diff options
-rw-r--r-- | recipes-core/icedtea/openjdk-7-03b147/icedtea-CVE-2014-1876-unpack.patch | 44 | ||||
-rw-r--r-- | recipes-core/icedtea/openjdk-7-release-03b147.inc | 2 |
2 files changed, 46 insertions, 0 deletions
diff --git a/recipes-core/icedtea/openjdk-7-03b147/icedtea-CVE-2014-1876-unpack.patch b/recipes-core/icedtea/openjdk-7-03b147/icedtea-CVE-2014-1876-unpack.patch new file mode 100644 index 0000000..d0717c4 --- /dev/null +++ b/recipes-core/icedtea/openjdk-7-03b147/icedtea-CVE-2014-1876-unpack.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | This provides a fix for the security vulnerability reported in | ||
2 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1876 | ||
3 | |||
4 | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, | ||
5 | 7, and 8, and Oracle Java JDK, does not securely create temporary files when a | ||
6 | log file cannot be opened, which allows local users to overwrite arbitrary | ||
7 | files via a symlink attack on /tmp/unpack.log. | ||
8 | |||
9 | Rather than trying to open a /tmp/unpack.log file, this fix comments | ||
10 | out that segment and goes to the fallback options which include | ||
11 | redirecting error to /dev/null, or failing that, redirecting to stderr. | ||
12 | |||
13 | Upstream-Status: Pending | ||
14 | |||
15 | Signed-off-by: Amy Fong <amy.fong@windriver.com> | ||
16 | |||
17 | Index: openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp | ||
18 | =================================================================== | ||
19 | --- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp | ||
20 | +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp | ||
21 | @@ -4757,6 +4757,15 @@ | ||
22 | return; | ||
23 | } else { | ||
24 | char log_file_name[PATH_MAX+100]; | ||
25 | +#if 0 | ||
26 | +/* | ||
27 | +The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, | ||
28 | +7, and 8, and Oracle Java JDK, does not securely create temporary files when a | ||
29 | +log file cannot be opened, which allows local users to overwrite arbitrary | ||
30 | +files via a symlink attack on /tmp/unpack.log. | ||
31 | + | ||
32 | +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1876 | ||
33 | +*/ | ||
34 | char tmpdir[PATH_MAX]; | ||
35 | #ifdef WIN32 | ||
36 | int n = GetTempPath(PATH_MAX,tmpdir); //API returns with trailing '\' | ||
37 | @@ -4781,6 +4790,7 @@ | ||
38 | log_file = errstrm_name = saveStr(log_file_name); | ||
39 | return ; | ||
40 | } | ||
41 | +#endif | ||
42 | #ifndef WIN32 | ||
43 | sprintf(log_file_name, "/dev/null"); | ||
44 | // On windows most likely it will fail. | ||
diff --git a/recipes-core/icedtea/openjdk-7-release-03b147.inc b/recipes-core/icedtea/openjdk-7-release-03b147.inc index dbdc045..83b087c 100644 --- a/recipes-core/icedtea/openjdk-7-release-03b147.inc +++ b/recipes-core/icedtea/openjdk-7-release-03b147.inc | |||
@@ -86,6 +86,7 @@ OPENJDK_PATCHES = " \ | |||
86 | file://icedtea-disable-sun.applet-for-tools-in-headless.patch;apply=no \ | 86 | file://icedtea-disable-sun.applet-for-tools-in-headless.patch;apply=no \ |
87 | file://icedtea-hotspot-fix-undefined-behaviour.patch;apply=no \ | 87 | file://icedtea-hotspot-fix-undefined-behaviour.patch;apply=no \ |
88 | file://icedtea-x11_extension_cleanup.patch;apply=no \ | 88 | file://icedtea-x11_extension_cleanup.patch;apply=no \ |
89 | file://icedtea-CVE-2014-1876-unpack.patch;apply=no \ | ||
89 | " | 90 | " |
90 | 91 | ||
91 | OPENJDK_HEADLESS_PATCHES = " \ | 92 | OPENJDK_HEADLESS_PATCHES = " \ |
@@ -106,5 +107,6 @@ export DISTRIBUTION_PATCHES = " \ | |||
106 | patches/icedtea-change-to-gdb-debug-format.patch \ | 107 | patches/icedtea-change-to-gdb-debug-format.patch \ |
107 | patches/icedtea-hotspot-fix-undefined-behaviour.patch \ | 108 | patches/icedtea-hotspot-fix-undefined-behaviour.patch \ |
108 | patches/icedtea-x11_extension_cleanup.patch \ | 109 | patches/icedtea-x11_extension_cleanup.patch \ |
110 | patches/icedtea-CVE-2014-1876-unpack.patch \ | ||
109 | ${CLEAN_X11_DISTRIBUTION_PATCH} \ | 111 | ${CLEAN_X11_DISTRIBUTION_PATCH} \ |
110 | " | 112 | " |