summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>2015-06-10 14:55:14 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-06-23 11:47:40 +0100
commit3886107521ed64d72afb93bfc123f2b81bc4e959 (patch)
tree424a912fa1fdcbe48c2b8d0ffb40ab2082a15172
parent5f0dfecd537e2df72123b14bb6f4633c2f53e696 (diff)
downloadpoky-3886107521ed64d72afb93bfc123f2b81bc4e959.tar.gz
rpm: Fix CVE-2014-8118
Backport patch to fix CVE-2014-8118. Description is on [1] and original patch taken from [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1168715 [2] https://bugzilla.redhat.com/attachment.cgi?id=962159 [YOCTO #7181] (From OE-Core rev: 0a1f924157cb75d0f67cf534762c89dc8656d352) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch43
-rw-r--r--meta/recipes-devtools/rpm/rpm_4.11.2.bb1
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
new file mode 100644
index 0000000000..bf1795ca49
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
@@ -0,0 +1,43 @@
1From 71c812edf1431a9967bd99ba6ffa6ab89eb7ec7c Mon Sep 17 00:00:00 2001
2From: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
3Date: Wed, 10 Jun 2015 12:56:55 +0000
4Subject: [PATCH 1/2] rpm: CVE-2014-8118
5
6Upstream-Status: Backport
7
8Reference:
9https://bugzilla.redhat.com/show_bug.cgi?id=1168715
10
11Description:
12It was found that RPM could encounter an integer overflow,
13leading to a stack-based overflow, while parsing a crafted
14CPIO header in the payload section of an RPM file. This could
15allow an attacker to modify signed RPM files in such a way that
16they would execute code chosen by the attacker during package
17installation.
18
19Original Patch:
20https://bugzilla.redhat.com/attachment.cgi?id=962159
21
22Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
23---
24 lib/cpio.c | 3 +++
25 1 file changed, 3 insertions(+)
26
27diff --git a/lib/cpio.c b/lib/cpio.c
28index 382eeb6..74ddd9c 100644
29--- a/lib/cpio.c
30+++ b/lib/cpio.c
31@@ -296,6 +296,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, struct stat * st)
32 st->st_rdev = makedev(major, minor);
33
34 GET_NUM_FIELD(hdr.namesize, nameSize);
35+ if (nameSize <= 0 || nameSize > 4096) {
36+ return CPIOERR_BAD_HEADER;
37+ }
38
39 *path = xmalloc(nameSize + 1);
40 read = Fread(*path, nameSize, 1, cpio->fd);
41--
421.8.4.5
43
diff --git a/meta/recipes-devtools/rpm/rpm_4.11.2.bb b/meta/recipes-devtools/rpm/rpm_4.11.2.bb
index 4e44bc4fec..7c402b6cfb 100644
--- a/meta/recipes-devtools/rpm/rpm_4.11.2.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.11.2.bb
@@ -34,6 +34,7 @@ SRC_URI += "http://rpm.org/releases/rpm-4.11.x/${BP}.tar.bz2 \
34 file://fix_libdir.patch \ 34 file://fix_libdir.patch \
35 file://rpm-scriptetexechelp.patch \ 35 file://rpm-scriptetexechelp.patch \
36 file://pythondeps.sh \ 36 file://pythondeps.sh \
37 file://rpm-CVE-2014-8118.patch \
37 " 38 "
38 39
39SRC_URI[md5sum] = "876ac9948a88367054f8ddb5c0e87173" 40SRC_URI[md5sum] = "876ac9948a88367054f8ddb5c0e87173"