diff options
Diffstat (limited to 'meta/recipes-core')
3 files changed, 263 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch new file mode 100644 index 0000000000..e3c502091f --- /dev/null +++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch | |||
@@ -0,0 +1,143 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | http://busybox.net/downloads/fixes-1.24.1/ | ||
4 | http://git.busybox.net/busybox/commit/?id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c | ||
5 | http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c | ||
6 | |||
7 | Signed-off-by: Andre McCurdy <armccurdy@gmail.com> | ||
8 | |||
9 | From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001 | ||
10 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
11 | Date: Fri, 30 Oct 2015 23:41:53 +0100 | ||
12 | Subject: [PATCH] [g]unzip: fix recent breakage. | ||
13 | |||
14 | Also, do emit error message we so painstakingly pass from gzip internals | ||
15 | |||
16 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
17 | (cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef) | ||
18 | Signed-off-by: Mike Frysinger <vapier@gentoo.org> | ||
19 | --- | ||
20 | archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------ | ||
21 | testsuite/unzip.tests | 1 + | ||
22 | 2 files changed, 22 insertions(+), 12 deletions(-) | ||
23 | |||
24 | diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c | ||
25 | index c76fd31..357c9bf 100644 | ||
26 | --- a/archival/libarchive/decompress_gunzip.c | ||
27 | +++ b/archival/libarchive/decompress_gunzip.c | ||
28 | @@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
29 | huft_t *q; /* points to current table */ | ||
30 | huft_t r; /* table entry for structure assignment */ | ||
31 | huft_t *u[BMAX]; /* table stack */ | ||
32 | - unsigned v[N_MAX]; /* values in order of bit length */ | ||
33 | - unsigned v_end; | ||
34 | + unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */ | ||
35 | int ws[BMAX + 1]; /* bits decoded stack */ | ||
36 | int w; /* bits decoded */ | ||
37 | unsigned x[BMAX + 1]; /* bit offsets, then code stack */ | ||
38 | @@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
39 | *xp++ = j; | ||
40 | } | ||
41 | |||
42 | - /* Make a table of values in order of bit lengths */ | ||
43 | + /* Make a table of values in order of bit lengths. | ||
44 | + * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX. | ||
45 | + * In particular, last v[i] is never filled and must not be accessed. | ||
46 | + */ | ||
47 | + memset(v, 0xff, sizeof(v)); | ||
48 | p = b; | ||
49 | i = 0; | ||
50 | - v_end = 0; | ||
51 | do { | ||
52 | j = *p++; | ||
53 | if (j != 0) { | ||
54 | v[x[j]++] = i; | ||
55 | - v_end = x[j]; | ||
56 | } | ||
57 | } while (++i < n); | ||
58 | |||
59 | @@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
60 | |||
61 | /* set up table entry in r */ | ||
62 | r.b = (unsigned char) (k - w); | ||
63 | - if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter! | ||
64 | + if (/*p >= v + n || -- redundant, caught by the second check: */ | ||
65 | + *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/ | ||
66 | + ) { | ||
67 | r.e = 99; /* out of values--invalid code */ | ||
68 | } else if (*p < s) { | ||
69 | r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */ | ||
70 | @@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY) | ||
71 | e = t->e; | ||
72 | if (e > 16) | ||
73 | do { | ||
74 | - if (e == 99) | ||
75 | - abort_unzip(PASS_STATE_ONLY);; | ||
76 | + if (e == 99) { | ||
77 | + abort_unzip(PASS_STATE_ONLY); | ||
78 | + } | ||
79 | bb >>= t->b; | ||
80 | k -= t->b; | ||
81 | e -= 16; | ||
82 | @@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY) | ||
83 | e = t->e; | ||
84 | if (e > 16) | ||
85 | do { | ||
86 | - if (e == 99) | ||
87 | + if (e == 99) { | ||
88 | abort_unzip(PASS_STATE_ONLY); | ||
89 | + } | ||
90 | bb >>= t->b; | ||
91 | k -= t->b; | ||
92 | e -= 16; | ||
93 | @@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e) | ||
94 | |||
95 | b_dynamic >>= 4; | ||
96 | k_dynamic -= 4; | ||
97 | - if (nl > 286 || nd > 30) | ||
98 | + if (nl > 286 || nd > 30) { | ||
99 | abort_unzip(PASS_STATE_ONLY); /* bad lengths */ | ||
100 | + } | ||
101 | |||
102 | /* read in bit-length-code lengths */ | ||
103 | for (j = 0; j < nb; j++) { | ||
104 | @@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e) | ||
