cea293617)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 23:15:06 +02:00
Fabio Estevam ac80ff09f9 linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 59e8b056ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:12:38 +02:00
Baruch Siach 744ed3cb4c dhcp: add upstream security fixes
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.

CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.

Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 047cec5993)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:11:45 +02:00
Bernd Kuhls ac20047cfe package/clamav: security bump to version 0.99.4
Fixes CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-1000085 &
CVE-2018-0202.

For details see upstream announcement:
http://lists.clamav.net/pipermail/clamav-announce/2018/000029.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d02cbe22da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:09:13 +02:00
Peter Korsgaard b93a04a51a mosquitto: unbreak build with websockets and !libopenssl
Fixes:
http://autobuild.buildroot.net/results/d69/d693f3e3f1c73ccf54ac7076623e436355a9d901/b

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 63dfbca2c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:06:15 +02:00
Peter Korsgaard 6758d72750 mosquitto: security bump to version 1.4.15
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
packet which causes large amounts of memory use in the broker.  If multiple
clients do this, an out of memory situation can occur and the system may
become unresponsive or the broker will be killed by the operating system.

The fix addresses the problem by limiting the permissible size for CONNECT
packet, and by adding a memory_limit configuration option that allows the
broker to self limit the amount of memory it uses.

The hash of new tarball is not (yet) available through download.php, so use
a locally calculated hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4df4a18e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:06:08 +02:00
Peter Korsgaard 184042f0e5 mosquitto: bump version to 1.4.14
Drop CVE 2017-9868 patch as that is now upstream.

1.4.14 is a bugfix release, fixing significant websocket performance /
correctness issues.

Use HTTPS for the download as the server uses HSTS, thus saving a redirect.

While we're at it, add hashes for the license files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b76bf7669)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:05:50 +02:00
Peter Korsgaard 932d6d028d mosquitto: clarify that patch hash is locally calculated
Commit e51d69a3b (mosquitto: specify that hash is taken from upstream)
changed the .hash description header, but the upstream hash only applies
to the tarball, not the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1ef8c22393)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:04:05 +02:00
Vicente Olivert Riera e0730140cf mosquitto: specify that hash is taken from upstream
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d8dc97ee5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:03:59 +02:00
Bernd Kuhls b598d76aff package/dovecot: security bump to version 2.3.4
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c970b06ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:02:38 +02:00
Fabio Estevam d0a4f95570 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fcf28ee361)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:01:23 +02:00
Peter Korsgaard 10a941a561 wavpack: add upstream security fixes
Fixes the following security issues:

CVE-2018-6767: A stack-based buffer over-read in the ParseRiffHeaderConfig
function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to
cause a denial-of-service attack or possibly have unspecified other impact
via a maliciously crafted RF64 file.

CVE-2018-7253: The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file
of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

CVE-2018-7254: The ParseCaffHeaderConfig function of the cli/caff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect memory
allocation, via a maliciously crafted CAF file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4de7e07e6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:00:45 +02:00
Thomas Petazzoni b08d5c0fe5 wavpack: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a2576d37e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 22:00:21 +02:00
Bernd Kuhls 3738909ce9 linux-headers: bump 3.2.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e8e9bb3267)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:57:42 +02:00
Peter Korsgaard c1c3a7913a check-host-tar.sh: blacklist tar 1.30+
Tar 1.30 changed the --numeric-owner output for filenames > 100 characters,
leading to hash mismatches for the tar archives we create ourselves from
git.  This is really a fix for a bug in earlier tar versions regarding
deterministic output, so it is unlikely to be reverted in later versions.

For more details, see:
http://lists.busybox.net/pipermail/buildroot/2018-January/211222.html

To work around this issue, blacklist tar 1.30+ similar to how we do it for
pre-1.17 versions so Buildroot falls back to building host-tar.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b8fa273d50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:56:47 +02:00
Peter Korsgaard 119ab097e4 dependencies.mk: check for valid host-tar before other host dependencies
host-{cmake,lzip,xz} needs host-tar to extract their source code tarball, so
we need to ensure that host-tar gets added to DEPENDENCIES_HOST_PREREQ
before these in case they are both needed, otherwise the tools will fail to
extract.

With the upcoming change to blacklist modern tar versions this situation is
likely to trigger more often.

The real solution to this issue is the <foo>_EXTRACT_DEPENDENCIES rework,
but that series is a bit too intrusive to add this close to 2018.02, so
therefore this hack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7c09cb82b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:56:31 +02:00
Fabio Estevam a06507a2f2 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e7ee5a686)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:54:42 +02:00
Baruch Siach 85e08f8719 patch: add upstream security fix
Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches.

Depend on MMU for now, because the patch adds a fork() call. Upstream
later switched to gnulib provided execute(), so this dependency can be
dropped on the next version bump.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f4a4df2084)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c3e1d9849a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:52:31 +02:00
Baruch Siach 4b0f9bbb62 patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 38d8d86d31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:52:21 +02:00
Baruch Siach e1f2e885e6 mbedtls: fix API compatibility
Add upstream patch fixing API compatibility with previous releases.

Fixes (hiawatha):
http://autobuild.buildroot.net/results/ce6/ce6b4a50e6aafd06f82eaae688dd8720b982e9c2/
http://autobuild.buildroot.net/results/cde/cdec7ae3565d5b76a9bc50156c6244b44197534e/
http://autobuild.buildroot.net/results/9c1/9c1aec09c03f60bee9dc134da5a29e2671fc3b5e/

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7bb17b10af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:51:38 +02:00
Baruch Siach d226954543 mbedtls: security bump to version 2.7.0
CVE-2018-0487: Remote attackers can execute arbitrary code or cause a
denial of service (buffer overflow) via a crafted certificate chain that
is mishandled during RSASSA-PSS signature verification within a TLS or
DTLS session.

CVE-2018-0488: When the truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application packet within a TLS
or DTLS session.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3b7a59304a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:51:25 +02:00
Fabio Estevam a60c8ecf38 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3733907f67)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:50:27 +02:00
Peter Korsgaard 14ee40d989 exim: add upstream security fix
Fixes the following security issue:

CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent.  A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.

Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8343069e2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:49:09 +02:00
Peter Korsgaard 0a5fcdfe0b quagga: add upstream security fixes
Fixes the following security issues:

CVE-2018-5378

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly bounds check data sent with a NOTIFY to a peer, if an
    attribute length is invalid. A configured BGP peer can take
    advantage of this bug to read memory from the bgpd process or cause
    a denial of service (daemon crash).

    https://www.quagga.net/security/Quagga-2018-0543.txt

CVE-2018-5379

    It was discovered that the Quagga BGP daemon, bgpd, can double-free
    memory when processing certain forms of UPDATE message, containing
    cluster-list and/or unknown attributes, resulting in a denial of
    service (bgpd daemon crash).

    https://www.quagga.net/security/Quagga-2018-1114.txt

CVE-2018-5380

    It was discovered that the Quagga BGP daemon, bgpd, does not
    properly handle internal BGP code-to-string conversion tables.

    https://www.quagga.net/security/Quagga-2018-1550.txt

CVE-2018-5381

    It was discovered that the Quagga BGP daemon, bgpd, can enter an
    infinite loop if sent an invalid OPEN message by a configured peer.
    A configured peer can take advantage of this flaw to cause a denial
    of service (bgpd daemon not responding to any other events; BGP
    sessions will drop and not be reestablished; unresponsive CLI
    interface).

    https://www.quagga.net/security/Quagga-2018-1975.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 157a198d30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:48:43 +02:00
Ryan Coe a0cd24fafa mariadb: security bump version to 10.1.31
Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/

Fixes the following security vulnerabilities:

CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server : Partition). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
delete access to some of MySQL Server accessible data.

CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Supported versions that are affected are
5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.

CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fcdaab19bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:47:30 +02:00
Thomas De Schampheleire 22905de362 jq: compile as _GNU_SOURCE to fix segfault when compiled with gcc 6
When compiling host-jq with gcc 6+, running it gives an immediate segfault.
Reported upstream: https://github.com/stedolan/jq/issues/1598

The issue can be solved by compiling with _GNU_SOURCE as extra preprocessor
define. Once the issue is solved upstream, this change can be reverted.

As the issue will normally be the same for target, apply the same fix there.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 21114013e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:46:50 +02:00
Fabio Estevam ac860db762 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x / 4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa77030b8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:45:52 +02:00
Peter Korsgaard 9754a77f74 libvorbis: security bump to version 1.3.6
Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca03d6774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f11463b3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:45:15 +02:00
Peter Korsgaard 9f5ffe8012 libvorbis: add upstream security fixes
Fixes the following security issues:

CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc9282ae8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:44:59 +02:00
Fabio Estevam 9c908557ca linux-headers: bump 4.{9, 14}.x series
[Peter: drop 4.14.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c08458270)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:43:00 +02:00
Baruch Siach a0cd7e6466 librsvg: security bump to version 2.40.20
Fixes CVE-2018-1000041: information disclosure via a crafted SVG file.

Bump to the latest (maybe last) release in the 2.40.x series. Newer
versions require a Rust compiler.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4020c5a7b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:41:31 +02:00
Baruch Siach cff27a6b92 busybox: add upstream security fixes
CVE-2017-15873: Integer overflow in decompress_bunzip2.c leads to a read
access violation

CVE-2017-15874: Integer overflow in decompress_unlzma.c leads to a read
access violation

Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6665360b6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:40:52 +02:00
Gaël PORTAY 996105619f qt5tools: fix typo in <pkg>_SOURCE
The QT5TOOLS_SOURCE variable uses mismatch QT5BASE_VERSION variable.

This commit fixes the typo by using the appropriate QT5TOOLS_VERSION
variable.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c384c3b0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:39:26 +02:00
Gaël PORTAY 223c160078 qt53d: fix typo in <pkg>_SOURCES
The QT53D_SOURCE variable uses mismatch QT5SVG_VERSION variable.

This commit fixes the typo by using the appropriate QT53D_VERSION
variable.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit caa3f12fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:38:12 +02:00
Baruch Siach a967b26026 rsync: security bump to version 3.1.3
Fixes CVE-2018-5764: remote attackers can bypass an
argument-sanitization protection mechanism

Drop upstream patches.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4652f59401)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:37:38 +02:00
Baruch Siach dd364b6d60 libxml2: add security fix
CVE-2017-8872: An attackers can cause a denial of service (buffer
over-read) or information disclosure.

Patch from the upstream bug tracker.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86e027f6d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:37:06 +02:00
Adam Duskett 23b3534f35 libxml2: bump to 2.9.7
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a54794e652)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:36:56 +02:00
Samuel Martin 168c91f174 package/libxml2: add license hash
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fd313f8dc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:36:53 +02:00
Baruch Siach 24c068191c dnsmasq: add upstream security fix patches
Fixes CVE-2017-15107: An attacker can craft an NSEC which wrongly proves
non-existence.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aec658f5d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:35:08 +02:00
Baruch Siach e78164574b dnsmasq: simplify build configuration
Drop direct sed'ing of config.h for HAVE_CONNTRACK, HAVE_LUASCRIPT, and
HAVE_DBUS. Use MAKE_OPTS COPTS parameters instead, like we do already
for all other options.

Rename DNSMASQ_ENABLE_LUA to DNSMASQ_TWEAK_LIBLUA since it now does only
that.

Merge two conntrack and three dbus conditional sections.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1042fea88a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:34:50 +02:00
Baruch Siach bf9cad4c7b libtasn1: security bump to version 4.13
CVE-2017-10790: NULL pointer dereference and crash when reading crafted
input

CVE-2018-6003: Stack exhaustion due to indefinite recursion during BER
decoding

Add license files hashes.

Cc: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ac75335bf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:33:17 +02:00
Baruch Siach fdbd22529f ntp: fix build without SSP support
In version 4.2.8p11 ntp changed its configure script build hardening
parameter to '--with-hardenfile'. Update the parameter name to avoid
-fstack-protector-all when the toolchain does not support this option.

Fixes:
http://autobuild.buildroot.net/results/60e/60e8b9864932f2cabc7deb43234abe168bd113c5/
http://autobuild.buildroot.net/results/592/592db6836817bb078a2f1146d2ce6241bf7997a3/
http://autobuild.buildroot.net/results/b07/b070fbc66a928888df8d2561dad3632778d55e0d/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5766b6fb34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:29:45 +02:00
Baruch Siach e912d4c9d5 ntp: security bump to version 4.2.8p11
Fixed or improved security issues:

  CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
  malicious authenticated peer can create arbitrarily-many ephemeral
  associations in order to win the clock selection algorithm

  CVE-2018-7182: Buffer read overrun leads to undefined behavior and
  information leak

  CVE-2018-7170: Multiple authenticated ephemeral associations

  CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
  state

  CVE-2018-7185: Unauthenticated packet can reset authenticated
  interleaved association

  CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit

Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit da05d74805)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:29:14 +02:00
Adam Duskett 96828612b2 ntp: explicitly enable openssl-random when crypto is enabled
If OpenSSL is selected, --enable-openssl-random should be explicitly
enabled for consistency with the disable case.

[Peter: tweak commit text]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 905677cbd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:28:49 +02:00
Adam Duskett 0607eb5347 ntp: no longer require openssl
4.2.8p10 no longer requires openssl to compile.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a2111258a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:27:26 +02:00
Peter Seiderer ec1617d6e5 dhcp: disable isc assertions (reproducible builds)
The isc assertions from the bundled bind dns library are
using the __FILE__ macro for debug messages (see
dhcp-4.3.5/bind/bind-9.9.9-P3/lib/isc/include/isc/assertions.h).

Disabling the assertions gains:

- reproducible builds (no build time paths in the executable)
- space saving on the target:
  dhcpd: 1.9M -> 1.6M
  dhcrelay: 1.6M -> 1.3M

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3d1a7a8620)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:24:33 +02:00
Fabio Estevam b800794c80 linux-headers: bump 4.{4, 9, 14, 15}.x series
[Peter: drop 4.14.x/4.15.x bump]
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9fab7e408a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:22:55 +02:00
Peter Korsgaard 9a31eb5f2c Makefile, manual, website: Bump copyright year
Happy 2018!

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 676400379a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:20:19 +02:00
Baruch Siach 9de753fcbd dnsmasq: update homepage link
The doc.html seems like a better choice for a homepage link than the
list of files in the containing directory listing.

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f9da847d93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-10 21:19:45 +02:00
Adam Duskett 45d13b7833 postgresql: security bump to 9.6.8
Helps mitigate CVE-2018-1058

see: https://www.postgresql.org/about/news/1834/ for more information bugfixes.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-06 12:11:43 +01:00
Jeroen Roovers c849300796 lz4: version v1.7.5
Signed-off-by: Jeroen Roovers <jer@airfi.aero>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5408fc925d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:07:15 +01:00
Adam Duskett 7152a61322 postgresql: security bump to 9.6.7
from https://www.postgresql.org/about/news/1829/

Fixes:
[1] CVE-2018-1052: Fix the processing of partition keys containing multiple
                   expressions

[2] CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are
                   non-world-readable

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-15 22:28:28 +01:00
110 changed files with 1927 additions and 1686 deletions
+20
View File
@@ -1,3 +1,23 @@
2017.02.11, Released April 11th, 2018
Important / security related fixes.
dependencies: Blacklist tar 1.30+ and build our own host-tar
if needed as tar 1.30+ changed the --numeric-owner output for
long path names. Build host-tar before other host-dependencies
as they need it to extract their source tarballs.
Updated/fixed packages: apache, busybox, clamav, dhcp,
dnsmasq, dovecot, exim, imagemagick, irssi, jq, libcurl,
libpjsip, librsvg, libtasn1, libvorbis, libxml2, lz4, mariadb,
mbedtls, mosquitto, ntp, openblas, opencv3, openssl, patch,
postgresql, python-webpy, qt53d, qt5tools, quagga, rsync,
samba4, sngrep, tremor, wavpack, wireshark, xerces, xterm
Issues resolved (http://bugs.uclibc.org):
#10856: openblas on qemu_x86_64_defconfig fails with "sgemm_..
2017.02.10, Released January 31st, 2018
Important / security related fixes.
+3 -3
View File
@@ -2,7 +2,7 @@
#
# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
# Copyright (C) 2006-2014 by the Buildroot developers <buildroot@uclibc.org>
# Copyright (C) 2014-2017 by the Buildroot developers <buildroot@buildroot.org>
# Copyright (C) 2014-2018 by the Buildroot developers <buildroot@buildroot.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -86,9 +86,9 @@ else # umask / $(CURDIR) / $(O)
all:
# Set and export the version string
export BR2_VERSION := 2017.02.10
export BR2_VERSION := 2017.02.11
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1517426000
BR2_VERSION_EPOCH = 1523473000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
+1 -1
View File
@@ -12,7 +12,7 @@ It is licensed under the GNU General Public License, version 2. Refer to the
http://git.buildroot.org/buildroot/tree/COPYING[COPYING] file in the Buildroot
sources for the full text of this license.
Copyright (C) 2004-2017 The Buildroot developers
Copyright (C) 2004-2018 The Buildroot developers
image::logo.png[]
+1 -1
View File
@@ -1,6 +1,6 @@
The code and graphics on this website (and it's mirror sites, if any) are
Copyright (c) 1999-2005 by Erik Andersen, 2006-2014 The Buildroot
Copyright (c) 1999-2005 by Erik Andersen, 2006-2018 The Buildroot
developers. All rights reserved.
Documents on this Web site including their graphical elements, design, and
+1 -1
View File
@@ -267,7 +267,7 @@ endchoice
choice
prompt "Kernel compression format"
help
This selection will just ensure that the correct host tools are build.
This selection will just ensure that the correct host tools are built.
The actual compression for the kernel should be selected in the
kernel configuration menu.
-30
View File
@@ -1,30 +0,0 @@
core: Disallow Methods' registration at run time (.htaccess), they may
be used only if registered at init time (httpd.conf).
Calling ap_method_register() in children processes is not the right scope
since it won't be shared for all requests.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
Fixes CVE-2017-9798: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
Downloaded from upstream repo:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
--- a/server/core.c 2017/08/16 16:50:29 1805223
+++ b/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}
+3 -2
View File
@@ -1,2 +1,3 @@
# From http://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256
sha256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a httpd-2.4.27.tar.bz2
# From http://archive.apache.org/dist/httpd/httpd-2.4.33.tar.bz2.sha256
sha256 de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 httpd-2.4.33.tar.bz2
sha256 c49c0819a726b70142621715dae3159c47b0349c2bc9db079070f28dadac0229 LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
APACHE_VERSION = 2.4.27
APACHE_VERSION = 2.4.33
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0
@@ -1,87 +0,0 @@
From dac762a702d01c8c2d42135795cc9bf23ff324a2 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Wed, 11 Jan 2017 20:16:45 +0100
Subject: [PATCH] wget: fix for brain-damaged HTTP servers. Closes 9471
write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
shutdown(3, SHUT_WR) = 0
alarm(900) = 900
read(3, "", 1024) = 0
write(2, "wget: error getting response\n", 29) = 29
exit(1)
The peer simply does not return anything. It closes its connection.
Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
The point it, closing write side of the socket is _valid_ for HTTP.
wget sent the full request, it won't be sending anything more:
it will only receive the response, and that's it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
networking/wget.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/networking/wget.c b/networking/wget.c
index b082a0f59..afb09f587 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -141,6 +141,8 @@
#endif
+#define SSL_SUPPORTED (ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER)
+
struct host_info {
char *allocated;
const char *path;
@@ -151,7 +153,7 @@ struct host_info {
};
static const char P_FTP[] ALIGN1 = "ftp";
static const char P_HTTP[] ALIGN1 = "http";
-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
+#if SSL_SUPPORTED
static const char P_HTTPS[] ALIGN1 = "https";
#endif
@@ -452,7 +454,7 @@ static void parse_url(const char *src_url, struct host_info *h)
if (strcmp(url, P_FTP) == 0) {
h->port = bb_lookup_port(P_FTP, "tcp", 21);
} else
-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
+#if SSL_SUPPORTED
if (strcmp(url, P_HTTPS) == 0) {
h->port = bb_lookup_port(P_HTTPS, "tcp", 443);
h->protocol = P_HTTPS;
@@ -1093,12 +1095,20 @@ static void download_one_url(const char *url)
}
fflush(sfp);
- /* If we use SSL helper, keeping our end of the socket open for writing
- * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
- * even after child closes its copy of the fd.
- * This helps:
- */
- shutdown(fileno(sfp), SHUT_WR);
+
+/* Tried doing this unconditionally.
+ * Cloudflare and nginx/1.11.5 are shocked to see SHUT_WR on non-HTTPS.
+ */
+#if SSL_SUPPORTED
+ if (target.protocol == P_HTTPS) {
+ /* If we use SSL helper, keeping our end of the socket open for writing
+ * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+ * even after child closes its copy of the fd.
+ * This helps:
+ */
+ shutdown(fileno(sfp), SHUT_WR);
+ }
+#endif
/*
* Retrieve HTTP response line and check for "200" status code.
--
2.11.0
@@ -1,494 +0,0 @@
From fa654812e79d2422b41cfff6443e2abcb7737517 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Thu, 5 Jan 2017 11:43:53 +0100
Subject: [PATCH] unzip: properly use CDF to find compressed files. Closes 9536
function old new delta
unzip_main 2437 2350 -87
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
archival/unzip.c | 285 +++++++++++++++++++++++++++++---------------------
testsuite/unzip.tests | 6 +-
2 files changed, 168 insertions(+), 123 deletions(-)
diff --git a/archival/unzip.c b/archival/unzip.c
index c540485ac..edef22f75 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -16,7 +16,6 @@
* TODO
* Zip64 + other methods
*/
-
//config:config UNZIP
//config: bool "unzip"
//config: default y
@@ -24,8 +23,17 @@
//config: unzip will list or extract files from a ZIP archive,
//config: commonly found on DOS/WIN systems. The default behavior
//config: (with no options) is to extract the archive into the
-//config: current directory. Use the `-d' option to extract to a
-//config: directory of your choice.
+//config: current directory.
+//config:
+//config:config FEATURE_UNZIP_CDF
+//config: bool "Read and use Central Directory data"
+//config: default y
+//config: depends on UNZIP
+//config: help
+//config: If you know that you only need to deal with simple
+//config: ZIP files without deleted/updated files, SFX archves etc,
+//config: you can reduce code size by unselecting this option.
+//config: To support less trivial ZIPs, say Y.
//applet:IF_UNZIP(APPLET(unzip, BB_DIR_USR_BIN, BB_SUID_DROP))
//kbuild:lib-$(CONFIG_UNZIP) += unzip.o
@@ -80,30 +88,20 @@ typedef union {
uint32_t ucmpsize PACKED; /* 18-21 */
uint16_t filename_len; /* 22-23 */
uint16_t extra_len; /* 24-25 */
+ /* filename follows (not NUL terminated) */
+ /* extra field follows */
+ /* data follows */
} formatted PACKED;
} zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
-/* Check the offset of the last element, not the length. This leniency
- * allows for poor packing, whereby the overall struct may be too long,
- * even though the elements are all in the right place.
- */
-struct BUG_zip_header_must_be_26_bytes {
- char BUG_zip_header_must_be_26_bytes[
- offsetof(zip_header_t, formatted.extra_len) + 2
- == ZIP_HEADER_LEN ? 1 : -1];
-};
-
-#define FIX_ENDIANNESS_ZIP(zip_header) do { \
- (zip_header).formatted.version = SWAP_LE16((zip_header).formatted.version ); \
- (zip_header).formatted.method = SWAP_LE16((zip_header).formatted.method ); \
- (zip_header).formatted.modtime = SWAP_LE16((zip_header).formatted.modtime ); \
- (zip_header).formatted.moddate = SWAP_LE16((zip_header).formatted.moddate ); \
+#define FIX_ENDIANNESS_ZIP(zip_header) \
+do { if (BB_BIG_ENDIAN) { \
(zip_header).formatted.crc32 = SWAP_LE32((zip_header).formatted.crc32 ); \
(zip_header).formatted.cmpsize = SWAP_LE32((zip_header).formatted.cmpsize ); \
(zip_header).formatted.ucmpsize = SWAP_LE32((zip_header).formatted.ucmpsize ); \
(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
(zip_header).formatted.extra_len = SWAP_LE16((zip_header).formatted.extra_len ); \
-} while (0)
+}} while (0)
#define CDF_HEADER_LEN 42
@@ -115,8 +113,8 @@ typedef union {
uint16_t version_needed; /* 2-3 */
uint16_t cdf_flags; /* 4-5 */
uint16_t method; /* 6-7 */
- uint16_t mtime; /* 8-9 */
- uint16_t mdate; /* 10-11 */
+ uint16_t modtime; /* 8-9 */
+ uint16_t moddate; /* 10-11 */
uint32_t crc32; /* 12-15 */
uint32_t cmpsize; /* 16-19 */
uint32_t ucmpsize; /* 20-23 */
@@ -127,27 +125,27 @@ typedef union {
uint16_t internal_file_attributes; /* 32-33 */
uint32_t external_file_attributes PACKED; /* 34-37 */
uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
+ /* filename follows (not NUL terminated) */
+ /* extra field follows */
+ /* comment follows */
} formatted PACKED;
} cdf_header_t;
-struct BUG_cdf_header_must_be_42_bytes {
- char BUG_cdf_header_must_be_42_bytes[
- offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
- == CDF_HEADER_LEN ? 1 : -1];
-};
-
-#define FIX_ENDIANNESS_CDF(cdf_header) do { \
+#define FIX_ENDIANNESS_CDF(cdf_header) \
+do { if (BB_BIG_ENDIAN) { \
+ (cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+ (cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
+ (cdf_header).formatted.method = SWAP_LE16((cdf_header).formatted.method ); \
+ (cdf_header).formatted.modtime = SWAP_LE16((cdf_header).formatted.modtime ); \
+ (cdf_header).formatted.moddate = SWAP_LE16((cdf_header).formatted.moddate ); \
(cdf_header).formatted.crc32 = SWAP_LE32((cdf_header).formatted.crc32 ); \
(cdf_header).formatted.cmpsize = SWAP_LE32((cdf_header).formatted.cmpsize ); \
(cdf_header).formatted.ucmpsize = SWAP_LE32((cdf_header).formatted.ucmpsize ); \
(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
- IF_DESKTOP( \
- (cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
- ) \
-} while (0)
+}} while (0)
#define CDE_HEADER_LEN 16
@@ -166,20 +164,38 @@ typedef union {
} formatted PACKED;
} cde_header_t;
-struct BUG_cde_header_must_be_16_bytes {
+#define FIX_ENDIANNESS_CDE(cde_header) \
+do { if (BB_BIG_ENDIAN) { \
+ (cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
+}} while (0)
+
+struct BUG {
+ /* Check the offset of the last element, not the length. This leniency
+ * allows for poor packing, whereby the overall struct may be too long,
+ * even though the elements are all in the right place.
+ */
+ char BUG_zip_header_must_be_26_bytes[
+ offsetof(zip_header_t, formatted.extra_len) + 2
+ == ZIP_HEADER_LEN ? 1 : -1];
+ char BUG_cdf_header_must_be_42_bytes[
+ offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
+ == CDF_HEADER_LEN ? 1 : -1];
char BUG_cde_header_must_be_16_bytes[
sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
};
-#define FIX_ENDIANNESS_CDE(cde_header) do { \
- (cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
-} while (0)
enum { zip_fd = 3 };
-#if ENABLE_DESKTOP
+/* This value means that we failed to find CDF */
+#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
+
+#if !ENABLE_FEATURE_UNZIP_CDF
+# define find_cdf_offset() BAD_CDF_OFFSET
+
+#else
/* Seen in the wild:
* Self-extracting PRO2K3XP_32.exe contains 19078464 byte zip archive,
* where CDE was nearly 48 kbytes before EOF.
@@ -188,25 +204,26 @@ enum { zip_fd = 3 };
* To make extraction work, bumped PEEK_FROM_END from 16k to 64k.
*/
#define PEEK_FROM_END (64*1024)
-
-/* This value means that we failed to find CDF */
-#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
-
/* NB: does not preserve file position! */
static uint32_t find_cdf_offset(void)
{
cde_header_t cde_header;
+ unsigned char *buf;
unsigned char *p;
off_t end;
- unsigned char *buf = xzalloc(PEEK_FROM_END);
uint32_t found;
- end = xlseek(zip_fd, 0, SEEK_END);
+ end = lseek(zip_fd, 0, SEEK_END);
+ if (end == (off_t) -1)
+ return BAD_CDF_OFFSET;
+
end -= PEEK_FROM_END;
if (end < 0)
end = 0;
+
dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
xlseek(zip_fd, end, SEEK_SET);
+ buf = xzalloc(PEEK_FROM_END);
full_read(zip_fd, buf, PEEK_FROM_END);
found = BAD_CDF_OFFSET;
@@ -252,30 +269,36 @@ static uint32_t find_cdf_offset(void)
static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
{
off_t org;
+ uint32_t magic;
- org = xlseek(zip_fd, 0, SEEK_CUR);
+ if (cdf_offset == BAD_CDF_OFFSET)
+ return cdf_offset;
- if (!cdf_offset)
- cdf_offset = find_cdf_offset();
-
- if (cdf_offset != BAD_CDF_OFFSET) {
- dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
- xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
- xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
- FIX_ENDIANNESS_CDF(*cdf_ptr);
- dbg(" file_name_length:%u extra_field_length:%u file_comment_length:%u",
- (unsigned)cdf_ptr->formatted.file_name_length,
- (unsigned)cdf_ptr->formatted.extra_field_length,
- (unsigned)cdf_ptr->formatted.file_comment_length
- );
- cdf_offset += 4 + CDF_HEADER_LEN
- + cdf_ptr->formatted.file_name_length
- + cdf_ptr->formatted.extra_field_length
- + cdf_ptr->formatted.file_comment_length;
+ org = xlseek(zip_fd, 0, SEEK_CUR);
+ dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ xlseek(zip_fd, cdf_offset, SEEK_SET);
+ xread(zip_fd, &magic, 4);
+ /* Central Directory End? */
+ if (magic == ZIP_CDE_MAGIC) {
+ dbg("got ZIP_CDE_MAGIC");
+ return 0; /* EOF */
}
+ xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+ /* Caller doesn't need this: */
+ /* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
+ /* xlseek(zip_fd, org, SEEK_SET); */
+
+ FIX_ENDIANNESS_CDF(*cdf_ptr);
+ dbg(" file_name_length:%u extra_field_length:%u file_comment_length:%u",
+ (unsigned)cdf_ptr->formatted.file_name_length,
+ (unsigned)cdf_ptr->formatted.extra_field_length,
+ (unsigned)cdf_ptr->formatted.file_comment_length
+ );
+ cdf_offset += 4 + CDF_HEADER_LEN
+ + cdf_ptr->formatted.file_name_length
+ + cdf_ptr->formatted.extra_field_length
+ + cdf_ptr->formatted.file_comment_length;
- dbg("Returning file position to 0x%"OFF_FMT"x", org);
- xlseek(zip_fd, org, SEEK_SET);
return cdf_offset;
};
#endif
@@ -324,6 +347,7 @@ static void unzip_extract(zip_header_t *zip_header, int dst_fd)
bb_error_msg("bad length");
}
}
+ /* TODO? method 12: bzip2, method 14: LZMA */
}
static void my_fgets80(char *buf80)
@@ -339,15 +363,12 @@ int unzip_main(int argc, char **argv)
{
enum { O_PROMPT, O_NEVER, O_ALWAYS };
- zip_header_t zip_header;
smallint quiet = 0;
- IF_NOT_DESKTOP(const) smallint verbose = 0;
+ IF_NOT_FEATURE_UNZIP_CDF(const) smallint verbose = 0;
smallint listing = 0;
smallint overwrite = O_PROMPT;
smallint x_opt_seen;
-#if ENABLE_DESKTOP
uint32_t cdf_offset;
-#endif
unsigned long total_usize;
unsigned long total_size;
unsigned total_entries;
@@ -430,7 +451,7 @@ int unzip_main(int argc, char **argv)
break;
case 'v': /* Verbose list */
- IF_DESKTOP(verbose++;)
+ IF_FEATURE_UNZIP_CDF(verbose++;)
listing = 1;
break;
@@ -545,78 +566,102 @@ int unzip_main(int argc, char **argv)
total_usize = 0;
total_size = 0;
total_entries = 0;
-#if ENABLE_DESKTOP
- cdf_offset = 0;
-#endif
+ cdf_offset = find_cdf_offset(); /* try to seek to the end, find CDE and CDF start */
while (1) {
- uint32_t magic;
+ zip_header_t zip_header;
mode_t dir_mode = 0777;
-#if ENABLE_DESKTOP
+#if ENABLE_FEATURE_UNZIP_CDF
mode_t file_mode = 0666;
#endif
- /* Check magic number */
- xread(zip_fd, &magic, 4);
- /* Central directory? It's at the end, so exit */
- if (magic == ZIP_CDF_MAGIC) {
- dbg("got ZIP_CDF_MAGIC");
- break;
- }
-#if ENABLE_DESKTOP
- /* Data descriptor? It was a streaming file, go on */
- if (magic == ZIP_DD_MAGIC) {
- dbg("got ZIP_DD_MAGIC");
- /* skip over duplicate crc32, cmpsize and ucmpsize */
- unzip_skip(3 * 4);
- continue;
- }
-#endif
- if (magic != ZIP_FILEHEADER_MAGIC)
- bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
- dbg("got ZIP_FILEHEADER_MAGIC");
-
- /* Read the file header */
- xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
- FIX_ENDIANNESS_ZIP(zip_header);
- if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
- bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
- }
-#if !ENABLE_DESKTOP
- if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
- bb_error_msg_and_die("zip flags 1 and 8 are not supported");
- }
-#else
- if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
- /* 0x0001 - encrypted */
- bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
- }
+ if (!ENABLE_FEATURE_UNZIP_CDF || cdf_offset == BAD_CDF_OFFSET) {
+ /* Normally happens when input is unseekable.
+ *
+ * Valid ZIP file has Central Directory at the end
+ * with central directory file headers (CDFs).
+ * After it, there is a Central Directory End structure.
+ * CDFs identify what files are in the ZIP and where
+ * they are located. This allows ZIP readers to load
+ * the list of files without reading the entire ZIP archive.
+ * ZIP files may be appended to, only files specified in
+ * the CD are valid. Scanning for local file headers is
+ * not a correct algorithm.
+ *
+ * We try to do the above, and resort to "linear" reading
+ * of ZIP file only if seek failed or CDE wasn't found.
+ */
+ uint32_t magic;
- if (cdf_offset != BAD_CDF_OFFSET) {
+ /* Check magic number */
+ xread(zip_fd, &magic, 4);
+ /* Central directory? It's at the end, so exit */
+ if (magic == ZIP_CDF_MAGIC) {
+ dbg("got ZIP_CDF_MAGIC");
+ break;
+ }
+ /* Data descriptor? It was a streaming file, go on */
+ if (magic == ZIP_DD_MAGIC) {
+ dbg("got ZIP_DD_MAGIC");
+ /* skip over duplicate crc32, cmpsize and ucmpsize */
+ unzip_skip(3 * 4);
+ continue;
+ }
+ if (magic != ZIP_FILEHEADER_MAGIC)
+ bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+ dbg("got ZIP_FILEHEADER_MAGIC");
+
+ xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+ FIX_ENDIANNESS_ZIP(zip_header);
+ if ((zip_header.formatted.method != 0)
+ && (zip_header.formatted.method != 8)
+ ) {
+ /* TODO? method 12: bzip2, method 14: LZMA */
+ bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
+ }
+ if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
+ bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+ }
+ }
+#if ENABLE_FEATURE_UNZIP_CDF
+ else {
+ /* cdf_offset is valid (and we know the file is seekable) */
cdf_header_t cdf_header;
cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
- /*
- * Note: cdf_offset can become BAD_CDF_OFFSET after the above call.
- */
+ if (cdf_offset == 0) /* EOF? */
+ break;
+# if 0
+ xlseek(zip_fd,
+ SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
+ SEEK_SET);
+ xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+ FIX_ENDIANNESS_ZIP(zip_header);
if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
- * only from Central Directory. See unzip_doc.txt
+ * only from Central Directory.
*/
zip_header.formatted.crc32 = cdf_header.formatted.crc32;
zip_header.formatted.cmpsize = cdf_header.formatted.cmpsize;
zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
}
+# else
+ /* CDF has the same data as local header, no need to read the latter */
+ memcpy(&zip_header.formatted.version,
+ &cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
+ xlseek(zip_fd,
+ SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
+ SEEK_SET);
+# endif
if ((cdf_header.formatted.version_made_by >> 8) == 3) {
/* This archive is created on Unix */
dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
}
}
- if (cdf_offset == BAD_CDF_OFFSET
- && (zip_header.formatted.zip_flags & SWAP_LE16(0x0008))
- ) {
- /* If it's a streaming zip, we _require_ CDF */
- bb_error_msg_and_die("can't find file table");
- }
#endif
+
+ if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
+ /* 0x0001 - encrypted */
+ bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+ }
dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
(unsigned)zip_header.formatted.cmpsize,
(unsigned)zip_header.formatted.extra_len,
@@ -751,7 +796,7 @@ int unzip_main(int argc, char **argv)
overwrite = O_ALWAYS;
case 'y': /* Open file and fall into unzip */
unzip_create_leading_dirs(dst_fn);
-#if ENABLE_DESKTOP
+#if ENABLE_FEATURE_UNZIP_CDF
dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
#else
dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
index d8738a3bd..d9c45242c 100755
--- a/testsuite/unzip.tests
+++ b/testsuite/unzip.tests
@@ -31,11 +31,10 @@ rmdir foo
rm foo.zip
# File containing some damaged encrypted stream
+optional FEATURE_UNZIP_CDF
testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
"Archive: bad.zip
- inflating: ]3j½r«IK-%Ix
-unzip: corrupted data
-unzip: inflate error
+unzip: short read
1
" \
"" "\
@@ -49,6 +48,7 @@ BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
====
"
+SKIP=
rm *
--
2.11.0
@@ -1,4 +1,4 @@
From 4316dff48aacb29307e1b52cb761fef603759b9d Mon Sep 17 00:00:00 2001
From 2b400d9b2b7309d6e479102fc3ce646e893058a5 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 18 Sep 2017 13:09:11 +0200
Subject: [PATCH] httpd: fix handling of range requests
@@ -10,7 +10,7 @@ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/networking/httpd.c b/networking/httpd.c
index d301d598d..84d819723 100644
index e072f23c7..5e32fc936 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
@@ -1,27 +0,0 @@
From f8692dc6a0035788a83821fa18b987d8748f97a7 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Thu, 5 Jan 2017 11:47:28 +0100
Subject: [PATCH] typo fix in config help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
archival/unzip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/archival/unzip.c b/archival/unzip.c
index edef22f75..f1726439d 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -31,7 +31,7 @@
//config: depends on UNZIP
//config: help
//config: If you know that you only need to deal with simple
-//config: ZIP files without deleted/updated files, SFX archves etc,
+//config: ZIP files without deleted/updated files, SFX archives etc,
//config: you can reduce code size by unselecting this option.
//config: To support less trivial ZIPs, say Y.
--
2.11.0
@@ -0,0 +1,101 @@
From 0402cb32df015d9372578e3db27db47b33d5c7b0 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 22 Oct 2017 18:23:23 +0200
Subject: [PATCH] bunzip2: fix runCnt overflow from bug 10431
This particular corrupted file can be dealth with by using "unsigned".
If there will be cases where it genuinely overflows, there is a disabled
code to deal with that too.
function old new delta
get_next_block 1678 1667 -11
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 0402cb32df0
archival/libarchive/decompress_bunzip2.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
index 7cd18f5ed4cf..bec89edd3a4d 100644
--- a/archival/libarchive/decompress_bunzip2.c
+++ b/archival/libarchive/decompress_bunzip2.c
@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
static int get_next_block(bunzip_data *bd)
{
struct group_data *hufGroup;
- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
- int runCnt = runCnt; /* for compiler */
+ int groupCount, *base, *limit, selector,
+ i, j, symCount, symTotal, nSelectors, byteCount[256];
uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
uint32_t *dbuf;
unsigned origPtr, t;
+ unsigned dbufCount, runPos;
+ unsigned runCnt = runCnt; /* for compiler */
dbuf = bd->dbuf;
- dbufSize = bd->dbufSize;
selectors = bd->selectors;
/* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
it didn't actually work. */
if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
origPtr = get_bits(bd, 24);
- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
/* mapping table: if some byte values are never used (encoding things
like ascii text), the compression code removes the gaps to have fewer
@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
symbols, but a run of length 0 doesn't mean anything in this
context). Thus space is saved. */
runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
- if (runPos < dbufSize) runPos <<= 1;
+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
+//This would be the fix (catches too large count way before it can overflow):
+// if (runCnt > bd->dbufSize) {
+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
+// runCnt, bd->dbufSize);
+// return RETVAL_DATA_ERROR;
+// }
+ if (runPos < bd->dbufSize) runPos <<= 1;
goto end_of_huffman_loop;
}
@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
literal used is the one at the head of the mtfSymbol array.) */
if (runPos != 0) {
uint8_t tmp_byte;
- if (dbufCount + runCnt > dbufSize) {
- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
+ if (dbufCount + runCnt > bd->dbufSize) {
+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
return RETVAL_DATA_ERROR;
}
tmp_byte = symToByte[mtfSymbol[0]];
byteCount[tmp_byte] += runCnt;
- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
+ while ((int)--runCnt >= 0)
+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
runPos = 0;
}
@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
first symbol in the mtf array, position 0, would have been handled
as part of a run above. Therefore 1 unused mtf position minus
2 non-literal nextSym values equals -1.) */
- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
i = nextSym - 1;
uc = mtfSymbol[i];
--
2.15.1
@@ -1,50 +0,0 @@
From 50504d3a3badb8ab80bd33797abcbb3b7427c267 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Date: Thu, 5 Jan 2017 19:07:54 +0100
Subject: [PATCH] unzip: remove now-pointless lseek which returns current
position
archival/unzip.c: In function 'read_next_cdf':
archival/unzip.c:271:8: warning: variable 'org' set but
not used [-Wunused-but-set-variable]
off_t org;
^~~
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
archival/unzip.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/archival/unzip.c b/archival/unzip.c
index f1726439d..98a71c09d 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -268,13 +268,11 @@ static uint32_t find_cdf_offset(void)
static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
{
- off_t org;
uint32_t magic;
if (cdf_offset == BAD_CDF_OFFSET)
return cdf_offset;
- org = xlseek(zip_fd, 0, SEEK_CUR);
dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
xlseek(zip_fd, cdf_offset, SEEK_SET);
xread(zip_fd, &magic, 4);
@@ -284,9 +282,6 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
return 0; /* EOF */
}
xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
- /* Caller doesn't need this: */
- /* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
- /* xlseek(zip_fd, org, SEEK_SET); */
FIX_ENDIANNESS_CDF(*cdf_ptr);
dbg(" file_name_length:%u extra_field_length:%u file_comment_length:%u",
--
2.11.0
@@ -0,0 +1,34 @@
From 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 27 Oct 2017 15:37:03 +0200
Subject: [PATCH] unlzma: fix SEGV, closes 10436
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 9ac42c500586f
archival/libarchive/decompress_unlzma.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index a9040877efa0..be4342414435 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -450,8 +450,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
IF_NOT_FEATURE_LZMA_FAST(string:)
do {
uint32_t pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ /* bug 10436 has an example file where this triggers: */
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
previous_byte = buffer[pos];
IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
buffer[buffer_pos++] = previous_byte;
--
2.15.1
@@ -1,509 +0,0 @@
From ee72302ac5e3b0b2217f616ab316d3c89e5a1f4c Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 8 Jan 2017 14:14:19 +0100
Subject: [PATCH] unzip: do not use CDF.extra_len, read local file header.
Closes 9536
While at it, shorten many field and variable names.
function old new delta
unzip_main 2334 2376 +42
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
archival/unzip.c | 236 ++++++++++++++++++++++++++------------------------
testsuite/unzip.tests | 4 +-
2 files changed, 125 insertions(+), 115 deletions(-)
diff --git a/archival/unzip.c b/archival/unzip.c
index 98a71c09d..921493591 100644
--- a/archival/unzip.c
+++ b/archival/unzip.c
@@ -62,8 +62,8 @@
enum {
#if BB_BIG_ENDIAN
ZIP_FILEHEADER_MAGIC = 0x504b0304,
- ZIP_CDF_MAGIC = 0x504b0102, /* central directory's file header */
- ZIP_CDE_MAGIC = 0x504b0506, /* "end of central directory" record */
+ ZIP_CDF_MAGIC = 0x504b0102, /* CDF item */
+ ZIP_CDE_MAGIC = 0x504b0506, /* End of CDF */
ZIP_DD_MAGIC = 0x504b0708,
#else
ZIP_FILEHEADER_MAGIC = 0x04034b50,
@@ -91,16 +91,16 @@ typedef union {
/* filename follows (not NUL terminated) */
/* extra field follows */
/* data follows */
- } formatted PACKED;
+ } fmt PACKED;
} zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
-#define FIX_ENDIANNESS_ZIP(zip_header) \
+#define FIX_ENDIANNESS_ZIP(zip) \
do { if (BB_BIG_ENDIAN) { \
- (zip_header).formatted.crc32 = SWAP_LE32((zip_header).formatted.crc32 ); \
- (zip_header).formatted.cmpsize = SWAP_LE32((zip_header).formatted.cmpsize ); \
- (zip_header).formatted.ucmpsize = SWAP_LE32((zip_header).formatted.ucmpsize ); \
- (zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
- (zip_header).formatted.extra_len = SWAP_LE16((zip_header).formatted.extra_len ); \
+ (zip).fmt.crc32 = SWAP_LE32((zip).fmt.crc32 ); \
+ (zip).fmt.cmpsize = SWAP_LE32((zip).fmt.cmpsize ); \
+ (zip).fmt.ucmpsize = SWAP_LE32((zip).fmt.ucmpsize ); \
+ (zip).fmt.filename_len = SWAP_LE16((zip).fmt.filename_len); \
+ (zip).fmt.extra_len = SWAP_LE16((zip).fmt.extra_len ); \
}} while (0)
#define CDF_HEADER_LEN 42
@@ -118,39 +118,39 @@ typedef union {
uint32_t crc32; /* 12-15 */
uint32_t cmpsize; /* 16-19 */
uint32_t ucmpsize; /* 20-23 */
- uint16_t file_name_length; /* 24-25 */
- uint16_t extra_field_length; /* 26-27 */
+ uint16_t filename_len; /* 24-25 */
+ uint16_t extra_len; /* 26-27 */
uint16_t file_comment_length; /* 28-29 */
uint16_t disk_number_start; /* 30-31 */
- uint16_t internal_file_attributes; /* 32-33 */
- uint32_t external_file_attributes PACKED; /* 34-37 */
+ uint16_t internal_attributes; /* 32-33 */
+ uint32_t external_attributes PACKED; /* 34-37 */
uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
/* filename follows (not NUL terminated) */
/* extra field follows */
- /* comment follows */
- } formatted PACKED;
+ /* file comment follows */
+ } fmt PACKED;
} cdf_header_t;
-#define FIX_ENDIANNESS_CDF(cdf_header) \
+#define FIX_ENDIANNESS_CDF(cdf) \
do { if (BB_BIG_ENDIAN) { \
- (cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
- (cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
- (cdf_header).formatted.method = SWAP_LE16((cdf_header).formatted.method ); \
- (cdf_header).formatted.modtime = SWAP_LE16((cdf_header).formatted.modtime ); \
- (cdf_header).formatted.moddate = SWAP_LE16((cdf_header).formatted.moddate ); \
- (cdf_header).formatted.crc32 = SWAP_LE32((cdf_header).formatted.crc32 ); \
- (cdf_header).formatted.cmpsize = SWAP_LE32((cdf_header).formatted.cmpsize ); \
- (cdf_header).formatted.ucmpsize = SWAP_LE32((cdf_header).formatted.ucmpsize ); \
- (cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
- (cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
- (cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
- (cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
+ (cdf).fmt.version_made_by = SWAP_LE16((cdf).fmt.version_made_by); \
+ (cdf).fmt.version_needed = SWAP_LE16((cdf).fmt.version_needed); \
+ (cdf).fmt.method = SWAP_LE16((cdf).fmt.method ); \
+ (cdf).fmt.modtime = SWAP_LE16((cdf).fmt.modtime ); \
+ (cdf).fmt.moddate = SWAP_LE16((cdf).fmt.moddate ); \
+ (cdf).fmt.crc32 = SWAP_LE32((cdf).fmt.crc32 ); \
+ (cdf).fmt.cmpsize = SWAP_LE32((cdf).fmt.cmpsize ); \
+ (cdf).fmt.ucmpsize = SWAP_LE32((cdf).fmt.ucmpsize ); \
+ (cdf).fmt.filename_len = SWAP_LE16((cdf).fmt.filename_len); \
+ (cdf).fmt.extra_len = SWAP_LE16((cdf).fmt.extra_len ); \
+ (cdf).fmt.file_comment_length = SWAP_LE16((cdf).fmt.file_comment_length); \
+ (cdf).fmt.external_attributes = SWAP_LE32((cdf).fmt.external_attributes); \
}} while (0)
-#define CDE_HEADER_LEN 16
+#define CDE_LEN 16
typedef union {
- uint8_t raw[CDE_HEADER_LEN];
+ uint8_t raw[CDE_LEN];
struct {
/* uint32_t signature; 50 4b 05 06 */
uint16_t this_disk_no;
@@ -159,14 +159,14 @@ typedef union {
uint16_t cdf_entries_total;
uint32_t cdf_size;
uint32_t cdf_offset;
- /* uint16_t file_comment_length; */
- /* .ZIP file comment (variable size) */
- } formatted PACKED;
-} cde_header_t;
+ /* uint16_t archive_comment_length; */
+ /* archive comment follows */
+ } fmt PACKED;
+} cde_t;
-#define FIX_ENDIANNESS_CDE(cde_header) \
+#define FIX_ENDIANNESS_CDE(cde) \
do { if (BB_BIG_ENDIAN) { \
- (cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
+ (cde).fmt.cdf_offset = SWAP_LE32((cde).fmt.cdf_offset); \
}} while (0)
struct BUG {
@@ -175,13 +175,13 @@ struct BUG {
* even though the elements are all in the right place.
*/
char BUG_zip_header_must_be_26_bytes[
- offsetof(zip_header_t, formatted.extra_len) + 2
+ offsetof(zip_header_t, fmt.extra_len) + 2
== ZIP_HEADER_LEN ? 1 : -1];
char BUG_cdf_header_must_be_42_bytes[
- offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
+ offsetof(cdf_header_t, fmt.relative_offset_of_local_header) + 4
== CDF_HEADER_LEN ? 1 : -1];
- char BUG_cde_header_must_be_16_bytes[
- sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
+ char BUG_cde_must_be_16_bytes[
+ sizeof(cde_t) == CDE_LEN ? 1 : -1];
};
@@ -207,7 +207,7 @@ enum { zip_fd = 3 };
/* NB: does not preserve file position! */
static uint32_t find_cdf_offset(void)
{
- cde_header_t cde_header;
+ cde_t cde;
unsigned char *buf;
unsigned char *p;
off_t end;
@@ -228,7 +228,7 @@ static uint32_t find_cdf_offset(void)
found = BAD_CDF_OFFSET;
p = buf;
- while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
+ while (p <= buf + PEEK_FROM_END - CDE_LEN - 4) {
if (*p != 'P') {
p++;
continue;
@@ -240,19 +240,19 @@ static uint32_t find_cdf_offset(void)
if (*++p != 6)
continue;
/* we found CDE! */
- memcpy(cde_header.raw, p + 1, CDE_HEADER_LEN);
- FIX_ENDIANNESS_CDE(cde_header);
+ memcpy(cde.raw, p + 1, CDE_LEN);
+ FIX_ENDIANNESS_CDE(cde);
/*
* I've seen .ZIP files with seemingly valid CDEs
* where cdf_offset points past EOF - ??
* This check ignores such CDEs:
*/
- if (cde_header.formatted.cdf_offset < end + (p - buf)) {
- found = cde_header.formatted.cdf_offset;
+ if (cde.fmt.cdf_offset < end + (p - buf)) {
+ found = cde.fmt.cdf_offset;
dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
(unsigned)found, end + (p-3 - buf));
dbg(" cdf_offset+cdf_size:0x%x",
- (unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
+ (unsigned)(found + SWAP_LE32(cde.fmt.cdf_size)));
/*
* We do not "break" here because only the last CDE is valid.
* I've seen a .zip archive which contained a .zip file,
@@ -266,7 +266,7 @@ static uint32_t find_cdf_offset(void)
return found;
};
-static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf)
{
uint32_t magic;
@@ -276,23 +276,25 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
xlseek(zip_fd, cdf_offset, SEEK_SET);
xread(zip_fd, &magic, 4);
- /* Central Directory End? */
+ /* Central Directory End? Assume CDF has ended.
+ * (more correct method is to use cde.cdf_entries_total counter)
+ */
if (magic == ZIP_CDE_MAGIC) {
dbg("got ZIP_CDE_MAGIC");
return 0; /* EOF */
}
- xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+ xread(zip_fd, cdf->raw, CDF_HEADER_LEN);
- FIX_ENDIANNESS_CDF(*cdf_ptr);
- dbg(" file_name_length:%u extra_field_length:%u file_comment_length:%u",
- (unsigned)cdf_ptr->formatted.file_name_length,
- (unsigned)cdf_ptr->formatted.extra_field_length,
- (unsigned)cdf_ptr->formatted.file_comment_length
+ FIX_ENDIANNESS_CDF(*cdf);
+ dbg(" filename_len:%u extra_len:%u file_comment_length:%u",
+ (unsigned)cdf->fmt.filename_len,
+ (unsigned)cdf->fmt.extra_len,
+ (unsigned)cdf->fmt.file_comment_length
);
cdf_offset += 4 + CDF_HEADER_LEN
- + cdf_ptr->formatted.file_name_length
- + cdf_ptr->formatted.extra_field_length
- + cdf_ptr->formatted.file_comment_length;
+ + cdf->fmt.filename_len
+ + cdf->fmt.extra_len
+ + cdf->fmt.file_comment_length;
return cdf_offset;
};
@@ -315,28 +317,28 @@ static void unzip_create_leading_dirs(const char *fn)
free(name);
}
-static void unzip_extract(zip_header_t *zip_header, int dst_fd)
+static void unzip_extract(zip_header_t *zip, int dst_fd)
{
- if (zip_header->formatted.method == 0) {
+ if (zip->fmt.method == 0) {
/* Method 0 - stored (not compressed) */
- off_t size = zip_header->formatted.ucmpsize;
+ off_t size = zip->fmt.ucmpsize;
if (size)
bb_copyfd_exact_size(zip_fd, dst_fd, size);
} else {
/* Method 8 - inflate */
transformer_state_t xstate;
init_transformer_state(&xstate);
- xstate.bytes_in = zip_header->formatted.cmpsize;
+ xstate.bytes_in = zip->fmt.cmpsize;
xstate.src_fd = zip_fd;
xstate.dst_fd = dst_fd;
if (inflate_unzip(&xstate) < 0)
bb_error_msg_and_die("inflate error");
/* Validate decompression - crc */
- if (zip_header->formatted.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
+ if (zip->fmt.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
bb_error_msg_and_die("crc error");
}
/* Validate decompression - size */
- if (zip_header->formatted.ucmpsize != xstate.bytes_out) {
+ if (zip->fmt.ucmpsize != xstate.bytes_out) {
/* Don't die. Who knows, maybe len calculation
* was botched somewhere. After all, crc matched! */
bb_error_msg("bad length");
@@ -563,7 +565,7 @@ int unzip_main(int argc, char **argv)
total_entries = 0;
cdf_offset = find_cdf_offset(); /* try to seek to the end, find CDE and CDF start */
while (1) {
- zip_header_t zip_header;
+ zip_header_t zip;
mode_t dir_mode = 0777;
#if ENABLE_FEATURE_UNZIP_CDF
mode_t file_mode = 0666;
@@ -589,7 +591,7 @@ int unzip_main(int argc, char **argv)
/* Check magic number */
xread(zip_fd, &magic, 4);
- /* Central directory? It's at the end, so exit */
+ /* CDF item? Assume there are no more files, exit */
if (magic == ZIP_CDF_MAGIC) {
dbg("got ZIP_CDF_MAGIC");
break;
@@ -605,71 +607,74 @@ int unzip_main(int argc, char **argv)
bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
dbg("got ZIP_FILEHEADER_MAGIC");
- xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
- FIX_ENDIANNESS_ZIP(zip_header);
- if ((zip_header.formatted.method != 0)
- && (zip_header.formatted.method != 8)
+ xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
+ FIX_ENDIANNESS_ZIP(zip);
+ if ((zip.fmt.method != 0)
+ && (zip.fmt.method != 8)
) {
/* TODO? method 12: bzip2, method 14: LZMA */
- bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
+ bb_error_msg_and_die("unsupported method %d", zip.fmt.method);
}
- if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
+ if (zip.fmt.zip_flags & SWAP_LE16(0x0009)) {
bb_error_msg_and_die("zip flags 1 and 8 are not supported");
}
}
#if ENABLE_FEATURE_UNZIP_CDF
else {
/* cdf_offset is valid (and we know the file is seekable) */
- cdf_header_t cdf_header;
- cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
+ cdf_header_t cdf;
+ cdf_offset = read_next_cdf(cdf_offset, &cdf);
if (cdf_offset == 0) /* EOF? */
break;
-# if 0
+# if 1
xlseek(zip_fd,
- SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
+ SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4,
SEEK_SET);
- xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
- FIX_ENDIANNESS_ZIP(zip_header);
- if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
+ xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
+ FIX_ENDIANNESS_ZIP(zip);
+ if (zip.fmt.zip_flags & SWAP_LE16(0x0008)) {
/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
* only from Central Directory.
*/
- zip_header.formatted.crc32 = cdf_header.formatted.crc32;
- zip_header.formatted.cmpsize = cdf_header.formatted.cmpsize;
- zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
+ zip.fmt.crc32 = cdf.fmt.crc32;
+ zip.fmt.cmpsize = cdf.fmt.cmpsize;
+ zip.fmt.ucmpsize = cdf.fmt.ucmpsize;
}
# else
- /* CDF has the same data as local header, no need to read the latter */
- memcpy(&zip_header.formatted.version,
- &cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
+ /* CDF has the same data as local header, no need to read the latter...
+ * ...not really. An archive was seen with cdf.extra_len == 6 but
+ * zip.extra_len == 0.
+ */
+ memcpy(&zip.fmt.version,
+ &cdf.fmt.version_needed, ZIP_HEADER_LEN);
xlseek(zip_fd,
- SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
+ SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
SEEK_SET);
# endif
- if ((cdf_header.formatted.version_made_by >> 8) == 3) {
+ if ((cdf.fmt.version_made_by >> 8) == 3) {
/* This archive is created on Unix */
- dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
+ dir_mode = file_mode = (cdf.fmt.external_attributes >> 16);
}
}
#endif
- if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
+ if (zip.fmt.zip_flags & SWAP_LE16(0x0001)) {
/* 0x0001 - encrypted */
bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
}
dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
- (unsigned)zip_header.formatted.cmpsize,
- (unsigned)zip_header.formatted.extra_len,
- (unsigned)zip_header.formatted.ucmpsize
+ (unsigned)zip.fmt.cmpsize,
+ (unsigned)zip.fmt.extra_len,
+ (unsigned)zip.fmt.ucmpsize
);
/* Read filename */
free(dst_fn);
- dst_fn = xzalloc(zip_header.formatted.filename_len + 1);
- xread(zip_fd, dst_fn, zip_header.formatted.filename_len);
+ dst_fn = xzalloc(zip.fmt.filename_len + 1);
+ xread(zip_fd, dst_fn, zip.fmt.filename_len);
/* Skip extra header bytes */
- unzip_skip(zip_header.formatted.extra_len);
+ unzip_skip(zip.fmt.extra_len);
/* Guard against "/abspath", "/../" and similar attacks */
overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
@@ -684,32 +689,32 @@ int unzip_main(int argc, char **argv)
/* List entry */
char dtbuf[sizeof("mm-dd-yyyy hh:mm")];
sprintf(dtbuf, "%02u-%02u-%04u %02u:%02u",
- (zip_header.formatted.moddate >> 5) & 0xf, // mm: 0x01e0
- (zip_header.formatted.moddate) & 0x1f, // dd: 0x001f
- (zip_header.formatted.moddate >> 9) + 1980, // yy: 0xfe00
- (zip_header.formatted.modtime >> 11), // hh: 0xf800
- (zip_header.formatted.modtime >> 5) & 0x3f // mm: 0x07e0
- // seconds/2 are not shown, encoded in ----------- 0x001f
+ (zip.fmt.moddate >> 5) & 0xf, // mm: 0x01e0
+ (zip.fmt.moddate) & 0x1f, // dd: 0x001f
+ (zip.fmt.moddate >> 9) + 1980, // yy: 0xfe00
+ (zip.fmt.modtime >> 11), // hh: 0xf800
+ (zip.fmt.modtime >> 5) & 0x3f // mm: 0x07e0
+ // seconds/2 not shown, encoded in -- 0x001f
);
if (!verbose) {
// " Length Date Time Name\n"
// "--------- ---------- ----- ----"
printf( "%9u " "%s " "%s\n",
- (unsigned)zip_header.formatted.ucmpsize,
+ (unsigned)zip.fmt.ucmpsize,
dtbuf,
dst_fn);
} else {
- unsigned long percents = zip_header.formatted.ucmpsize - zip_header.formatted.cmpsize;
+ unsigned long percents = zip.fmt.ucmpsize - zip.fmt.cmpsize;
if ((int32_t)percents < 0)
percents = 0; /* happens if ucmpsize < cmpsize */
percents = percents * 100;
- if (zip_header.formatted.ucmpsize)
- percents /= zip_header.formatted.ucmpsize;
+ if (zip.fmt.ucmpsize)
+ percents /= zip.fmt.ucmpsize;
// " Length Method Size Cmpr Date Time CRC-32 Name\n"
// "-------- ------ ------- ---- ---------- ----- -------- ----"
printf( "%8u %s" "%9u%4u%% " "%s " "%08x " "%s\n",
- (unsigned)zip_header.formatted.ucmpsize,
- zip_header.formatted.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
+ (unsigned)zip.fmt.ucmpsize,
+ zip.fmt.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
/* TODO: show other methods?
* 1 - Shrunk
* 2 - Reduced with compression factor 1
@@ -722,15 +727,16 @@ int unzip_main(int argc, char **argv)
* 10 - PKWARE Data Compression Library Imploding
* 11 - Reserved by PKWARE
* 12 - BZIP2
+ * 14 - LZMA
*/
- (unsigned)zip_header.formatted.cmpsize,
+ (unsigned)zip.fmt.cmpsize,
(unsigned)percents,
dtbuf,
- zip_header.formatted.crc32,
+ zip.fmt.crc32,
dst_fn);
- total_size += zip_header.formatted.cmpsize;
+ total_size += zip.fmt.cmpsize;
}
- total_usize += zip_header.formatted.ucmpsize;
+ total_usize += zip.fmt.ucmpsize;
i = 'n';
} else if (dst_fd == STDOUT_FILENO) {
/* Extracting to STDOUT */
@@ -798,9 +804,11 @@ int unzip_main(int argc, char **argv)
#endif
case -1: /* Unzip */
if (!quiet) {
- printf(" inflating: %s\n", dst_fn);
+ printf(/* zip.fmt.method == 0
+ ? " extracting: %s\n"
+ : */ " inflating: %s\n", dst_fn);
}
- unzip_extract(&zip_header, dst_fd);
+ unzip_extract(&zip, dst_fd);
if (dst_fd != STDOUT_FILENO) {
/* closing STDOUT is potentially bad for future business */
close(dst_fd);
@@ -811,7 +819,7 @@ int unzip_main(int argc, char **argv)
overwrite = O_NEVER;
case 'n':
/* Skip entry data */
- unzip_skip(zip_header.formatted.cmpsize);
+ unzip_skip(zip.fmt.cmpsize);
break;
case 'r':
diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
index d9c45242c..2e4becdb8 100755
--- a/testsuite/unzip.tests
+++ b/testsuite/unzip.tests
@@ -34,7 +34,9 @@ rm foo.zip
optional FEATURE_UNZIP_CDF
testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
"Archive: bad.zip
-unzip: short read
+ inflating: ]3j½r«IK-%Ix
+unzip: corrupted data
+unzip: inflate error
1
" \
"" "\
--
2.11.0
+108 -70
View File
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.26.0
# Thu Dec 29 21:13:55 2016
# Busybox version: 1.27.1
# Sun Jul 30 15:42:11 2017
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -12,7 +12,6 @@ CONFIG_HAVE_DOT_CONFIG=y
# CONFIG_EXTRA_COMPAT is not set
CONFIG_INCLUDE_SUSv2=y
# CONFIG_USE_PORTABLE_CODE is not set
CONFIG_PLATFORM_LINUX=y
# CONFIG_SHOW_USAGE is not set
# CONFIG_FEATURE_VERBOSE_USAGE is not set
# CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,13 +34,14 @@ CONFIG_FEATURE_SUID=y
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_HAVE_RPC is not set
CONFIG_PLATFORM_LINUX=y
#
# Build Options
#
CONFIG_STATIC=y
# CONFIG_PIE is not set
CONFIG_NOMMU=y
# CONFIG_NOMMU is not set
# CONFIG_BUILD_LIBBUSYBOX is not set
# CONFIG_FEATURE_INDIVIDUAL is not set
# CONFIG_FEATURE_SHARED_BUSYBOX is not set
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
# CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_LZCAT=y
CONFIG_XZCAT=y
# CONFIG_XZ is not set
# CONFIG_BZIP2 is not set
CONFIG_FEATURE_BZIP2_DECOMPRESS=y
# CONFIG_CPIO is not set
# CONFIG_FEATURE_CPIO_O is not set
# CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_XZCAT=y
# CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
CONFIG_GZIP_FAST=0
# CONFIG_FEATURE_GZIP_LEVELS is not set
CONFIG_FEATURE_GZIP_DECOMPRESS=y
# CONFIG_LZOP is not set
CONFIG_UNLZOP=y
CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
# CONFIG_TAR is not set
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_FEATURE_TAR_CREATE is not set
# CONFIG_FEATURE_TAR_AUTODETECT is not set
# CONFIG_FEATURE_TAR_FROM is not set
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_GNU_EXTENSIONS is not set
# CONFIG_FEATURE_TAR_LONG_OPTIONS is not set
# CONFIG_FEATURE_TAR_TO_COMMAND is not set
# CONFIG_FEATURE_TAR_UNAME_GNAME is not set
# CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
# CONFIG_FEATURE_TAR_SELINUX is not set
# CONFIG_UNZIP is not set
# CONFIG_FEATURE_UNZIP_CDF is not set
# CONFIG_FEATURE_UNZIP_BZIP2 is not set
# CONFIG_FEATURE_UNZIP_LZMA is not set
# CONFIG_FEATURE_UNZIP_XZ is not set
#
# Coreutils
#
CONFIG_BASENAME=y
# CONFIG_CAL is not set
CONFIG_CAT=y
CONFIG_CATV=y
CONFIG_FEATURE_CATV=y
CONFIG_CHGRP=y
CONFIG_CHMOD=y
CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
CONFIG_EXPR_MATH_SUPPORT_64=y
CONFIG_FACTOR=y
CONFIG_FALSE=y
CONFIG_FOLD=y
# CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
# CONFIG_GROUPS is not set
CONFIG_INSTALL=y
CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
CONFIG_LINK=y
CONFIG_LN=y
CONFIG_LOGNAME=y
CONFIG_LS=y
CONFIG_FEATURE_LS_FILETYPES=y
CONFIG_FEATURE_LS_FOLLOWLINKS=y
CONFIG_FEATURE_LS_RECURSIVE=y
CONFIG_FEATURE_LS_WIDTH=y
CONFIG_FEATURE_LS_SORTFILES=y
CONFIG_FEATURE_LS_TIMESTAMPS=y
CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
CONFIG_MKFIFO=y
CONFIG_MKNOD=y
# CONFIG_MKTEMP is not set
CONFIG_MV=y
CONFIG_FEATURE_MV_LONG_OPTIONS=y
CONFIG_NICE=y
CONFIG_NL=y
CONFIG_NOHUP=y
CONFIG_NPROC=y
CONFIG_OD=y
CONFIG_PASTE=y
CONFIG_PRINTENV=y
CONFIG_PRINTF=y
CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
CONFIG_RMDIR=y
# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
CONFIG_SEQ=y
CONFIG_SHRED=y
# CONFIG_SHUF is not set
CONFIG_SLEEP=y
CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
CONFIG_TEST1=y
CONFIG_TEST2=y
CONFIG_FEATURE_TEST_64=y
# CONFIG_TIMEOUT is not set
CONFIG_TOUCH=y
# CONFIG_FEATURE_TOUCH_NODEREF is not set
CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
CONFIG_WHOAMI=y
CONFIG_WHO=y
CONFIG_W=y
# CONFIG_USERS is not set
CONFIG_YES=y
@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y
#
# Common options for ls, more and telnet
#
CONFIG_FEATURE_AUTOWIDTH=y
#
# Common options for df, du, ls
#
@@ -369,14 +378,13 @@ CONFIG_DEFAULT_SETFONT_DIR=""
#
# Debian Utilities
#
# CONFIG_MKTEMP is not set
# CONFIG_PIPE_PROGRESS is not set
CONFIG_RUN_PARTS=y
CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
CONFIG_FEATURE_RUN_PARTS_FANCY=y
CONFIG_START_STOP_DAEMON=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
@@ -467,12 +475,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
CONFIG_FEATURE_KILL_DELAY=0
CONFIG_FEATURE_INIT_SCTTY=y
CONFIG_FEATURE_INIT_SYSLOG=y
CONFIG_FEATURE_EXTRA_QUIET=y
CONFIG_FEATURE_INIT_QUIET=y
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_INIT_TERMINAL_TYPE="linux"
CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
#
# Login/Password Management Utilities
@@ -511,6 +517,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
# CONFIG_SU is not set
# CONFIG_FEATURE_SU_SYSLOG is not set
# CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
# CONFIG_SULOGIN is not set
# CONFIG_VLOCK is not set
@@ -525,6 +532,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
#
# Linux Module Utilities
#
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_DEPMOD is not set
# CONFIG_INSMOD is not set
# CONFIG_LSMOD is not set
@@ -532,22 +540,21 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
# CONFIG_MODINFO is not set
# CONFIG_MODPROBE is not set
# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_RMMOD is not set
#
# Options common to multiple modutils
#
# CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_FEATURE_2_4_MODULES is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
# CONFIG_FEATURE_CHECK_TAINTED_MODULE is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_MODUTILS_ALIAS is not set
# CONFIG_FEATURE_MODUTILS_SYMBOLS is not set
CONFIG_DEFAULT_MODULES_DIR=""
@@ -562,8 +569,13 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
# CONFIG_BLKID is not set
# CONFIG_FEATURE_BLKID_TYPE is not set
# CONFIG_BLOCKDEV is not set
# CONFIG_CAL is not set
# CONFIG_CHRT is not set
CONFIG_DMESG=y
CONFIG_FEATURE_DMESG_PRETTY=y
# CONFIG_EJECT is not set
# CONFIG_FEATURE_EJECT_SCSI is not set
CONFIG_FALLOCATE=y
# CONFIG_FATATTR is not set
# CONFIG_FBSET is not set
# CONFIG_FEATURE_FBSET_FANCY is not set
@@ -583,17 +595,22 @@ CONFIG_FEATURE_DMESG_PRETTY=y
# CONFIG_FDFLUSH is not set
CONFIG_FREERAMDISK=y
# CONFIG_FSCK_MINIX is not set
CONFIG_FSFREEZE=y
# CONFIG_FSTRIM is not set
CONFIG_GETOPT=y
CONFIG_FEATURE_GETOPT_LONG=y
# CONFIG_HEXDUMP is not set
# CONFIG_FEATURE_HEXDUMP_REVERSE is not set
# CONFIG_HD is not set
CONFIG_XXD=y
# CONFIG_HWCLOCK is not set
# CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS is not set
# CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS is not set
# CONFIG_IONICE is not set
# CONFIG_IPCRM is not set
# CONFIG_IPCS is not set
# CONFIG_LAST is not set
# CONFIG_FEATURE_LAST_FANCY is not set
# CONFIG_LOSETUP is not set
# CONFIG_LSPCI is not set
# CONFIG_LSUSB is not set
@@ -603,6 +620,8 @@ CONFIG_FEATURE_GETOPT_LONG=y
# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
# CONFIG_FEATURE_MDEV_EXEC is not set
# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
CONFIG_MKE2FS=y
# CONFIG_MKFS_EXT2 is not set
# CONFIG_MKFS_MINIX is not set
@@ -623,12 +642,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
CONFIG_FEATURE_MOUNT_FLAGS=y
CONFIG_FEATURE_MOUNT_FSTAB=y
CONFIG_FEATURE_MOUNT_OTHERTAB=y
# CONFIG_MOUNTPOINT is not set
# CONFIG_NSENTER is not set
# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
# CONFIG_PIVOT_ROOT is not set
# CONFIG_RDATE is not set
# CONFIG_RDEV is not set
# CONFIG_READPROFILE is not set
# CONFIG_RENICE is not set
# CONFIG_REV is not set
# CONFIG_RTCWAKE is not set
# CONFIG_SCRIPT is not set
@@ -636,15 +657,20 @@ CONFIG_FEATURE_MOUNT_OTHERTAB=y
# CONFIG_SETARCH is not set
CONFIG_LINUX32=y
CONFIG_LINUX64=y
CONFIG_SETPRIV=y
# CONFIG_SETSID is not set
CONFIG_SWAPON=y
# CONFIG_FEATURE_SWAPON_DISCARD is not set
# CONFIG_FEATURE_SWAPON_PRI is not set
CONFIG_SWAPOFF=y
# CONFIG_SWITCH_ROOT is not set
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
# CONFIG_UEVENT is not set
CONFIG_UMOUNT=y
CONFIG_FEATURE_UMOUNT_ALL=y
# CONFIG_UNSHARE is not set
# CONFIG_WALL is not set
#
# Common options for mount/umount
@@ -694,7 +720,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
# CONFIG_FEATURE_CHAT_CLR_ABORT is not set
# CONFIG_CHRT is not set
# CONFIG_CONSPY is not set
# CONFIG_CROND is not set
# CONFIG_FEATURE_CROND_D is not set
@@ -709,8 +734,6 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_DEVFSD_VERBOSE is not set
# CONFIG_FEATURE_DEVFS is not set
# CONFIG_DEVMEM is not set
# CONFIG_EJECT is not set
# CONFIG_FEATURE_EJECT_SCSI is not set
# CONFIG_FBSPLASH is not set
# CONFIG_FLASHCP is not set
# CONFIG_FLASH_ERASEALL is not set
@@ -728,9 +751,6 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_I2CDUMP is not set
# CONFIG_I2CDETECT is not set
# CONFIG_INOTIFYD is not set
# CONFIG_IONICE is not set
# CONFIG_LAST is not set
# CONFIG_FEATURE_LAST_FANCY is not set
# CONFIG_LESS is not set
CONFIG_FEATURE_LESS_MAXLINES=0
# CONFIG_FEATURE_LESS_BRACKETS is not set
@@ -742,27 +762,24 @@ CONFIG_FEATURE_LESS_MAXLINES=0
# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
# CONFIG_FEATURE_LESS_DASHCMD is not set
# CONFIG_FEATURE_LESS_LINENUMS is not set
CONFIG_LSSCSI=y
# CONFIG_MAKEDEVS is not set
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
# CONFIG_FEATURE_MAKEDEVS_TABLE is not set
# CONFIG_MAN is not set
# CONFIG_MICROCOM is not set
# CONFIG_MOUNTPOINT is not set
# CONFIG_MT is not set
# CONFIG_NANDWRITE is not set
# CONFIG_NANDDUMP is not set
CONFIG_PARTPROBE=y
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RFKILL is not set
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
CONFIG_SETSERIAL=y
# CONFIG_SETSID is not set
# CONFIG_STRINGS is not set
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
# CONFIG_TIME is not set
# CONFIG_TIMEOUT is not set
# CONFIG_TTYSIZE is not set
# CONFIG_UBIRENAME is not set
# CONFIG_UBIATTACH is not set
@@ -772,7 +789,6 @@ CONFIG_SETSERIAL=y
# CONFIG_UBIRSVOL is not set
# CONFIG_UBIUPDATEVOL is not set
# CONFIG_VOLNAME is not set
# CONFIG_WALL is not set
# CONFIG_WATCHDOG is not set
#
@@ -822,8 +838,6 @@ CONFIG_IFUP=y
CONFIG_IFDOWN=y
CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
CONFIG_FEATURE_IFUPDOWN_IP=y
CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
CONFIG_FEATURE_IFUPDOWN_IPV4=y
# CONFIG_FEATURE_IFUPDOWN_IPV6 is not set
# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
@@ -836,6 +850,12 @@ CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
# CONFIG_FEATURE_INETD_RPC is not set
CONFIG_IP=y
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
# CONFIG_IPTUNNEL is not set
# CONFIG_IPRULE is not set
# CONFIG_IPNEIGH is not set
CONFIG_FEATURE_IP_ADDRESS=y
CONFIG_FEATURE_IP_LINK=y
CONFIG_FEATURE_IP_ROUTE=y
@@ -843,17 +863,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
# CONFIG_FEATURE_IP_TUNNEL is not set
# CONFIG_FEATURE_IP_RULE is not set
# CONFIG_FEATURE_IP_NEIGH is not set
CONFIG_FEATURE_IP_SHORT_FORMS=y
# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
# CONFIG_IPTUNNEL is not set
# CONFIG_IPRULE is not set
# CONFIG_IPNEIGH is not set
# CONFIG_IPCALC is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FAKEIDENTD is not set
# CONFIG_NAMEIF is not set
# CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -875,11 +888,13 @@ CONFIG_PING=y
# CONFIG_PSCAN is not set
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
CONFIG_FEATURE_TELNET_TTYPE=y
CONFIG_FEATURE_TELNET_AUTOLOGIN=y
CONFIG_FEATURE_TELNET_WIDTH=y
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -890,6 +905,7 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
# CONFIG_TFTP_DEBUG is not set
# CONFIG_TLS is not set
# CONFIG_TRACEROUTE is not set
# CONFIG_TRACEROUTE6 is not set
# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -898,29 +914,32 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
# CONFIG_FEATURE_TUNCTL_UG is not set
# CONFIG_VCONFIG is not set
CONFIG_WGET=y
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
# CONFIG_FEATURE_WGET_STATUSBAR is not set
# CONFIG_FEATURE_WGET_AUTHENTICATION is not set
# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
# CONFIG_FEATURE_WGET_TIMEOUT is not set
# CONFIG_FEATURE_WGET_HTTPS is not set
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_FEATURE_WGET_SSL_HELPER is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
# CONFIG_UDHCPC6 is not set
# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
# CONFIG_UDHCPD is not set
# CONFIG_DHCPRELAY is not set
# CONFIG_DUMPLEASES is not set
# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
CONFIG_DHCPD_LEASES_FILE=""
# CONFIG_DUMPLEASES is not set
# CONFIG_DHCPRELAY is not set
CONFIG_UDHCPC=y
# CONFIG_FEATURE_UDHCPC_ARPING is not set
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=9
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
# CONFIG_FEATURE_UDHCP_8021Q is not set
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
@@ -961,18 +980,19 @@ CONFIG_KILLALL5=y
# CONFIG_FEATURE_PIDOF_OMIT is not set
# CONFIG_PMAP is not set
# CONFIG_POWERTOP is not set
# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
CONFIG_PS=y
CONFIG_FEATURE_PS_WIDE=y
CONFIG_FEATURE_PS_LONG=y
# CONFIG_FEATURE_PS_TIME is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_PSTREE is not set
# CONFIG_PWDX is not set
# CONFIG_RENICE is not set
# CONFIG_SMEMCAP is not set
# CONFIG_BB_SYSCTL is not set
# CONFIG_TOP is not set
# CONFIG_FEATURE_TOP_INTERACTIVE is not set
# CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE is not set
# CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS is not set
# CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1018,27 +1038,32 @@ CONFIG_SVC=y
#
# Shells
#
# CONFIG_SH_IS_ASH is not set
CONFIG_SH_IS_HUSH=y
# CONFIG_SH_IS_NONE is not set
# CONFIG_BASH_IS_ASH is not set
# CONFIG_BASH_IS_HUSH is not set
CONFIG_BASH_IS_NONE=y
# CONFIG_ASH is not set
# CONFIG_ASH_OPTIMIZE_FOR_SIZE is not set
# CONFIG_ASH_INTERNAL_GLOB is not set
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_ASH_BASH_COMPAT is not set
# CONFIG_ASH_IDLE_TIMEOUT is not set
# CONFIG_ASH_JOB_CONTROL is not set
# CONFIG_ASH_ALIAS is not set
# CONFIG_ASH_GETOPTS is not set
# CONFIG_ASH_BUILTIN_ECHO is not set
# CONFIG_ASH_BUILTIN_PRINTF is not set
# CONFIG_ASH_BUILTIN_TEST is not set
# CONFIG_ASH_HELP is not set
# CONFIG_ASH_CMDCMD is not set
# CONFIG_ASH_RANDOM_SUPPORT is not set
# CONFIG_ASH_EXPAND_PRMT is not set
# CONFIG_ASH_IDLE_TIMEOUT is not set
# CONFIG_ASH_MAIL is not set
# CONFIG_ASH_ECHO is not set
# CONFIG_ASH_PRINTF is not set
# CONFIG_ASH_TEST is not set
# CONFIG_ASH_HELP is not set
# CONFIG_ASH_GETOPTS is not set
# CONFIG_ASH_CMDCMD is not set
# CONFIG_CTTYHACK is not set
CONFIG_HUSH=y
CONFIG_HUSH_BASH_COMPAT=y
CONFIG_HUSH_BRACE_EXPANSION=y
CONFIG_HUSH_HELP=y
CONFIG_HUSH_INTERACTIVE=y
CONFIG_HUSH_SAVEHISTORY=y
CONFIG_HUSH_JOB=y
@@ -1049,17 +1074,30 @@ CONFIG_HUSH_CASE=y
CONFIG_HUSH_FUNCTIONS=y
CONFIG_HUSH_LOCAL=y
CONFIG_HUSH_RANDOM_SUPPORT=y
CONFIG_HUSH_EXPORT_N=y
CONFIG_HUSH_MODE_X=y
CONFIG_HUSH_ECHO=y
CONFIG_HUSH_PRINTF=y
CONFIG_HUSH_TEST=y
CONFIG_HUSH_HELP=y
CONFIG_HUSH_EXPORT=y
CONFIG_HUSH_EXPORT_N=y
CONFIG_HUSH_KILL=y
CONFIG_HUSH_WAIT=y
CONFIG_HUSH_TRAP=y
CONFIG_HUSH_TYPE=y
CONFIG_HUSH_READ=y
CONFIG_HUSH_SET=y
CONFIG_HUSH_UNSET=y
CONFIG_HUSH_ULIMIT=y
CONFIG_HUSH_UMASK=y
# CONFIG_HUSH_MEMLEAK is not set
# CONFIG_MSH is not set
# CONFIG_FEATURE_SH_IS_ASH is not set
CONFIG_FEATURE_SH_IS_HUSH=y
# CONFIG_FEATURE_SH_IS_NONE is not set
# CONFIG_FEATURE_BASH_IS_ASH is not set
# CONFIG_FEATURE_BASH_IS_HUSH is not set
CONFIG_FEATURE_BASH_IS_NONE=y
CONFIG_SH_MATH_SUPPORT=y
# CONFIG_SH_MATH_SUPPORT_64 is not set
#
# Options common to all shells
#
CONFIG_FEATURE_SH_MATH=y
CONFIG_FEATURE_SH_MATH_64=y
CONFIG_FEATURE_SH_EXTRA_QUIET=y
# CONFIG_FEATURE_SH_STANDALONE is not set
# CONFIG_FEATURE_SH_NOFORK is not set
+107 -69
View File
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.26.0
# Thu Dec 29 21:01:56 2016
# Busybox version: 1.27.1
# Sun Jul 30 15:27:03 2017
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -12,7 +12,6 @@ CONFIG_DESKTOP=y
# CONFIG_EXTRA_COMPAT is not set
CONFIG_INCLUDE_SUSv2=y
# CONFIG_USE_PORTABLE_CODE is not set
CONFIG_PLATFORM_LINUX=y
CONFIG_SHOW_USAGE=y
CONFIG_FEATURE_VERBOSE_USAGE=y
# CONFIG_FEATURE_COMPRESS_USAGE is not set
@@ -35,6 +34,7 @@ CONFIG_FEATURE_SUID=y
CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
CONFIG_FEATURE_SYSLOG=y
# CONFIG_FEATURE_HAVE_RPC is not set
CONFIG_PLATFORM_LINUX=y
#
# Build Options
@@ -89,7 +89,6 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
# CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
CONFIG_FEATURE_USE_TERMIOS=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
CONFIG_FEATURE_EDITING_VI=y
@@ -150,6 +149,7 @@ CONFIG_UNXZ=y
CONFIG_XZCAT=y
CONFIG_XZ=y
# CONFIG_BZIP2 is not set
CONFIG_FEATURE_BZIP2_DECOMPRESS=y
CONFIG_CPIO=y
# CONFIG_FEATURE_CPIO_O is not set
# CONFIG_FEATURE_CPIO_P is not set
@@ -159,6 +159,7 @@ CONFIG_GZIP=y
# CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
CONFIG_GZIP_FAST=0
# CONFIG_FEATURE_GZIP_LEVELS is not set
CONFIG_FEATURE_GZIP_DECOMPRESS=y
# CONFIG_LZOP is not set
CONFIG_UNLZOP=y
CONFIG_LZOPCAT=y
@@ -166,26 +167,29 @@ CONFIG_LZOPCAT=y
# CONFIG_RPM2CPIO is not set
# CONFIG_RPM is not set
CONFIG_TAR=y
CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_FEATURE_TAR_CREATE=y
# CONFIG_FEATURE_TAR_AUTODETECT is not set
CONFIG_FEATURE_TAR_FROM=y
# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set
# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set
CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_FEATURE_TAR_TO_COMMAND=y
# CONFIG_FEATURE_TAR_UNAME_GNAME is not set
# CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
# CONFIG_FEATURE_TAR_SELINUX is not set
CONFIG_UNZIP=y
CONFIG_FEATURE_UNZIP_CDF=y
CONFIG_FEATURE_UNZIP_BZIP2=y
CONFIG_FEATURE_UNZIP_LZMA=y
CONFIG_FEATURE_UNZIP_XZ=y
#
# Coreutils
#
CONFIG_BASENAME=y
# CONFIG_CAL is not set
CONFIG_CAT=y
CONFIG_CATV=y
CONFIG_FEATURE_CATV=y
CONFIG_CHGRP=y
CONFIG_CHMOD=y
CONFIG_CHOWN=y
@@ -222,6 +226,7 @@ CONFIG_ENV=y
# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
CONFIG_EXPR=y
CONFIG_EXPR_MATH_SUPPORT_64=y
CONFIG_FACTOR=y
CONFIG_FALSE=y
CONFIG_FOLD=y
# CONFIG_FSYNC is not set
@@ -232,12 +237,14 @@ CONFIG_ID=y
# CONFIG_GROUPS is not set
CONFIG_INSTALL=y
CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
CONFIG_LINK=y
CONFIG_LN=y
CONFIG_LOGNAME=y
CONFIG_LS=y
CONFIG_FEATURE_LS_FILETYPES=y
CONFIG_FEATURE_LS_FOLLOWLINKS=y
CONFIG_FEATURE_LS_RECURSIVE=y
CONFIG_FEATURE_LS_WIDTH=y
CONFIG_FEATURE_LS_SORTFILES=y
CONFIG_FEATURE_LS_TIMESTAMPS=y
CONFIG_FEATURE_LS_USERNAME=y
@@ -257,11 +264,15 @@ CONFIG_MKDIR=y
CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y
CONFIG_MKFIFO=y
CONFIG_MKNOD=y
CONFIG_MKTEMP=y
CONFIG_MV=y
CONFIG_FEATURE_MV_LONG_OPTIONS=y
CONFIG_NICE=y
CONFIG_NL=y
CONFIG_NOHUP=y
CONFIG_NPROC=y
CONFIG_OD=y
CONFIG_PASTE=y
CONFIG_PRINTENV=y
CONFIG_PRINTF=y
CONFIG_PWD=y
@@ -272,6 +283,7 @@ CONFIG_RM=y
CONFIG_RMDIR=y
# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
CONFIG_SEQ=y
CONFIG_SHRED=y
# CONFIG_SHUF is not set
CONFIG_SLEEP=y
CONFIG_FEATURE_FANCY_SLEEP=y
@@ -296,6 +308,7 @@ CONFIG_TEST=y
CONFIG_TEST1=y
CONFIG_TEST2=y
CONFIG_FEATURE_TEST_64=y
# CONFIG_TIMEOUT is not set
CONFIG_TOUCH=y
# CONFIG_FEATURE_TOUCH_NODEREF is not set
CONFIG_FEATURE_TOUCH_SUSV3=y
@@ -317,6 +330,7 @@ CONFIG_WC=y
# CONFIG_FEATURE_WC_LARGE is not set
CONFIG_WHOAMI=y
CONFIG_WHO=y
CONFIG_W=y
# CONFIG_USERS is not set
CONFIG_YES=y
@@ -330,11 +344,6 @@ CONFIG_FEATURE_VERBOSE=y
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y
#
# Common options for ls, more and telnet
#
CONFIG_FEATURE_AUTOWIDTH=y
#
# Common options for df, du, ls
#
@@ -373,14 +382,13 @@ CONFIG_SETLOGCONS=y
#
# Debian Utilities
#
CONFIG_MKTEMP=y
CONFIG_PIPE_PROGRESS=y
CONFIG_RUN_PARTS=y
CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
CONFIG_START_STOP_DAEMON=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y
CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
@@ -471,12 +479,10 @@ CONFIG_FEATURE_KILL_REMOVED=y
CONFIG_FEATURE_KILL_DELAY=0
CONFIG_FEATURE_INIT_SCTTY=y
CONFIG_FEATURE_INIT_SYSLOG=y
CONFIG_FEATURE_EXTRA_QUIET=y
CONFIG_FEATURE_INIT_QUIET=y
# CONFIG_FEATURE_INIT_COREDUMPS is not set
CONFIG_INIT_TERMINAL_TYPE="linux"
CONFIG_FEATURE_INIT_MODIFY_CMDLINE=y
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
#
# Login/Password Management Utilities
@@ -515,6 +521,7 @@ CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
CONFIG_SU=y
CONFIG_FEATURE_SU_SYSLOG=y
CONFIG_FEATURE_SU_CHECKS_SHELLS=y
# CONFIG_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY is not set
CONFIG_SULOGIN=y
CONFIG_VLOCK=y
@@ -529,6 +536,7 @@ CONFIG_LSATTR=y
#
# Linux Module Utilities
#
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_DEPMOD is not set
CONFIG_INSMOD=y
CONFIG_LSMOD=y
@@ -536,22 +544,21 @@ CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y
# CONFIG_MODINFO is not set
CONFIG_MODPROBE=y
# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set
# CONFIG_MODPROBE_SMALL is not set
# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
CONFIG_RMMOD=y
#
# Options common to multiple modutils
#
CONFIG_FEATURE_CMDLINE_MODULE_OPTIONS=y
# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
# CONFIG_FEATURE_2_4_MODULES is not set
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set
CONFIG_FEATURE_MODUTILS_ALIAS=y
CONFIG_FEATURE_MODUTILS_SYMBOLS=y
CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
@@ -566,8 +573,13 @@ CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
CONFIG_BLKID=y
# CONFIG_FEATURE_BLKID_TYPE is not set
# CONFIG_BLOCKDEV is not set
# CONFIG_CAL is not set
CONFIG_CHRT=y
CONFIG_DMESG=y
CONFIG_FEATURE_DMESG_PRETTY=y
CONFIG_EJECT=y
# CONFIG_FEATURE_EJECT_SCSI is not set
CONFIG_FALLOCATE=y
# CONFIG_FATATTR is not set
CONFIG_FBSET=y
CONFIG_FEATURE_FBSET_FANCY=y
@@ -587,17 +599,22 @@ CONFIG_FLOCK=y
CONFIG_FDFLUSH=y
CONFIG_FREERAMDISK=y
# CONFIG_FSCK_MINIX is not set
CONFIG_FSFREEZE=y
CONFIG_FSTRIM=y
CONFIG_GETOPT=y
CONFIG_FEATURE_GETOPT_LONG=y
CONFIG_HEXDUMP=y
# CONFIG_FEATURE_HEXDUMP_REVERSE is not set
# CONFIG_HD is not set
CONFIG_XXD=y
CONFIG_HWCLOCK=y
CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
# CONFIG_IONICE is not set
CONFIG_IPCRM=y
CONFIG_IPCS=y
CONFIG_LAST=y
# CONFIG_FEATURE_LAST_FANCY is not set
CONFIG_LOSETUP=y
CONFIG_LSPCI=y
CONFIG_LSUSB=y
@@ -607,6 +624,8 @@ CONFIG_FEATURE_MDEV_RENAME=y
# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
CONFIG_FEATURE_MDEV_EXEC=y
# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
CONFIG_MESG=y
CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
CONFIG_MKE2FS=y
# CONFIG_MKFS_EXT2 is not set
# CONFIG_MKFS_MINIX is not set
@@ -627,12 +646,14 @@ CONFIG_FEATURE_MOUNT_CIFS=y
CONFIG_FEATURE_MOUNT_FLAGS=y
CONFIG_FEATURE_MOUNT_FSTAB=y
CONFIG_FEATURE_MOUNT_OTHERTAB=y
CONFIG_MOUNTPOINT=y
# CONFIG_NSENTER is not set
# CONFIG_FEATURE_NSENTER_LONG_OPTS is not set
CONFIG_PIVOT_ROOT=y
CONFIG_RDATE=y
# CONFIG_RDEV is not set
CONFIG_READPROFILE=y
CONFIG_RENICE=y
# CONFIG_REV is not set
# CONFIG_RTCWAKE is not set
# CONFIG_SCRIPT is not set
@@ -640,15 +661,20 @@ CONFIG_READPROFILE=y
CONFIG_SETARCH=y
CONFIG_LINUX32=y
CONFIG_LINUX64=y
CONFIG_SETPRIV=y
CONFIG_SETSID=y
CONFIG_SWAPON=y
# CONFIG_FEATURE_SWAPON_DISCARD is not set
# CONFIG_FEATURE_SWAPON_PRI is not set
CONFIG_SWAPOFF=y
CONFIG_SWITCH_ROOT=y
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
CONFIG_UEVENT=y
CONFIG_UMOUNT=y
CONFIG_FEATURE_UMOUNT_ALL=y
# CONFIG_UNSHARE is not set
# CONFIG_WALL is not set
#
# Common options for mount/umount
@@ -702,7 +728,6 @@ CONFIG_FEATURE_BEEP_LENGTH_MS=0
# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
# CONFIG_FEATURE_CHAT_CLR_ABORT is not set
CONFIG_CHRT=y
# CONFIG_CONSPY is not set
CONFIG_CROND=y
# CONFIG_FEATURE_CROND_D is not set
@@ -717,8 +742,6 @@ CONFIG_DC=y
# CONFIG_DEVFSD_VERBOSE is not set
# CONFIG_FEATURE_DEVFS is not set
CONFIG_DEVMEM=y
CONFIG_EJECT=y
# CONFIG_FEATURE_EJECT_SCSI is not set
# CONFIG_FBSPLASH is not set
# CONFIG_FLASHCP is not set
# CONFIG_FLASH_ERASEALL is not set
@@ -736,9 +759,6 @@ CONFIG_I2CSET=y
CONFIG_I2CDUMP=y
CONFIG_I2CDETECT=y
# CONFIG_INOTIFYD is not set
# CONFIG_IONICE is not set
CONFIG_LAST=y
# CONFIG_FEATURE_LAST_FANCY is not set
CONFIG_LESS=y
CONFIG_FEATURE_LESS_MAXLINES=9999999
CONFIG_FEATURE_LESS_BRACKETS=y
@@ -750,27 +770,24 @@ CONFIG_FEATURE_LESS_REGEXP=y
# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
# CONFIG_FEATURE_LESS_DASHCMD is not set
# CONFIG_FEATURE_LESS_LINENUMS is not set
CONFIG_LSSCSI=y
CONFIG_MAKEDEVS=y
# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
CONFIG_FEATURE_MAKEDEVS_TABLE=y
# CONFIG_MAN is not set
CONFIG_MICROCOM=y
CONFIG_MOUNTPOINT=y
CONFIG_MT=y
# CONFIG_NANDWRITE is not set
# CONFIG_NANDDUMP is not set
CONFIG_PARTPROBE=y
# CONFIG_RAIDAUTORUN is not set
# CONFIG_READAHEAD is not set
# CONFIG_RFKILL is not set
CONFIG_RUNLEVEL=y
# CONFIG_RX is not set
CONFIG_SETSERIAL=y
CONFIG_SETSID=y
CONFIG_STRINGS=y
# CONFIG_TASKSET is not set
# CONFIG_FEATURE_TASKSET_FANCY is not set
CONFIG_TIME=y
# CONFIG_TIMEOUT is not set
# CONFIG_TTYSIZE is not set
CONFIG_UBIRENAME=y
# CONFIG_UBIATTACH is not set
@@ -780,7 +797,6 @@ CONFIG_UBIRENAME=y
# CONFIG_UBIRSVOL is not set
# CONFIG_UBIUPDATEVOL is not set
# CONFIG_VOLNAME is not set
# CONFIG_WALL is not set
CONFIG_WATCHDOG=y
#
@@ -830,8 +846,6 @@ CONFIG_IFUP=y
CONFIG_IFDOWN=y
CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
CONFIG_FEATURE_IFUPDOWN_IP=y
# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set
# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
CONFIG_FEATURE_IFUPDOWN_IPV4=y
CONFIG_FEATURE_IFUPDOWN_IPV6=y
CONFIG_FEATURE_IFUPDOWN_MAPPING=y
@@ -844,6 +858,12 @@ CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y
CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y
# CONFIG_FEATURE_INETD_RPC is not set
CONFIG_IP=y
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
CONFIG_IPTUNNEL=y
CONFIG_IPRULE=y
CONFIG_IPNEIGH=y
CONFIG_FEATURE_IP_ADDRESS=y
CONFIG_FEATURE_IP_LINK=y
CONFIG_FEATURE_IP_ROUTE=y
@@ -851,17 +871,10 @@ CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
CONFIG_FEATURE_IP_TUNNEL=y
CONFIG_FEATURE_IP_RULE=y
CONFIG_FEATURE_IP_NEIGH=y
CONFIG_FEATURE_IP_SHORT_FORMS=y
# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set
CONFIG_IPADDR=y
CONFIG_IPLINK=y
CONFIG_IPROUTE=y
CONFIG_IPTUNNEL=y
CONFIG_IPRULE=y
CONFIG_IPNEIGH=y
# CONFIG_IPCALC is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
# CONFIG_FEATURE_IPCALC_FANCY is not set
# CONFIG_FAKEIDENTD is not set
CONFIG_NAMEIF=y
# CONFIG_FEATURE_NAMEIF_EXTENDED is not set
@@ -883,11 +896,13 @@ CONFIG_FEATURE_FANCY_PING=y
# CONFIG_PSCAN is not set
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
CONFIG_FEATURE_TELNET_TTYPE=y
CONFIG_FEATURE_TELNET_AUTOLOGIN=y
CONFIG_FEATURE_TELNET_WIDTH=y
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -902,6 +917,7 @@ CONFIG_FEATURE_TFTP_PUT=y
CONFIG_FEATURE_TFTP_BLOCKSIZE=y
# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
# CONFIG_TFTP_DEBUG is not set
# CONFIG_TLS is not set
CONFIG_TRACEROUTE=y
# CONFIG_TRACEROUTE6 is not set
# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -910,29 +926,32 @@ CONFIG_TRACEROUTE=y
# CONFIG_FEATURE_TUNCTL_UG is not set
CONFIG_VCONFIG=y
CONFIG_WGET=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
CONFIG_FEATURE_WGET_STATUSBAR=y
CONFIG_FEATURE_WGET_AUTHENTICATION=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
CONFIG_FEATURE_WGET_TIMEOUT=y
# CONFIG_FEATURE_WGET_HTTPS is not set
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_FEATURE_WGET_SSL_HELPER is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
# CONFIG_UDHCPC6 is not set
# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
# CONFIG_UDHCPD is not set
# CONFIG_DHCPRELAY is not set
# CONFIG_DUMPLEASES is not set
# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
CONFIG_DHCPD_LEASES_FILE=""
# CONFIG_DUMPLEASES is not set
# CONFIG_DHCPRELAY is not set
CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=0
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
CONFIG_FEATURE_UDHCP_8021Q=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
@@ -973,18 +992,19 @@ CONFIG_FEATURE_PIDOF_SINGLE=y
CONFIG_FEATURE_PIDOF_OMIT=y
# CONFIG_PMAP is not set
# CONFIG_POWERTOP is not set
# CONFIG_FEATURE_POWERTOP_INTERACTIVE is not set
CONFIG_PS=y
# CONFIG_FEATURE_PS_WIDE is not set
# CONFIG_FEATURE_PS_LONG is not set
# CONFIG_FEATURE_PS_TIME is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
# CONFIG_PSTREE is not set
# CONFIG_PWDX is not set
CONFIG_RENICE=y
# CONFIG_SMEMCAP is not set
CONFIG_BB_SYSCTL=y
CONFIG_TOP=y
CONFIG_FEATURE_TOP_INTERACTIVE=y
CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
# CONFIG_FEATURE_TOP_SMP_CPU is not set
@@ -1030,27 +1050,32 @@ CONFIG_SVC=y
#
# Shells
#
CONFIG_SH_IS_ASH=y
# CONFIG_SH_IS_HUSH is not set
# CONFIG_SH_IS_NONE is not set
# CONFIG_BASH_IS_ASH is not set
# CONFIG_BASH_IS_HUSH is not set
CONFIG_BASH_IS_NONE=y
CONFIG_ASH=y
CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
CONFIG_ASH_INTERNAL_GLOB=y
CONFIG_ASH_RANDOM_SUPPORT=y
CONFIG_ASH_EXPAND_PRMT=y
CONFIG_ASH_BASH_COMPAT=y
CONFIG_ASH_IDLE_TIMEOUT=y
CONFIG_ASH_JOB_CONTROL=y
CONFIG_ASH_ALIAS=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_BUILTIN_ECHO=y
CONFIG_ASH_BUILTIN_PRINTF=y
CONFIG_ASH_BUILTIN_TEST=y
CONFIG_ASH_HELP=y
CONFIG_ASH_CMDCMD=y
CONFIG_ASH_RANDOM_SUPPORT=y
CONFIG_ASH_EXPAND_PRMT=y
CONFIG_ASH_IDLE_TIMEOUT=y
# CONFIG_ASH_MAIL is not set
CONFIG_ASH_ECHO=y
CONFIG_ASH_PRINTF=y
CONFIG_ASH_TEST=y
CONFIG_ASH_HELP=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_CMDCMD=y
# CONFIG_CTTYHACK is not set
# CONFIG_HUSH is not set
# CONFIG_HUSH_BASH_COMPAT is not set
# CONFIG_HUSH_BRACE_EXPANSION is not set
# CONFIG_HUSH_HELP is not set
# CONFIG_HUSH_INTERACTIVE is not set
# CONFIG_HUSH_SAVEHISTORY is not set
# CONFIG_HUSH_JOB is not set
@@ -1061,17 +1086,30 @@ CONFIG_ASH_CMDCMD=y
# CONFIG_HUSH_FUNCTIONS is not set
# CONFIG_HUSH_LOCAL is not set
# CONFIG_HUSH_RANDOM_SUPPORT is not set
# CONFIG_HUSH_EXPORT_N is not set
# CONFIG_HUSH_MODE_X is not set
# CONFIG_HUSH_ECHO is not set
# CONFIG_HUSH_PRINTF is not set
# CONFIG_HUSH_TEST is not set
# CONFIG_HUSH_HELP is not set
# CONFIG_HUSH_EXPORT is not set
# CONFIG_HUSH_EXPORT_N is not set
# CONFIG_HUSH_KILL is not set
# CONFIG_HUSH_WAIT is not set
# CONFIG_HUSH_TRAP is not set
# CONFIG_HUSH_TYPE is not set
# CONFIG_HUSH_READ is not set
# CONFIG_HUSH_SET is not set
# CONFIG_HUSH_UNSET is not set
# CONFIG_HUSH_ULIMIT is not set
# CONFIG_HUSH_UMASK is not set
# CONFIG_HUSH_MEMLEAK is not set
# CONFIG_MSH is not set
CONFIG_FEATURE_SH_IS_ASH=y
# CONFIG_FEATURE_SH_IS_HUSH is not set
# CONFIG_FEATURE_SH_IS_NONE is not set
# CONFIG_FEATURE_BASH_IS_ASH is not set
# CONFIG_FEATURE_BASH_IS_HUSH is not set
CONFIG_FEATURE_BASH_IS_NONE=y
CONFIG_SH_MATH_SUPPORT=y
# CONFIG_SH_MATH_SUPPORT_64 is not set
#
# Options common to all shells
#
CONFIG_FEATURE_SH_MATH=y
CONFIG_FEATURE_SH_MATH_64=y
CONFIG_FEATURE_SH_EXTRA_QUIET=y
# CONFIG_FEATURE_SH_STANDALONE is not set
# CONFIG_FEATURE_SH_NOFORK is not set
+3 -3
View File
@@ -1,3 +1,3 @@
# From https://busybox.net/downloads/busybox-1.26.2.tar.bz2.sign
md5 bb59d25ee2643db20f212eec539429f1 busybox-1.26.2.tar.bz2
sha1 0b3e3cd49d6d9e30f66e364bf842663348b23dc9 busybox-1.26.2.tar.bz2
# From https://busybox.net/downloads/busybox-1.27.2.tar.bz2.sign
md5 476186f4bab81781dab2369bfd42734e busybox-1.27.2.tar.bz2
sha1 11669e223cc38de646ce26080e91ca29b8d42ad9 busybox-1.27.2.tar.bz2
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
BUSYBOX_VERSION = 1.26.2
BUSYBOX_VERSION = 1.27.2
BUSYBOX_SITE = http://www.busybox.net/downloads
BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
BUSYBOX_LICENSE = GPLv2
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally calculated
sha256 00fa5292a6e00a3a4035b826267748965d5d2c4943d8ff417d740238263e8e84 clamav-0.99.3.tar.gz
sha256 d72ac3273bde8d2e5e28ec9978373ee3ab4529fd868bc3fc4d2d2671228f2461 clamav-0.99.4.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CLAMAV_VERSION = 0.99.3
CLAMAV_VERSION = 0.99.4
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPLv2
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -0,0 +1,59 @@
From b8c29336bd5401a5f962bc6ddfa4ebb6f0274f3c Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Sat, 10 Feb 2018 12:15:27 -0500
Subject: [PATCH 1/2] Correct buffer overrun in pretty_print_option
Merges in rt47139.
[baruch: drop RELNOTES and test; address CVE-2018-5732]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: backported from commit c5931725b48
---
common/options.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/common/options.c b/common/options.c
index 5547287fb6e5..2ed6b16c6412 100644
--- a/common/options.c
+++ b/common/options.c
@@ -1758,7 +1758,8 @@ format_min_length(format, oc)
/* Format the specified option so that a human can easily read it. */
-
+/* Maximum pretty printed size */
+#define MAX_OUTPUT_SIZE 32*1024
const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
struct option *option;
const unsigned char *data;
@@ -1766,8 +1767,9 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
int emit_commas;
int emit_quotes;
{
- static char optbuf [32768]; /* XXX */
- static char *endbuf = &optbuf[sizeof(optbuf)];
+ /* We add 128 byte pad so we don't have to add checks everywhere. */
+ static char optbuf [MAX_OUTPUT_SIZE + 128]; /* XXX */
+ static char *endbuf = optbuf + MAX_OUTPUT_SIZE;
int hunksize = 0;
int opthunk = 0;
int hunkinc = 0;
@@ -2193,7 +2195,14 @@ const char *pretty_print_option (option, data, len, emit_commas, emit_quotes)
log_error ("Unexpected format code %c",
fmtbuf [j]);
}
+
op += strlen (op);
+ if (op >= endbuf) {
+ log_error ("Option data exceeds"
+ " maximum size %d", MAX_OUTPUT_SIZE);
+ return ("<error>");
+ }
+
if (dp == data + len)
break;
if (j + 1 < numelem && comma != ':')
--
2.16.1
@@ -0,0 +1,40 @@
From 93b5b67dd31b9efcbfaabc2df1e1d9d164a5e04a Mon Sep 17 00:00:00 2001
From: Thomas Markwalder <tmark@isc.org>
Date: Fri, 9 Feb 2018 14:46:08 -0500
Subject: [PATCH 2/2] Corrected refcnt loss in option parsing
Merges in 47140.
[baruch: drop RELNOTES and tests; address CVE-2018-5733]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: backported from commit 197b26f25309
---
common/options.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/common/options.c b/common/options.c
index 2ed6b16c6412..25b29a6be7bb 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3,7 +3,7 @@
DHCP options parsing and reassembly. */
/*
- * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2018 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1995-2003 by Internet Software Consortium
*
* Permission to use, copy, modify, and distribute this software for any
@@ -177,6 +177,8 @@ int parse_option_buffer (options, buffer, length, universe)
/* If the length is outrageous, the options are bad. */
if (offset + len > length) {
+ /* Avoid reference count overflow */
+ option_dereference(&option, MDL);
reason = "option length exceeds option buffer length";
bogus:
log_error("parse_option_buffer: malformed option "
--
2.16.1
+3 -1
View File
@@ -11,7 +11,9 @@ DHCP_LICENSE = ISC
DHCP_LICENSE_FILES = LICENSE
DHCP_CONF_ENV = \
CPPFLAGS='-D_PATH_DHCPD_CONF=\"/etc/dhcp/dhcpd.conf\" \
-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"'
-D_PATH_DHCLIENT_CONF=\"/etc/dhcp/dhclient.conf\"' \
CFLAGS='$(TARGET_CFLAGS) -DISC_CHECK_NONE=1'
DHCP_CONF_OPTS = \
--with-randomdev=/dev/random \
--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
@@ -0,0 +1,212 @@
From 4fe6744a220eddd3f1749b40cac3dfc510787de6 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 19 Jan 2018 12:26:08 +0000
Subject: [PATCH] DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence
in a domain which includes a wildcard for NSEC.
[baruch: drop the CHANGELOG hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: upstream commit 4fe6744a220e
CHANGELOG | 12 +++++-
src/dnssec.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 114 insertions(+), 15 deletions(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index eb6c11cbe00f..a54a0b4f14cf 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -103,15 +103,17 @@ static void from_wire(char *name)
static int count_labels(char *name)
{
int i;
-
+ char *p;
+
if (*name == 0)
return 0;
- for (i = 0; *name; name++)
- if (*name == '.')
+ for (p = name, i = 0; *p; p++)
+ if (*p == '.')
i++;
- return i+1;
+ /* Don't count empty first label. */
+ return *name == '.' ? i : i+1;
}
/* Implement RFC1982 wrapped compare for 32-bit numbers */
@@ -1094,8 +1096,8 @@ static int hostname_cmp(const char *a, const char *b)
}
}
-static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
- char *workspace1, char *workspace2, char *name, int type, int *nons)
+static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count,
+ char *workspace1_in, char *workspace2, char *name, int type, int *nons)
{
int i, rc, rdlen;
unsigned char *p, *psave;
@@ -1108,6 +1110,9 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
/* Find NSEC record that proves name doesn't exist */
for (i = 0; i < nsec_count; i++)
{
+ char *workspace1 = workspace1_in;
+ int sig_labels, name_labels;
+
p = nsecs[i];
if (!extract_name(header, plen, &p, workspace1, 1, 10))
return 0;
@@ -1116,7 +1121,27 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi
psave = p;
if (!extract_name(header, plen, &p, workspace2, 1, 10))
return 0;
-
+
+ /* If NSEC comes from wildcard expansion, use original wildcard
+ as name for computation. */
+ sig_labels = *labels[i];
+ name_labels = count_labels(workspace1);
+
+ if (sig_labels < name_labels)
+ {
+ int k;
+ for (k = name_labels - sig_labels; k != 0; k--)
+ {
+ while (*workspace1 != '.' && *workspace1 != 0)
+ workspace1++;
+ if (k != 1 && *workspace1 == '.')
+ workspace1++;
+ }
+
+ workspace1--;
+ *workspace1 = '*';
+ }
+
rc = hostname_cmp(workspace1, name);
if (rc == 0)
@@ -1514,24 +1539,26 @@ static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, uns
static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons)
{
- static unsigned char **nsecset = NULL;
- static int nsecset_sz = 0;
+ static unsigned char **nsecset = NULL, **rrsig_labels = NULL;
+ static int nsecset_sz = 0, rrsig_labels_sz = 0;
int type_found = 0;
- unsigned char *p = skip_questions(header, plen);
+ unsigned char *auth_start, *p = skip_questions(header, plen);
int type, class, rdlen, i, nsecs_found;
/* Move to NS section */
if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
return 0;
+
+ auth_start = p;
for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
{
unsigned char *pstart = p;
- if (!(p = skip_name(p, header, plen, 10)))
+ if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
return 0;
-
+
GETSHORT(type, p);
GETSHORT(class, p);
p += 4; /* TTL */
@@ -1548,7 +1575,69 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
return 0;
- nsecset[nsecs_found++] = pstart;
+ if (type == T_NSEC)
+ {
+ /* If we're looking for NSECs, find the corresponding SIGs, to
+ extract the labels value, which we need in case the NSECs
+ are the result of wildcard expansion.
+ Note that the NSEC may not have been validated yet
+ so if there are multiple SIGs, make sure the label value
+ is the same in all, to avoid be duped by a rogue one.
+ If there are no SIGs, that's an error */
+ unsigned char *p1 = auth_start;
+ int res, j, rdlen1, type1, class1;
+
+ if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found))
+ return 0;
+
+ rrsig_labels[nsecs_found] = NULL;
+
+ for (j = ntohs(header->nscount); j != 0; j--)
+ {
+ if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
+ return 0;
+
+ GETSHORT(type1, p1);
+ GETSHORT(class1, p1);
+ p1 += 4; /* TTL */
+ GETSHORT(rdlen1, p1);
+
+ if (!CHECK_LEN(header, p1, plen, rdlen1))
+ return 0;
+
+ if (res == 1 && class1 == qclass && type1 == T_RRSIG)
+ {
+ int type_covered;
+ unsigned char *psav = p1;
+
+ if (rdlen < 18)
+ return 0; /* bad packet */
+
+ GETSHORT(type_covered, p1);
+
+ if (type_covered == T_NSEC)
+ {
+ p1++; /* algo */
+
+ /* labels field must be the same in every SIG we find. */
+ if (!rrsig_labels[nsecs_found])
+ rrsig_labels[nsecs_found] = p1;
+ else if (*rrsig_labels[nsecs_found] != *p1) /* algo */
+ return 0;
+ }
+ p1 = psav;
+ }
+
+ if (!ADD_RDLEN(header, p1, plen, rdlen1))
+ return 0;
+ }
+
+ /* Must have found at least one sig. */
+ if (!rrsig_labels[nsecs_found])
+ return 0;
+ }
+
+ nsecset[nsecs_found++] = pstart;
}
if (!ADD_RDLEN(header, p, plen, rdlen))
@@ -1556,7 +1645,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
}
if (type_found == T_NSEC)
- return prove_non_existence_nsec(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
+ return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
else if (type_found == T_NSEC3)
return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons);
else
--
2.15.1
@@ -0,0 +1,29 @@
From cd7df612b14ec1bf831a966ccaf076be0dae7404 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 20 Jan 2018 00:10:55 +0000
Subject: [PATCH] Fix DNSSEC validation errors introduced in
4fe6744a220eddd3f1749b40cac3dfc510787de6
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: upstream commit cd7df612b14ec
src/dnssec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index a54a0b4f14cf..c47e33569f96 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -1610,7 +1610,7 @@ static int prove_non_existence(struct dns_header *header, size_t plen, char *key
int type_covered;
unsigned char *psav = p1;
- if (rdlen < 18)
+ if (rdlen1 < 18)
return 0; /* bad packet */
GETSHORT(type_covered, p1);
--
2.15.1
+1 -1
View File
@@ -4,7 +4,7 @@ config BR2_PACKAGE_DNSMASQ
A lightweight DNS and DHCP server. It is intended to provide
coupled DNS and DHCP service to a LAN.
http://www.thekelleys.org.uk/dnsmasq/
http://www.thekelleys.org.uk/dnsmasq/doc.html
if BR2_PACKAGE_DNSMASQ
+10 -32
View File
@@ -40,32 +40,31 @@ endif
ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
DNSMASQ_DEPENDENCIES += libnetfilter_conntrack
endif
ifeq ($(BR2_PACKAGE_DNSMASQ_CONNTRACK),y)
define DNSMASQ_ENABLE_CONNTRACK
$(SED) 's^.*#define HAVE_CONNTRACK.*^#define HAVE_CONNTRACK^' \
$(DNSMASQ_DIR)/src/config.h
endef
DNSMASQ_COPTS += -DHAVE_CONNTRACK
endif
ifeq ($(BR2_PACKAGE_DNSMASQ_LUA),y)
DNSMASQ_DEPENDENCIES += lua
DNSMASQ_COPTS += -DHAVE_LUASCRIPT
# liblua uses dlopen when dynamically linked
ifneq ($(BR2_STATIC_LIBS),y)
DNSMASQ_MAKE_OPTS += LIBS+="-ldl"
endif
define DNSMASQ_ENABLE_LUA
define DNSMASQ_TWEAK_LIBLUA
$(SED) 's/lua5.2/lua/g' $(DNSMASQ_DIR)/Makefile
$(SED) 's^.*#define HAVE_LUASCRIPT.*^#define HAVE_LUASCRIPT^' \
$(DNSMASQ_DIR)/src/config.h
endef
endif
ifeq ($(BR2_PACKAGE_DBUS),y)
DNSMASQ_DEPENDENCIES += dbus
DNSMASQ_COPTS += -DHAVE_DBUS
define DNSMASQ_INSTALL_DBUS
$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
endef
endif
define DNSMASQ_FIX_PKGCONFIG
@@ -73,33 +72,12 @@ define DNSMASQ_FIX_PKGCONFIG
$(DNSMASQ_DIR)/Makefile
endef
ifeq ($(BR2_PACKAGE_DBUS),y)
define DNSMASQ_ENABLE_DBUS
$(SED) 's^.*#define HAVE_DBUS.*^#define HAVE_DBUS^' \
$(DNSMASQ_DIR)/src/config.h
endef
else
define DNSMASQ_ENABLE_DBUS
$(SED) 's^.*#define HAVE_DBUS.*^/* #define HAVE_DBUS */^' \
$(DNSMASQ_DIR)/src/config.h
endef
endif
define DNSMASQ_BUILD_CMDS
$(DNSMASQ_FIX_PKGCONFIG)
$(DNSMASQ_ENABLE_DBUS)
$(DNSMASQ_ENABLE_LUA)
$(DNSMASQ_ENABLE_CONNTRACK)
$(DNSMASQ_TWEAK_LIBLUA)
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) all$(DNSMASQ_I18N)
endef
ifeq ($(BR2_PACKAGE_DBUS),y)
define DNSMASQ_INSTALL_DBUS
$(INSTALL) -m 0644 -D $(@D)/dbus/dnsmasq.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/dnsmasq.conf
endef
endif
define DNSMASQ_INSTALL_TARGET_CMDS
$(DNSMASQ_MAKE_ENV) $(MAKE) -C $(@D) $(DNSMASQ_MAKE_OPTS) install$(DNSMASQ_I18N)
mkdir -p $(TARGET_DIR)/var/lib/misc/
@@ -1,33 +0,0 @@
From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 18 Dec 2017 16:50:51 +0200
Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
This caused memory leaks when authentication was aborted. For example
with IMAP:
a AUTHENTICATE PLAIN
*
Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/lib-auth/auth-client-request.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 480fb42b3..046f7c307 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ pool_unref(&request->pool);
}
unsigned int auth_client_request_get_id(struct auth_client_request *request)
--
2.11.0
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally computed after checking signature
sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84 dovecot-2.2.33.2.tar.gz
sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 dovecot-2.2.34.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPLv2.1
@@ -0,0 +1,37 @@
From 062990cc1b2f9e5d82a413b53c8f0569075de700 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Mon, 5 Feb 2018 22:23:32 +0100
Subject: [PATCH] Fix base64d() buffer size (CVE-2018-6789)
Credits for discovering this bug: Meh Chang <meh@devco.re>
[Peter: Drop ChangeLog change, fix path]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/base64.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/base64.c b/src/base64.c
index f6f187f0..e58ca6c7 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -152,10 +152,14 @@ static uschar dec64table[] = {
int
b64decode(const uschar *code, uschar **ptr)
{
+
int x, y;
-uschar *result = store_get(3*(Ustrlen(code)/4) + 1);
+uschar *result;
-*ptr = result;
+{
+ int l = Ustrlen(code);
+ *ptr = result = store_get(1 + l/4 * 3 + l%4);
+}
/* Each cycle of the loop handles a quantum of 4 input bytes. For the last
quantum this may decode to 1, 2, or 3 output bytes. */
--
2.11.0
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally computed
sha256 924d1161ed2399bcb72f98419072b3130a466e07d9a6fce43d27458ffa907ffa 7.0.7-10.tar.gz
sha256 723a28f9cbc5c6130f496065fc01c839083e97bf3e4930f940a03c0155046170 7.0.7-27.tar.gz
sha256 2318cc05bbd2c25c1b2d13af1aadccc45b9cf6f94757421ae59a3c8ea9064f1c LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IMAGEMAGICK_VERSION = 7.0.7-10
IMAGEMAGICK_VERSION = 7.0.7-27
IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz
IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive
IMAGEMAGICK_LICENSE = Apache-2.0
+1 -1
View File
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
sha256 029e884f3ebf337f7266d8ed4e1a035ca56d9f85015d74c868b488f279de8585 irssi-1.0.6.tar.xz
sha256 1b386ca026aa1875c380fd00ef1d24b71fb87cdae39ef5349ecca16c4567feac irssi-1.0.7.tar.xz
# Locally calculated
sha256 a1a27cb2ecee8d5378fbb3562f577104a445d6d66fee89286e16758305e63e2b COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
IRSSI_VERSION = 1.0.6
IRSSI_VERSION = 1.0.7
IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
# Do not use the github helper here. The generated tarball is *NOT* the
# same as the one uploaded by upstream for the release.
+4 -2
View File
@@ -10,8 +10,10 @@ JQ_LICENSE = MIT (code), CC-BY-3.0 (documentation)
JQ_LICENSE_FILES = COPYING
# uses c99 specific features
JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99"
# _GNU_SOURCE added to fix gcc6+ host compilation
# (https://github.com/stedolan/jq/issues/1598)
JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99 -D_GNU_SOURCE"
HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99 -D_GNU_SOURCE"
# jq explicitly enables maintainer mode, which we don't need/want
JQ_CONF_OPTS += --disable-maintainer-mode
+2 -2
View File
@@ -1,4 +1,4 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.58.0.tar.xz.asc
sha256 6a813875243609eb75f37fa72044e4ad618b55ec15a4eafdac2df6a7e800e3e3 curl-7.58.0.tar.xz
# https://curl.haxx.se/download/curl-7.59.0.tar.xz.asc
sha256 e44eaabdf916407585bf5c7939ff1161e6242b6b015d3f2f5b758b2a330461fc curl-7.59.0.tar.xz
sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.58.0
LIBCURL_VERSION = 7.59.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
+3 -3
View File
@@ -1,6 +1,6 @@
# From http://www.pjsip.org/release/2.7.1/MD5SUM.TXT
md5 99a64110fa5c2debff40e0e8d4676380 pjproject-2.7.1.tar.bz2
# From http://www.pjsip.org/release/2.7.2/MD5SUM.TXT
md5 fa3f0bc098c4bff48ddd92db1c016a7a pjproject-2.7.2.tar.bz2
# Locally computed
sha256 59fabc62a02b2b80857297cfb10e2c68c473f4a0acc6e848cfefe8421f2c3126 pjproject-2.7.1.tar.bz2
sha256 9c2c828abab7626edf18e04b041ef274bfaa86f99adf2c25ff56f1509e813772 pjproject-2.7.2.tar.bz2
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBPJSIP_VERSION = 2.7.1
LIBPJSIP_VERSION = 2.7.2
LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.bz2
LIBPJSIP_SITE = http://www.pjsip.org/release/$(LIBPJSIP_VERSION)
LIBPJSIP_DEPENDENCIES = libsrtp
+2 -2
View File
@@ -1,2 +1,2 @@
# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.18.sha256sum
sha256 bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c librsvg-2.40.18.tar.xz
# From http://ftp.gnome.org/pub/gnome/sources/librsvg/2.40/librsvg-2.40.20.sha256sum
sha256 cff4dd3c3b78bfe99d8fcfad3b8ba1eee3289a0823c0e118d78106be6b84c92b librsvg-2.40.20.tar.xz
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
LIBRSVG_VERSION_MAJOR = 2.40
LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).18
LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).20
LIBRSVG_SITE = http://ftp.gnome.org/pub/gnome/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
LIBRSVG_INSTALL_STAGING = YES
+5 -1
View File
@@ -1,2 +1,6 @@
# Locally calculated after checking pgp signature
sha256 6753da2e621257f33f5b051cc114d417e5206a0818fe0b1ecfd6153f70934753 libtasn1-4.12.tar.gz
# https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.13.tar.gz.sig
sha256 7e528e8c317ddd156230c4e31d082cd13e7ddeb7a54824be82632209550c8cca libtasn1-4.13.tar.gz
# Locally calculated
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBTASN1_VERSION = 4.12
LIBTASN1_VERSION = 4.13
LIBTASN1_SITE = $(BR2_GNU_MIRROR)/libtasn1
LIBTASN1_DEPENDENCIES = host-bison
LIBTASN1_LICENSE = GPLv3+ (tests, tools), LGPLv2.1+ (library)
+3 -1
View File
@@ -1,2 +1,4 @@
# From http://www.xiph.org/downloads/
sha256 54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1 libvorbis-1.3.5.tar.xz
sha256 af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415 libvorbis-1.3.6.tar.xz
# License files, locally calculated
sha256 29e9914e6173b7061b7d48c25e6159fc1438326738bc047cc7248abc01b271f6 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBVORBIS_VERSION = 1.3.5
LIBVORBIS_VERSION = 1.3.6
LIBVORBIS_SOURCE = libvorbis-$(LIBVORBIS_VERSION).tar.xz
LIBVORBIS_SITE = http://downloads.xiph.org/releases/vorbis
LIBVORBIS_INSTALL_STAGING = YES
+33
View File
@@ -0,0 +1,33 @@
From 8b329effb610f4138e4e680f6a6867570f6d6179 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Fri, 9 Feb 2018 10:58:11 +0200
Subject: [PATCH] CVE-2017-8872
Taken from attachment to upstream bug report comment #9.
https://bugzilla.gnome.org/show_bug.cgi?id=775200#c9
https://bugzilla.gnome.org/attachment.cgi?id=366193&action=diff
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
parser.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/parser.c b/parser.c
index 1c5e036ea265..025111067ae8 100644
--- a/parser.c
+++ b/parser.c
@@ -12467,6 +12467,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
ctxt->input->cur = BAD_CAST"";
ctxt->input->base = ctxt->input->cur;
ctxt->input->end = ctxt->input->cur;
+ if (ctxt->input->buf)
+ xmlBufEmpty (ctxt->input->buf->buffer);
+ else
+ ctxt->input->length = 0;
}
}
--
2.15.1
+3 -1
View File
@@ -1,2 +1,4 @@
# Locally calculated after checking pgp signature
sha256 4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38 libxml2-2.9.5.tar.gz
sha256 f63c5e7d30362ed28b38bfa1ac6313f9a80230720b7fb6c80575eeab3ff5900c libxml2-2.9.7.tar.gz
# License files, locally calculated
sha256 c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBXML2_VERSION = 2.9.5
LIBXML2_VERSION = 2.9.7
LIBXML2_SITE = ftp://xmlsoft.org/libxml2
LIBXML2_INSTALL_STAGING = YES
LIBXML2_LICENSE = MIT
+4 -4
View File
@@ -214,15 +214,15 @@ endchoice
config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.98" if BR2_KERNEL_HEADERS_3_2
default "3.2.101" if BR2_KERNEL_HEADERS_3_2
default "3.4.113" if BR2_KERNEL_HEADERS_3_4
default "3.10.108" if BR2_KERNEL_HEADERS_3_10
default "3.12.74" if BR2_KERNEL_HEADERS_3_12
default "3.18.72" if BR2_KERNEL_HEADERS_3_18
default "3.19.8" if BR2_KERNEL_HEADERS_3_19
default "4.0.9" if BR2_KERNEL_HEADERS_4_0
default "4.1.49" if BR2_KERNEL_HEADERS_4_1
default "4.4.114" if BR2_KERNEL_HEADERS_4_4
default "4.1.51" if BR2_KERNEL_HEADERS_4_1
default "4.4.127" if BR2_KERNEL_HEADERS_4_4
default "4.8.17" if BR2_KERNEL_HEADERS_4_8
default "4.9.79" if BR2_KERNEL_HEADERS_4_9
default "4.9.93" if BR2_KERNEL_HEADERS_4_9
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+1 -1
View File
@@ -1,2 +1,2 @@
# sha256 locally computed
sha256 9d4d00614d6b9dec3114b33d1224b6262b99ace24434c53487a0c8fd0b18cfed lz4-r131.tar.gz
sha256 0190cacd63022ccb86f44fa5041dc6c3804407ad61550ca21c382827319e7e7e lz4-v1.7.5.tar.gz
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
LZ4_VERSION = r131
LZ4_SITE = $(call github,Cyan4973,lz4,$(LZ4_VERSION))
LZ4_VERSION = v1.7.5
LZ4_SITE = $(call github,lz4,lz4,$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2c (library), GPLv2+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
+2 -2
View File
@@ -1,5 +1,5 @@
# From https://downloads.mariadb.org/mariadb/10.1.30/
sha256 173a5e5a24819e0a469c3bd09b5c98491676c37c6095882a2ea34c5af0996c88 mariadb-10.1.30.tar.gz
# From https://downloads.mariadb.org/mariadb/10.1.31/
sha256 ab7641c2fe4e5289da6141766a9c3350e013def56fafd6f1377080bc8048b2e6 mariadb-10.1.31.tar.gz
# Hash for license files
sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a README
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
MARIADB_VERSION = 10.1.30
MARIADB_VERSION = 10.1.31
MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
MARIADB_LICENSE = GPLv2 (server), GPLv2 with FLOSS exception (GPL client library), LGPLv2 (LGPL client library)
# Tarball no longer contains LGPL license text
@@ -0,0 +1,33 @@
From 129f50838bf14f4e1319f06f41c827fae9cc4b73 Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Thu, 8 Feb 2018 14:25:36 +0000
Subject: [PATCH] dhm: Fix typo in RFC 5114 constants
We accidentally named the constant MBEDTLS_DHM_RFC5114_MODP_P instead of
MBEDTLS_DHM_RFC5114_MODP_2048_P.
Fixes #1358
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 129f50838bf
include/mbedtls/dhm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index da2e66b111b6..00fafd8d16f4 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -372,7 +372,7 @@ MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
* in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
* IETF Standards</em>.
*/
-#define MBEDTLS_DHM_RFC5114_MODP_P \
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
--
2.16.1
+3 -3
View File
@@ -1,5 +1,5 @@
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-released
sha1 e914288da50977f541773f9d36e26f14926594a5 mbedtls-2.6.0-apache.tgz
sha256 99bc9d4212d3d885eeb96273bcde8ecc649a481404b8d7ea7bb26397c9909687 mbedtls-2.6.0-apache.tgz
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.7.0-2.1.10-and-1.3.22-released
sha1 01ffebf679c8696cc941c41224fa73d8944d2c85 mbedtls-2.7.0-apache.tgz
sha256 aeb66d6cd43aa1c79c145d15845c655627a7fc30d624148aaafbb6c36d7f55ef mbedtls-2.7.0-apache.tgz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
MBEDTLS_SITE = https://tls.mbed.org/code/releases
MBEDTLS_VERSION = 2.6.0
MBEDTLS_VERSION = 2.7.0
MBEDTLS_SOURCE = mbedtls-$(MBEDTLS_VERSION)-apache.tgz
MBEDTLS_CONF_OPTS = \
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_MBEDTLS_PROGRAMS),ON,OFF) \
@@ -0,0 +1,49 @@
From 4822aa97da80a86033ec6e4a8b2f4ad0911235cf Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Sat, 3 Mar 2018 11:04:47 +0100
Subject: [PATCH] websockets.c: unbreak build without TLS
Commit 7943072b1f3b (Fix use_identity_as_username not working on websockets
clients) added code which unconditionally accesses mosq-ssl, breaking the
build when TLS support is disabled.
Fix it by guarding this logic inside #ifdef WITH_TLS.
[Upstream: https://dev.eclipse.org/mhonarc/lists/mosquitto-dev/msg01813.html]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/websockets.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/websockets.c b/src/websockets.c
index d4d7961..a796f0a 100644
--- a/src/websockets.c
+++ b/src/websockets.c
@@ -201,12 +201,14 @@ static int callback_mqtt(struct libwebsocket_context *context,
mosq->ws_context = context;
#endif
mosq->wsi = wsi;
+#ifdef WITH_TLS
if(in){
mosq->ssl = (SSL *)in;
if(!mosq->listener->ssl_ctx){
mosq->listener->ssl_ctx = SSL_get_SSL_CTX(mosq->ssl);
}
}
+#endif
u->mosq = mosq;
}else{
return -1;
@@ -240,7 +242,9 @@ static int callback_mqtt(struct libwebsocket_context *context,
mosq->pollfd_index = -1;
}
mosq->wsi = NULL;
+#ifdef WITH_TLS
mosq->ssl = NULL;
+#endif
do_disconnect(db, mosq);
}
break;
--
2.11.0
+7 -3
View File
@@ -1,3 +1,7 @@
# Locally computed:
sha512 75e6105498869ab13265df7a0bea6052c014d59d0c0efb61162d8257d34c0153fce32130e84c28e99fd494f374949aac5e01c19f7439c2eea575b52ef1179c3c mosquitto-1.4.12.tar.gz
sha256 06abd1206e548ac2378dd96f5434cb3e40ed77cecb6a9c37fbabab0b0f1360e5 mosquitto-1.4.x_cve-2017-9868.patch
# Locally calculated after checking gpg signature
sha256 7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 mosquitto-1.4.15.tar.gz
# License files
sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1 LICENSE.txt
sha256 3b9be6b894d0769de796e653571ff6cef494913c0ce78c35a97db939e7d9087c epl-v10
sha256 e8cf7d54ea46c19aba793983889b7f7425e1ebfcaaccec764a7db091646e203c edl-v10
+2 -4
View File
@@ -4,13 +4,11 @@
#
################################################################################
MOSQUITTO_VERSION = 1.4.12
MOSQUITTO_SITE = http://mosquitto.org/files/source
MOSQUITTO_VERSION = 1.4.15
MOSQUITTO_SITE = https://mosquitto.org/files/source
MOSQUITTO_LICENSE = EPLv1.0 or EDLv1.0
MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10
MOSQUITTO_INSTALL_STAGING = YES
MOSQUITTO_PATCH = \
https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch
MOSQUITTO_MAKE_OPTS = \
UNAME=Linux \
-23
View File
@@ -1,23 +0,0 @@
ntpq/Makefile.am: add NTP_HARD_CFLAGS
Pass NTP_HARD_CFLAGS when building ntpq, like in all other ntp
modules, to make sure -fPIC is passed.
Originally taken from
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=494143c3b4921a5c8b8596d58f2c8b98296bf688.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Index: b/ntpq/Makefile.am
===================================================================
--- a/ntpq/Makefile.am
+++ b/ntpq/Makefile.am
@@ -23,7 +23,7 @@
ntpq_LDADD += $(LDADD_NTP)
noinst_HEADERS= ntpq.h
noinst_LIBRARIES= libntpq.a
-libntpq_a_CFLAGS= -DNO_MAIN_ALLOWED -DBUILD_AS_LIB
+libntpq_a_CFLAGS= $(NTP_HARD_CFLAGS) -DNO_MAIN_ALLOWED -DBUILD_AS_LIB
CLEANFILES=
DISTCLEANFILES= .version version.c config.log $(man_MANS)
ETAGS_ARGS= Makefile.am
-1
View File
@@ -1,7 +1,6 @@
config BR2_PACKAGE_NTP
bool "ntp"
select BR2_PACKAGE_LIBEVENT
select BR2_PACKAGE_OPENSSL
help
Network Time Protocol suite/programs.
Provides things like ntpd, ntpdate, ntpq, etc...
+4 -3
View File
@@ -1,4 +1,5 @@
# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz.md5
md5 745384ed0dedb3f66b33fe84d66466f9 ntp-4.2.8p10.tar.gz
# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p11.tar.gz.md5
md5 00950ca2855579541896513e78295361 ntp-4.2.8p11.tar.gz
# Calculated based on the hash above
sha256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f ntp-4.2.8p10.tar.gz
sha256 f14a39f753688252d683ff907035ffff106ba8d3db21309b742e09b5c3cd278e ntp-4.2.8p11.tar.gz
sha256 62c87b269365b38b55359b16dfde7ec28c683c722ef489db90afd0f2e478e4a1 COPYRIGHT
+12 -7
View File
@@ -5,9 +5,9 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
NTP_VERSION = $(NTP_VERSION_MAJOR).8p11
NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_LICENSE = ntp license
NTP_LICENSE_FILES = COPYRIGHT
NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no
@@ -18,16 +18,21 @@ NTP_CONF_OPTS = \
--disable-debugging \
--with-yielding-select=yes \
--disable-local-libevent \
--with-crypto
# 0002-ntp-syscalls-fallback.patch
# 0003-ntpq-fpic.patch
NTP_AUTORECONF = YES
ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
NTP_CONF_OPTS += --with-locfile=linux
ifeq ($(BR2_PACKAGE_OPENSSL),y)
NTP_CONF_OPTS += --with-crypto --enable-openssl-random
NTP_DEPENDENCIES += openssl
else
NTP_CONF_OPTS += --with-locfile=default
NTP_CONF_OPTS += --without-crypto --disable-openssl-random
endif
ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
NTP_CONF_OPTS += --with-hardenfile=linux
else
NTP_CONF_OPTS += --with-hardenfile=default
endif
ifeq ($(BR2_PACKAGE_LIBCAP),y)
+2 -2
View File
@@ -3,7 +3,7 @@ config BR2_PACKAGE_OPENBLAS_DEFAULT_TARGET
default "P2" if BR2_x86_pentium2
default "KATMAI" if BR2_x86_pentium3
default "NORTHWOOD" if BR2_x86_pentium4
default "PRESCOTT" if BR2_x86_prescott
default "PRESCOTT" if BR2_x86_prescott || BR2_x86_nocona
default "BANIAS" if BR2_x86_pentium_m
default "CORE2" if BR2_x86_core2
default "NEHALEM" if BR2_x86_corei7
@@ -14,9 +14,9 @@ config BR2_PACKAGE_OPENBLAS_DEFAULT_TARGET
default "OPTERON" if BR2_x86_opteron
default "OPTERON_SSE3" if BR2_x86_opteron_sse3
default "BARCELONA" if BR2_x86_barcelona
default "JAGUAR" if BR2_x86_jaguar
default "STEAMROLLER" if BR2_x86_steamroller
default "VIAC3" if BR2_x86_c3 || BR2_x86_c32
default "SSE_GENERIC" if BR2_X86_CPU_HAS_SSE
default "POWER4" if BR2_powerpc_power4
default "POWER5" if BR2_powerpc_power5
default "POWER6" if BR2_powerpc_power6
+1
View File
@@ -340,6 +340,7 @@ OPENCV3_CONF_OPTS += \
-DPYTHON3_NUMPY_VERSION=$(PYTHON_NUMPY_VERSION)
OPENCV3_DEPENDENCIES += python3
endif
OPENCV3_CONF_ENV += $(PKG_PYTHON_DISTUTILS_ENV)
OPENCV3_DEPENDENCIES += python-numpy
else
OPENCV3_CONF_OPTS += \
+3 -3
View File
@@ -1,8 +1,8 @@
# From https://www.openssl.org/source/openssl-1.0.2n.tar.gz.sha256
sha256 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe openssl-1.0.2n.tar.gz
# From https://www.openssl.org/source/openssl-1.0.2o.tar.gz.sha256
sha256 ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d openssl-1.0.2o.tar.gz
# Locally computed
sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956 openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 deaf6f3af41874ecc6d63841ea14b8e6c71cea81d4a511a754bc90c9a993147f openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 9ee37d72966bb4a841343f0606ce44d41b3eae4df4285200c5a8ddc2b935992a LICENSE
sha256 c8f60f4842bbad0353f5d81620e72b168b5638ca3a0a999f5da113b22491612e LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
OPENSSL_VERSION = 1.0.2n
OPENSSL_VERSION = 1.0.2o
OPENSSL_SITE = http://www.openssl.org/source
OPENSSL_LICENSE = OpenSSL or SSLeay
OPENSSL_LICENSE_FILES = LICENSE
@@ -0,0 +1,33 @@
From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon, 12 Feb 2018 16:48:24 +0100
Subject: [PATCH] Fix segfault with mangled rename patch
http://savannah.gnu.org/bugs/?53132
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit f290f48a6218
src/pch.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/pch.c b/src/pch.c
index ff9ed2cebb8a..bc6278c4032c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
--
2.16.1
@@ -0,0 +1,37 @@
From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 11:34:51 +0200
Subject: [PATCH] Allow input files to be missing for ed-style patches
* src/pch.c (do_ed_script): Allow input files to be missing so that new
files will be created as with non-ed-style patches.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit b5a91a01e5d0
src/pch.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/pch.c b/src/pch.c
index bc6278c4032c..0c5cc2623079 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
if (! dry_run && ! skip_rest_of_patch) {
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- assert (! inerrno);
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
sprintf (buf, "%s %s%s", editor_program,
verbosity == VERBOSE ? "" : "- ",
outname);
--
2.16.3
@@ -0,0 +1,157 @@
From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 12:14:49 +0200
Subject: [PATCH] Fix arbitrary command execution in ed-style patches
(CVE-2018-1000156)
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
[baruch: drop test hunks to avoid autoreconf]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 123eaff0d5d1
src/pch.c | 91 ++++++++++++++++++++++++++++++++++++++++---------------
tests/Makefile.am | 1 +
tests/ed-style | 41 +++++++++++++++++++++++++
3 files changed, 108 insertions(+), 25 deletions(-)
create mode 100644 tests/ed-style
diff --git a/src/pch.c b/src/pch.c
index 0c5cc2623079..4fd5a05a6f5c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -33,6 +33,7 @@
# include <io.h>
#endif
#include <safe.h>
+#include <sys/wait.h>
#define INITHUNKMAX 125 /* initial dynamic allocation size */
@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
static char const editor_program[] = EDITOR_PROGRAM;
file_offset beginning_of_this_line;
- FILE *pipefp = 0;
size_t chars_read;
+ FILE *tmpfp = 0;
+ char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+ if (! dry_run && ! skip_rest_of_patch)
+ {
+ /* Write ed script to a temporary file. This causes ed to abort on
+ invalid commands such as when line numbers or ranges exceed the
+ number of available lines. When ed reads from a pipe, it rejects
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ }
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- if (inerrno != ENOENT)
- {
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
- fflush (stdout);
- pipefp = popen(buf, binary_transput ? "wb" : "w");
- if (!pipefp)
- pfatal ("Can't open pipe to %s", quotearg (buf));
- }
for (;;) {
char ed_command_letter;
beginning_of_this_line = file_tell (pfp);
@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
}
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (ed_command_letter != 'd' && ed_command_letter != 's') {
p_pass_comments_through = true;
while ((chars_read = get_line ()) != 0) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
- if (!pipefp)
+ if (!tmpfp)
return;
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
- || fflush (pipefp) != 0)
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ || fflush (tmpfp) != 0)
write_fatal ();
- if (pclose (pipefp) != 0)
- fatal ("%s FAILED", editor_program);
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ *outname_needs_removal = true;
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+ sprintf (buf, "%s %s%s", editor_program,
+ verbosity == VERBOSE ? "" : "- ",
+ outname);
+ fflush (stdout);
+
+ pid = fork();
+ if (pid == -1)
+ pfatal ("Can't fork");
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ _exit (2);
+ }
+ else
+ {
+ int wstatus;
+ if (waitpid (pid, &wstatus, 0) == -1
+ || ! WIFEXITED (wstatus)
+ || WEXITSTATUS (wstatus) != 0)
+ fatal ("%s FAILED", editor_program);
+ }
+ }
+
+ fclose (tmpfp);
+ safe_unlink (tmpname);
if (ofp)
{
--
2.16.3
+2
View File
@@ -1,5 +1,6 @@
config BR2_PACKAGE_PATCH
bool "patch"
depends on BR2_USE_MMU # fork()
depends on BR2_USE_WCHAR
depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
help
@@ -10,4 +11,5 @@ config BR2_PACKAGE_PATCH
comment "patch needs a toolchain w/ wchar"
depends on !BR2_USE_WCHAR
depends on BR2_USE_MMU
depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
+3 -1
View File
@@ -1,2 +1,4 @@
# Locally calculated after checking pgp signature
sha256 fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299 patch-2.7.5.tar.xz
sha256 ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd patch-2.7.6.tar.xz
# Locally calculated
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
PATCH_VERSION = 2.7.5
PATCH_VERSION = 2.7.6
PATCH_SOURCE = patch-$(PATCH_VERSION).tar.xz
PATCH_SITE = $(BR2_GNU_MIRROR)/patch
PATCH_LICENSE = GPLv3+
+3 -3
View File
@@ -1,4 +1,4 @@
# From https://ftp.postgresql.org/pub/source/v9.6.6/postgresql-9.6.6.tar.bz2.sha256
sha256 399cdffcb872f785ba67e25d275463d74521566318cfef8fe219050d063c8154 postgresql-9.6.6.tar.bz2
# From https://ftp.postgresql.org/pub/source/v9.6.8/postgresql-9.6.8.tar.bz2.sha256
sha256 eafdb3b912e9ec34bdd28b651d00226a6253ba65036cb9a41cad2d9e82e3eb70 postgresql-9.6.8.tar.bz2
# License file, Locally calculated
sha256 7dc8de32741ad1b03e21710771b55a1b9d460671d47f28a8840f917e38c66676 COPYRIGHT
sha256 24cfc70cf16b3a23242c49ffce39510683bdd48cbedb8a46fe03976ee5f5c21e COPYRIGHT
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
POSTGRESQL_VERSION = 9.6.6
POSTGRESQL_VERSION = 9.6.8
POSTGRESQL_SOURCE = postgresql-$(POSTGRESQL_VERSION).tar.bz2
POSTGRESQL_SITE = http://ftp.postgresql.org/pub/source/v$(POSTGRESQL_VERSION)
POSTGRESQL_LICENSE = PostgreSQL
+1
View File
@@ -1,6 +1,7 @@
config BR2_PACKAGE_PYTHON_WEBPY
bool "python-webpy"
depends on BR2_PACKAGE_PYTHON
select BR2_PACKAGE_PYTHON_HASHLIB
help
web.py is a web framework for Python that is as simple as it is
powerful.
+3 -1
View File
@@ -1,2 +1,4 @@
# Locally computed
sha256 c3cb8930739294103b1ad109e5fd1d0efae67c06d5b6d59fce5b5a2ee6b21624 python-webpy-webpy-0.37.tar.gz
sha256 f074241a0b839408a0b9840ade1198e16fbd6aa6393a48a0e84f73b545baab9a python-webpy-webpy-0.39.tar.gz
sha256 3826fd531a9b904841f5e3560fcda7e93f2ab8d11ef124ec65e10625efa26c34 LICENSE.txt
sha256 7347fd17bfd33c4093c31dc77076733e1e0150ce8c13296c56dc042bbecede84 web/wsgiserver/LICENSE.txt
+2 -2
View File
@@ -4,9 +4,9 @@
#
################################################################################
PYTHON_WEBPY_VERSION = webpy-0.37
PYTHON_WEBPY_VERSION = webpy-0.39
PYTHON_WEBPY_SITE = $(call github,webpy,webpy,$(PYTHON_WEBPY_VERSION))
PYTHON_WEBPY_SETUP_TYPE = distutils
PYTHON_WEBPY_SETUP_TYPE = setuptools
PYTHON_WEBPY_LICENSE = Public Domain, CherryPy License
PYTHON_WEBPY_LICENSE_FILES = LICENSE.txt web/wsgiserver/LICENSE.txt
+1 -1
View File
@@ -6,7 +6,7 @@
QT53D_VERSION = $(QT5_VERSION)
QT53D_SITE = $(QT5_SITE)
QT53D_SOURCE = qt3d-opensource-src-$(QT5SVG_VERSION).tar.xz
QT53D_SOURCE = qt3d-opensource-src-$(QT53D_VERSION).tar.xz
QT53D_DEPENDENCIES = qt5base qt5declarative
QT53D_INSTALL_STAGING = YES
+1 -1
View File
@@ -6,7 +6,7 @@
QT5TOOLS_VERSION = $(QT5_VERSION)
QT5TOOLS_SITE = $(QT5_SITE)
QT5TOOLS_SOURCE = qttools-opensource-src-$(QT5BASE_VERSION).tar.xz
QT5TOOLS_SOURCE = qttools-opensource-src-$(QT5TOOLS_VERSION).tar.xz
QT5TOOLS_DEPENDENCIES = qt5base
QT5TOOLS_INSTALL_STAGING = YES
@@ -0,0 +1,69 @@
From cc2e6770697e343f4af534114ab7e633d5beabec Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul@jakma.org>
Date: Wed, 3 Jan 2018 23:57:33 +0000
Subject: [PATCH] bgpd/security: invalid attr length sends NOTIFY with data
overrun
Security issue: Quagga-2018-0543
See: https://www.quagga.net/security/Quagga-2018-0543.txt
* bgpd/bgp_attr.c: (bgp_attr_parse) An invalid attribute length is correctly
checked, and a NOTIFY prepared. The NOTIFY can include the incorrect
received data with the NOTIFY, for debug purposes. Commit
c69698704806a9ac5 modified the code to do that just, and also send the
malformed attr with the NOTIFY. However, the invalid attribute length was
used as the length of the data to send back.
The result is a read past the end of data, which is then written to the
NOTIFY message and sent to the peer.
A configured BGP peer can use this bug to read up to 64 KiB of memory from
the bgpd process, or crash the process if the invalid read is caught by
some means (unmapped page and SEGV, or other mechanism) resulting in a DoS.
This bug _ought_ /not/ be exploitable by anything other than the connected
BGP peer, assuming the underlying TCP transport is secure. For no BGP
peer should send on an UPDATE with this attribute. Quagga will not, as
Quagga always validates the attr header length, regardless of type.
However, it is possible that there are BGP implementations that do not
check lengths on some attributes (e.g. optional/transitive ones of a type
they do not recognise), and might pass such malformed attrs on. If such
implementations exists and are common, then this bug might be triggerable
by BGP speakers further hops away. Those peers will not receive the
NOTIFY (unless they sit on a shared medium), however they might then be
able to trigger a DoS.
Fix: use the valid bound to calculate the length.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
bgpd/bgp_attr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index ef58beb1..9564637e 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -2147,6 +2147,8 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size,
memset (seen, 0, BGP_ATTR_BITMAP_SIZE);
/* End pointer of BGP attribute. */
+ assert (size <= stream_get_size (BGP_INPUT (peer)));
+ assert (size <= stream_get_endp (BGP_INPUT (peer)));
endp = BGP_INPUT_PNT (peer) + size;
/* Get attributes to the end of attribute length. */
@@ -2228,7 +2230,7 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size,
bgp_notify_send_with_data (peer,
BGP_NOTIFY_UPDATE_ERR,
BGP_NOTIFY_UPDATE_ATTR_LENG_ERR,
- startp, attr_endp - startp);
+ startp, endp - startp);
return BGP_ATTR_PARSE_ERROR;
}
--
2.11.0
@@ -0,0 +1,112 @@
From e69b535f92eafb599329bf725d9b4c6fd5d7fded Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul@jakma.org>
Date: Sat, 6 Jan 2018 19:52:10 +0000
Subject: [PATCH] bgpd/security: Fix double free of unknown attribute
Security issue: Quagga-2018-1114
See: https://www.quagga.net/security/Quagga-2018-1114.txt
It is possible for bgpd to double-free an unknown attribute. This can happen
via bgp_update_receive receiving an UPDATE with an invalid unknown attribute.
bgp_update_receive then will call bgp_attr_unintern_sub and bgp_attr_flush,
and the latter may try free an already freed unknown attr.
* bgpd/bgp_attr.c: (transit_unintern) Take a pointer to the caller's storage
for the (struct transit *), so that transit_unintern can NULL out the
caller's reference if the (struct transit) is freed.
(cluster_unintern) By inspection, appears to have a similar issue.
(bgp_attr_unintern_sub) adjust for above.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
bgpd/bgp_attr.c | 33 +++++++++++++++++++--------------
bgpd/bgp_attr.h | 4 ++--
2 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index 9564637e..0c2806b5 100644
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -199,15 +199,17 @@ cluster_intern (struct cluster_list *cluster)
}
void
-cluster_unintern (struct cluster_list *cluster)
+cluster_unintern (struct cluster_list **cluster)
{
- if (cluster->refcnt)
- cluster->refcnt--;
+ struct cluster_list *c = *cluster;
+ if (c->refcnt)
+ c->refcnt--;
- if (cluster->refcnt == 0)
+ if (c->refcnt == 0)
{
- hash_release (cluster_hash, cluster);
- cluster_free (cluster);
+ hash_release (cluster_hash, c);
+ cluster_free (c);
+ *cluster = NULL;
}
}
@@ -357,15 +359,18 @@ transit_intern (struct transit *transit)
}
void
-transit_unintern (struct transit *transit)
+transit_unintern (struct transit **transit)
{
- if (transit->refcnt)
- transit->refcnt--;
+ struct transit *t = *transit;
+
+ if (t->refcnt)
+ t->refcnt--;
- if (transit->refcnt == 0)
+ if (t->refcnt == 0)
{
- hash_release (transit_hash, transit);
- transit_free (transit);
+ hash_release (transit_hash, t);
+ transit_free (t);
+ *transit = NULL;
}
}
@@ -820,11 +825,11 @@ bgp_attr_unintern_sub (struct attr *attr)
UNSET_FLAG(attr->flag, ATTR_FLAG_BIT (BGP_ATTR_LARGE_COMMUNITIES));
if (attr->extra->cluster)
- cluster_unintern (attr->extra->cluster);
+ cluster_unintern (&attr->extra->cluster);
UNSET_FLAG(attr->flag, ATTR_FLAG_BIT (BGP_ATTR_CLUSTER_LIST));
if (attr->extra->transit)
- transit_unintern (attr->extra->transit);
+ transit_unintern (&attr->extra->transit);
}
}
diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
index 9ff074b2..052acc7d 100644
--- a/bgpd/bgp_attr.h
+++ b/bgpd/bgp_attr.h
@@ -187,10 +187,10 @@ extern unsigned long int attr_unknown_count (void);
/* Cluster list prototypes. */
extern int cluster_loop_check (struct cluster_list *, struct in_addr);
-extern void cluster_unintern (struct cluster_list *);
+extern void cluster_unintern (struct cluster_list **);
/* Transit attribute prototypes. */
-void transit_unintern (struct transit *);
+void transit_unintern (struct transit **);
/* Below exported for unit-test purposes only */
struct bgp_attr_parser_args {
--
2.11.0
@@ -0,0 +1,114 @@
From 9e5251151894aefdf8e9392a2371615222119ad8 Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul@jakma.org>
Date: Sat, 6 Jan 2018 22:31:52 +0000
Subject: [PATCH] bgpd/security: debug print of received NOTIFY data can
over-read msg array
Security issue: Quagga-2018-1550
See: https://www.quagga.net/security/Quagga-2018-1550.txt
* bgpd/bgp_debug.c: (struct message) Nearly every one of the NOTIFY
code/subcode message arrays has their corresponding size variables off
by one, as most have 1 as first index.
This means (bgp_notify_print) can cause mes_lookup to overread the (struct
message) by 1 pointer value if given an unknown index.
Fix the bgp_notify_..._msg_max variables to use the compiler to calculate
the correct sizes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
bgpd/bgp_debug.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/bgpd/bgp_debug.c b/bgpd/bgp_debug.c
index ba797228..43faee7c 100644
--- a/bgpd/bgp_debug.c
+++ b/bgpd/bgp_debug.c
@@ -29,6 +29,7 @@ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
#include "log.h"
#include "sockunion.h"
#include "filter.h"
+#include "memory.h"
#include "bgpd/bgpd.h"
#include "bgpd/bgp_aspath.h"
@@ -73,7 +74,8 @@ const struct message bgp_status_msg[] =
{ Clearing, "Clearing" },
{ Deleted, "Deleted" },
};
-const int bgp_status_msg_max = BGP_STATUS_MAX;
+#define BGP_DEBUG_MSG_MAX(msg) const int msg ## _max = array_size (msg)
+BGP_DEBUG_MSG_MAX (bgp_status_msg);
/* BGP message type string. */
const char *bgp_type_str[] =
@@ -84,7 +86,8 @@ const char *bgp_type_str[] =
"NOTIFICATION",
"KEEPALIVE",
"ROUTE-REFRESH",
- "CAPABILITY"
+ "CAPABILITY",
+ NULL,
};
/* message for BGP-4 Notify */
@@ -98,15 +101,15 @@ static const struct message bgp_notify_msg[] =
{ BGP_NOTIFY_CEASE, "Cease"},
{ BGP_NOTIFY_CAPABILITY_ERR, "CAPABILITY Message Error"},
};
-static const int bgp_notify_msg_max = BGP_NOTIFY_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_msg);
static const struct message bgp_notify_head_msg[] =
{
{ BGP_NOTIFY_HEADER_NOT_SYNC, "/Connection Not Synchronized"},
{ BGP_NOTIFY_HEADER_BAD_MESLEN, "/Bad Message Length"},
- { BGP_NOTIFY_HEADER_BAD_MESTYPE, "/Bad Message Type"}
+ { BGP_NOTIFY_HEADER_BAD_MESTYPE, "/Bad Message Type"},
};
-static const int bgp_notify_head_msg_max = BGP_NOTIFY_HEADER_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_head_msg);
static const struct message bgp_notify_open_msg[] =
{
@@ -119,7 +122,7 @@ static const struct message bgp_notify_open_msg[] =
{ BGP_NOTIFY_OPEN_UNACEP_HOLDTIME, "/Unacceptable Hold Time"},
{ BGP_NOTIFY_OPEN_UNSUP_CAPBL, "/Unsupported Capability"},
};
-static const int bgp_notify_open_msg_max = BGP_NOTIFY_OPEN_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_open_msg);
static const struct message bgp_notify_update_msg[] =
{
@@ -136,7 +139,7 @@ static const struct message bgp_notify_update_msg[] =
{ BGP_NOTIFY_UPDATE_INVAL_NETWORK, "/Invalid Network Field"},
{ BGP_NOTIFY_UPDATE_MAL_AS_PATH, "/Malformed AS_PATH"},
};
-static const int bgp_notify_update_msg_max = BGP_NOTIFY_UPDATE_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_update_msg);
static const struct message bgp_notify_cease_msg[] =
{
@@ -150,7 +153,7 @@ static const struct message bgp_notify_cease_msg[] =
{ BGP_NOTIFY_CEASE_COLLISION_RESOLUTION, "/Connection collision resolution"},
{ BGP_NOTIFY_CEASE_OUT_OF_RESOURCE, "/Out of Resource"},
};
-static const int bgp_notify_cease_msg_max = BGP_NOTIFY_CEASE_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_cease_msg);
static const struct message bgp_notify_capability_msg[] =
{
@@ -159,7 +162,7 @@ static const struct message bgp_notify_capability_msg[] =
{ BGP_NOTIFY_CAPABILITY_INVALID_LENGTH, "/Invalid Capability Length"},
{ BGP_NOTIFY_CAPABILITY_MALFORMED_CODE, "/Malformed Capability Value"},
};
-static const int bgp_notify_capability_msg_max = BGP_NOTIFY_CAPABILITY_MAX;
+BGP_DEBUG_MSG_MAX (bgp_notify_capability_msg);
/* Origin strings. */
const char *bgp_origin_str[] = {"i","e","?"};
--
2.11.0
@@ -0,0 +1,43 @@
From ce07207c50a3d1f05d6dd49b5294282e59749787 Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul@jakma.org>
Date: Sat, 6 Jan 2018 21:20:51 +0000
Subject: [PATCH] bgpd/security: fix infinite loop on certain invalid OPEN
messages
Security issue: Quagga-2018-1975
See: https://www.quagga.net/security/Quagga-2018-1975.txt
* bgpd/bgp_packet.c: (bgp_capability_msg_parse) capability parser can infinite
loop due to checks that issue 'continue' without bumping the input
pointer.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
bgpd/bgp_packet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index b3d601fc..f9338d8d 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -2328,7 +2328,8 @@ bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
end = pnt + length;
- while (pnt < end)
+ /* XXX: Streamify this */
+ for (; pnt < end; pnt += hdr->length + 3)
{
/* We need at least action, capability code and capability length. */
if (pnt + 3 > end)
@@ -2416,7 +2417,6 @@ bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length)
zlog_warn ("%s unrecognized capability code: %d - ignored",
peer->host, hdr->code);
}
- pnt += hdr->length + 3;
}
return 0;
}
--
2.11.0
@@ -1,45 +0,0 @@
From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001
From: Jeriko One <jeriko.one@gmx.us>
Date: Thu, 2 Nov 2017 23:44:19 -0700
Subject: [PATCH] Check fname in recv_files sooner.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 3e06d40029c
receiver.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/receiver.c b/receiver.c
index baae3a919cdd..9fdafa152cb3 100644
--- a/receiver.c
+++ b/receiver.c
@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name)
file = dir_flist->files[cur_flist->parent_ndx];
fname = local_name ? local_name : f_name(file, fbuf);
+ if (daemon_filter_list.head
+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+ rprintf(FERROR, "attempt to hack rsync failed.\n");
+ exit_cleanup(RERR_PROTOCOL);
+ }
+
if (DEBUG_GTE(RECV, 1))
rprintf(FINFO, "recv_files(%s)\n", fname);
@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name)
cleanup_got_literal = 0;
- if (daemon_filter_list.head
- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
- rprintf(FERROR, "attempt to hack rsync failed.\n");
- exit_cleanup(RERR_PROTOCOL);
- }
-
if (read_batch) {
int wanted = redoing
? we_want_redo(ndx)
--
2.15.0
@@ -1,39 +0,0 @@
From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001
From: Jeriko One <jeriko.one@gmx.us>
Date: Thu, 16 Nov 2017 17:05:42 -0800
Subject: [PATCH] Sanitize xname in read_ndx_and_attrs.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 70aeb5fddd
rsync.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/rsync.c b/rsync.c
index b82e59881018..a0945ba4e7f5 100644
--- a/rsync.c
+++ b/rsync.c
@@ -49,6 +49,7 @@ extern int flist_eof;
extern int file_old_total;
extern int keep_dirlinks;
extern int make_backups;
+extern int sanitize_paths;
extern struct file_list *cur_flist, *first_flist, *dir_flist;
extern struct chmod_mode_struct *daemon_chmod_modes;
#ifdef ICONV_OPTION
@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
if (iflags & ITEM_XNAME_FOLLOWS) {
if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
exit_cleanup(RERR_PROTOCOL);
+
+ if (sanitize_paths) {
+ sanitize_path(buf, buf, "", 0, SP_DEFAULT);
+ len = strlen(buf);
+ }
} else {
*buf = '\0';
len = -1;
--
2.15.0
@@ -1,28 +0,0 @@
From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001
From: Jeriko One <jeriko.one@gmx.us>
Date: Thu, 16 Nov 2017 17:26:03 -0800
Subject: [PATCH] Check daemon filter against fnamecmp in recv_files().
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit 5509597dec
receiver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/receiver.c b/receiver.c
index 9fdafa152cb3..9c46242e013c 100644
--- a/receiver.c
+++ b/receiver.c
@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name)
break;
}
if (!fnamecmp || (daemon_filter_list.head
- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) {
+ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) {
fnamecmp = fname;
fnamecmp_type = FNAMECMP_FNAME;
}
--
2.15.0
@@ -1,33 +0,0 @@
From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Sun, 5 Nov 2017 11:33:15 -0800
Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes
bug 13112.
Fixes CVE-2017-16548
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
Patch status: upstream commit 47a63d90e7
xattrs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/xattrs.c b/xattrs.c
index 68305d75..4867e6f5 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
out_of_memory("receive_xattr");
name = ptr + dget_len + extra_len;
read_buf(f, name, name_len);
+ if (name_len < 1 || name[name_len-1] != '\0') {
+ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
+ exit_cleanup(RERR_FILEIO);
+ }
if (dget_len == datum_len)
read_buf(f, ptr, dget_len);
else {
--
2.11.0
+4 -1
View File
@@ -1,2 +1,5 @@
# Locally calculated after checking pgp signature
sha256 ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2 rsync-3.1.2.tar.gz
# https://download.samba.org/pub/rsync/src/rsync-3.1.3.tar.gz.asc
sha256 55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0 rsync-3.1.3.tar.gz
# Locally calculated
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
RSYNC_VERSION = 3.1.2
RSYNC_VERSION = 3.1.3
RSYNC_SITE = http://rsync.samba.org/ftp/rsync/src
RSYNC_LICENSE = GPLv3+
RSYNC_LICENSE_FILES = COPYING
+1 -1
View File
@@ -1,2 +1,2 @@
# Locally calculated
sha256 811bf727892a1e1e3d170eb72eb39c43d06ed8ff557e5e036a41aabc19008e94 samba-4.5.15.tar.gz
sha256 3a3356faab1694680e2ccd7fdf051ab1bbd3b0d058fc1f671e135dd2d1eae1aa samba-4.5.16.tar.gz
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
SAMBA4_VERSION = 4.5.15
SAMBA4_VERSION = 4.5.16
SAMBA4_SITE = https://download.samba.org/pub/samba/stable
SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
SAMBA4_INSTALL_STAGING = YES
+2 -1
View File
@@ -23,7 +23,8 @@ SNGREP_DEPENDENCIES += openssl
SNGREP_CONF_OPTS += --with-openssl --without-gnutls
# gnutls support also requires libgcrypt
else ifeq ($(BR2_PACKAGE_GNUTLS)$(BR2_PACKAGE_LIBGCRYPT),yy)
SNGREP_DEPENDENCIES += gnutls
SNGREP_CONF_ENV += LIBGCRYPT_CONFIG=$(STAGING_DIR)/usr/bin/libgcrypt-config
SNGREP_DEPENDENCIES += gnutls libgcrypt
SNGREP_CONF_OPTS += --with-gnutls --without-openssl
else
SNGREP_CONF_OPTS += --without-gnutls --without-openssl
+3
View File
@@ -0,0 +1,3 @@
# Locally computed
sha256 ba94cfdf886399c550f76908285bfa9e322f24085de6f1810c2abea565c13a15 tremor-7c30a66346199f3f09017a09567c6c8a3a0eedc8.tar.gz
sha256 d2ab5758336489da61c12cc5bb757da5339c4ae9001f9bb0562b4370249af814 COPYING
+3 -3
View File
@@ -4,9 +4,9 @@
#
################################################################################
TREMOR_SITE = http://svn.xiph.org/trunk/Tremor
TREMOR_SITE_METHOD = svn
TREMOR_VERSION = 19427
TREMOR_VERSION = 7c30a66346199f3f09017a09567c6c8a3a0eedc8
TREMOR_SITE = https://git.xiph.org/tremor.git
TREMOR_SITE_METHOD = git
TREMOR_LICENSE = BSD-3c
TREMOR_LICENSE_FILES = COPYING
@@ -0,0 +1,70 @@
From 876fc3f3907e871d0938ac6c8c5252f5f31abd1f Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 16 Feb 2017 17:11:12 -0800
Subject: [PATCH] fix GitHub issue #19 (new dependency on wchar_t) by removing
dependency
[Upstream commit: https://github.com/dbry/WavPack/commit/876fc3f3907e871d0938ac6c8c5252f5f31abd1f]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
cli/import_id3.c | 10 +++++-----
cli/wvtag.c | 2 ++
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/cli/import_id3.c b/cli/import_id3.c
index 51e54ee..fc30aeb 100644
--- a/cli/import_id3.c
+++ b/cli/import_id3.c
@@ -34,7 +34,7 @@ static struct {
#define NUM_TEXT_TAG_ITEMS (sizeof (text_tag_table) / sizeof (text_tag_table [0]))
-static int WideCharToUTF8 (const wchar_t *Wide, unsigned char *pUTF8, int len);
+static int WideCharToUTF8 (const uint16_t *Wide, unsigned char *pUTF8, int len);
static void Latin1ToUTF8 (void *string, int len);
// Import specified ID3v2.3 tag. The WavPack context accepts the tag items, and can be
@@ -163,7 +163,7 @@ int ImportID3v2 (WavpackContext *wpc, unsigned char *tag_data, int tag_size, cha
}
else if (frame_body [0] == 1 && frame_size > 2 && frame_body [1] == 0xFF && frame_body [2] == 0xFE) {
int nchars = (frame_size - 3) / 2;
- wchar_t *wide_string = malloc ((nchars + 1) * sizeof (wchar_t));
+ uint16_t *wide_string = malloc ((nchars + 1) * sizeof (uint16_t));
unsigned char *fp = frame_body + 3;
utf8_string = malloc ((nchars + 1) * 3);
@@ -297,9 +297,9 @@ int ImportID3v2 (WavpackContext *wpc, unsigned char *tag_data, int tag_size, cha
// may be less than the number of characters in the wide string if the buffer
// length is exceeded.
-static int WideCharToUTF8 (const wchar_t *Wide, unsigned char *pUTF8, int len)
+static int WideCharToUTF8 (const uint16_t *Wide, unsigned char *pUTF8, int len)
{
- const wchar_t *pWide = Wide;
+ const uint16_t *pWide = Wide;
int outndx = 0;
while (*pWide) {
@@ -335,7 +335,7 @@ static int WideCharToUTF8 (const wchar_t *Wide, unsigned char *pUTF8, int len)
static void Latin1ToUTF8 (void *string, int len)
{
int max_chars = (int) strlen (string);
- wchar_t *temp = (wchar_t *) malloc ((max_chars + 1) * 2);
+ uint16_t *temp = (uint16_t *) malloc ((max_chars + 1) * sizeof (uint16_t));
MultiByteToWideChar (28591, 0, string, -1, temp, max_chars + 1);
WideCharToUTF8 (temp, (unsigned char *) string, len);
diff --git a/cli/wvtag.c b/cli/wvtag.c
index 6e6512a..45e621e 100644
--- a/cli/wvtag.c
+++ b/cli/wvtag.c
@@ -1344,7 +1344,9 @@ static void dump_UTF8_string (char *string, FILE *dst)
// resulting string will not fit in the specified buffer size then it is
// truncated.
+#if defined (_WIN32)
static int UTF8ToWideChar (const unsigned char *pUTF8, wchar_t *pWide);
+#endif
static void UTF8ToAnsi (char *string, int len)
{
@@ -0,0 +1,118 @@
From d5bf76b5a88d044a1be1d5656698e3ba737167e5 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Sun, 4 Feb 2018 11:28:15 -0800
Subject: [PATCH] issue #27, do not overwrite stack on corrupt RF64 file
Fixes CVE-2018-6767
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
cli/riff.c | 39 ++++++++++++++++++++++++++++++++-------
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/cli/riff.c b/cli/riff.c
index 8b1af45..de98c1e 100644
--- a/cli/riff.c
+++ b/cli/riff.c
@@ -42,6 +42,7 @@ typedef struct {
#pragma pack(pop)
+#define CS64ChunkFormat "4D"
#define DS64ChunkFormat "DDDL"
#define WAVPACK_NO_ERROR 0
@@ -101,13 +102,13 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
if (!strncmp (chunk_header.ckID, "ds64", 4)) {
if (chunk_header.ckSize < sizeof (DS64Chunk) ||
- !DoReadFile (infile, &ds64_chunk, chunk_header.ckSize, &bcount) ||
- bcount != chunk_header.ckSize) {
+ !DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) ||
+ bcount != sizeof (DS64Chunk)) {
error_line ("%s is not a valid .WAV file!", infilename);
return WAVPACK_SOFT_ERROR;
}
else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) &&
- !WavpackAddWrapper (wpc, &ds64_chunk, chunk_header.ckSize)) {
+ !WavpackAddWrapper (wpc, &ds64_chunk, sizeof (DS64Chunk))) {
error_line ("%s", WavpackGetErrorMessage (wpc));
return WAVPACK_SOFT_ERROR;
}
@@ -315,10 +316,11 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples, int qmode)
{
- int do_rf64 = 0, write_junk = 1;
+ int do_rf64 = 0, write_junk = 1, table_length = 0;
ChunkHeader ds64hdr, datahdr, fmthdr;
RiffChunkHeader riffhdr;
DS64Chunk ds64_chunk;
+ CS64Chunk cs64_chunk;
JunkChunk junkchunk;
WaveHeader wavhdr;
uint32_t bcount;
@@ -380,6 +382,7 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
strncpy (riffhdr.formType, "WAVE", sizeof (riffhdr.formType));
total_riff_bytes = sizeof (riffhdr) + wavhdrsize + sizeof (datahdr) + ((total_data_bytes + 1) & ~(int64_t)1);
if (do_rf64) total_riff_bytes += sizeof (ds64hdr) + sizeof (ds64_chunk);
+ total_riff_bytes += table_length * sizeof (CS64Chunk);
if (write_junk) total_riff_bytes += sizeof (junkchunk);
strncpy (fmthdr.ckID, "fmt ", sizeof (fmthdr.ckID));
strncpy (datahdr.ckID, "data", sizeof (datahdr.ckID));
@@ -394,11 +397,12 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
if (do_rf64) {
strncpy (ds64hdr.ckID, "ds64", sizeof (ds64hdr.ckID));
- ds64hdr.ckSize = sizeof (ds64_chunk);
+ ds64hdr.ckSize = sizeof (ds64_chunk) + (table_length * sizeof (CS64Chunk));
CLEAR (ds64_chunk);
ds64_chunk.riffSize64 = total_riff_bytes;
ds64_chunk.dataSize64 = total_data_bytes;
ds64_chunk.sampleCount64 = total_samples;
+ ds64_chunk.tableLength = table_length;
riffhdr.ckSize = (uint32_t) -1;
datahdr.ckSize = (uint32_t) -1;
WavpackNativeToLittleEndian (&ds64hdr, ChunkHeaderFormat);
@@ -409,6 +413,14 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
datahdr.ckSize = (uint32_t) total_data_bytes;
}
+ // this "table" is just a dummy placeholder for testing (normally not written)
+
+ if (table_length) {
+ strncpy (cs64_chunk.ckID, "dmmy", sizeof (cs64_chunk.ckID));
+ cs64_chunk.chunkSize64 = 12345678;
+ WavpackNativeToLittleEndian (&cs64_chunk, CS64ChunkFormat);
+ }
+
// write the RIFF chunks up to just before the data starts
WavpackNativeToLittleEndian (&riffhdr, ChunkHeaderFormat);
@@ -418,8 +430,21 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
if (!DoWriteFile (outfile, &riffhdr, sizeof (riffhdr), &bcount) || bcount != sizeof (riffhdr) ||
(do_rf64 && (!DoWriteFile (outfile, &ds64hdr, sizeof (ds64hdr), &bcount) || bcount != sizeof (ds64hdr))) ||
- (do_rf64 && (!DoWriteFile (outfile, &ds64_chunk, sizeof (ds64_chunk), &bcount) || bcount != sizeof (ds64_chunk))) ||
- (write_junk && (!DoWriteFile (outfile, &junkchunk, sizeof (junkchunk), &bcount) || bcount != sizeof (junkchunk))) ||
+ (do_rf64 && (!DoWriteFile (outfile, &ds64_chunk, sizeof (ds64_chunk), &bcount) || bcount != sizeof (ds64_chunk)))) {
+ error_line ("can't write .WAV data, disk probably full!");
+ return FALSE;
+ }
+
+ // again, this is normally not written except for testing
+
+ while (table_length--)
+ if (!DoWriteFile (outfile, &cs64_chunk, sizeof (cs64_chunk), &bcount) || bcount != sizeof (cs64_chunk)) {
+ error_line ("can't write .WAV data, disk probably full!");
+ return FALSE;
+ }
+
+
+ if ((write_junk && (!DoWriteFile (outfile, &junkchunk, sizeof (junkchunk), &bcount) || bcount != sizeof (junkchunk))) ||
!DoWriteFile (outfile, &fmthdr, sizeof (fmthdr), &bcount) || bcount != sizeof (fmthdr) ||
!DoWriteFile (outfile, &wavhdr, wavhdrsize, &bcount) || bcount != wavhdrsize ||
!DoWriteFile (outfile, &datahdr, sizeof (datahdr), &bcount) || bcount != sizeof (datahdr)) {
--
2.11.0

Some files were not shown because too many files have changed in this diff Show More