105 | bl = lbits; | ||
106 | |||
107 | i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl); | ||
108 | - if (i != 0) | ||
109 | + if (i != 0) { | ||
110 | abort_unzip(PASS_STATE_ONLY); | ||
111 | + } | ||
112 | bd = dbits; | ||
113 | i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd); | ||
114 | - if (i != 0) | ||
115 | + if (i != 0) { | ||
116 | abort_unzip(PASS_STATE_ONLY); | ||
117 | + } | ||
118 | |||
119 | /* set up data for inflate_codes() */ | ||
120 | inflate_codes_setup(PASS_STATE bl, bd); | ||
121 | @@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate) | ||
122 | error_msg = "corrupted data"; | ||
123 | if (setjmp(error_jmp)) { | ||
124 | /* Error from deep inside zip machinery */ | ||
125 | + bb_error_msg(error_msg); | ||
126 | n = -1; | ||
127 | goto ret; | ||
128 | } | ||
129 | diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests | ||
130 | index ca0a458..d8738a3 100755 | ||
131 | --- a/testsuite/unzip.tests | ||
132 | +++ b/testsuite/unzip.tests | ||
133 | @@ -34,6 +34,7 @@ rm foo.zip | ||
134 | testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \ | ||
135 | "Archive: bad.zip | ||
136 | inflating: ]3j½r«IK-%Ix | ||
137 | +unzip: corrupted data | ||
138 | unzip: inflate error | ||
139 | 1 | ||
140 | " \ | ||
141 | -- | ||
142 | 2.6.2 | ||
143 | |||
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch new file mode 100644 index 0000000000..718672695c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch | |||
@@ -0,0 +1,118 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | http://busybox.net/downloads/fixes-1.24.1/ | ||
4 | http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e | ||
5 | http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65 | ||
6 | |||
7 | Signed-off-by: Andre McCurdy <armccurdy@gmail.com> | ||
8 | |||
9 | From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001 | ||
10 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
11 | Date: Mon, 26 Oct 2015 19:33:05 +0100 | ||
12 | Subject: [PATCH] unzip: test for bad archive SEGVing | ||
13 | |||
14 | function old new delta | ||
15 | huft_build 1296 1300 +4 | ||
16 | |||
17 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
18 | --- | ||
19 | archival/libarchive/decompress_gunzip.c | 11 +++++++---- | ||
20 | testsuite/unzip.tests | 23 ++++++++++++++++++++++- | ||
21 | 2 files changed, 29 insertions(+), 5 deletions(-) | ||
22 | |||
23 | diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c | ||
24 | index 7b6f459..30bf451 100644 | ||
25 | --- a/archival/libarchive/decompress_gunzip.c | ||
26 | +++ b/archival/libarchive/decompress_gunzip.c | ||
27 | @@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
28 | unsigned i; /* counter, current code */ | ||
29 | unsigned j; /* counter */ | ||
30 | int k; /* number of bits in current code */ | ||
31 | - unsigned *p; /* pointer into c[], b[], or v[] */ | ||
32 | + const unsigned *p; /* pointer into c[], b[], or v[] */ | ||
33 | huft_t *q; /* points to current table */ | ||
34 | huft_t r; /* table entry for structure assignment */ | ||
35 | huft_t *u[BMAX]; /* table stack */ | ||
36 | unsigned v[N_MAX]; /* values in order of bit length */ | ||
37 | + unsigned v_end; | ||
38 | int ws[BMAX + 1]; /* bits decoded stack */ | ||
39 | int w; /* bits decoded */ | ||
40 | unsigned x[BMAX + 1]; /* bit offsets, then code stack */ | ||
41 | @@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
42 | |||
43 | /* Generate counts for each bit length */ | ||
44 | memset(c, 0, sizeof(c)); | ||
45 | - p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */ | ||
46 | + p = b; | ||
47 | i = n; | ||
48 | do { | ||
49 | c[*p]++; /* assume all entries <= BMAX */ | ||
50 | @@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
51 | } | ||
52 | |||
53 | /* Make a table of values in order of bit lengths */ | ||
54 | - p = (unsigned *) b; | ||
55 | + p = b; | ||
56 | i = 0; | ||
57 | + v_end = 0; | ||
58 | do { | ||
59 | j = *p++; | ||
60 | if (j != 0) { | ||
61 | v[x[j]++] = i; | ||
62 | + v_end = x[j]; | ||
63 | } | ||
64 | } while (++i < n); | ||
65 | |||
66 | @@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
67 | |||
68 | /* set up table entry in r */ | ||
69 | r.b = (unsigned char) (k - w); | ||
70 | - if (p >= v + n) { | ||
71 | + if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter! | ||
72 | r.e = 99; /* out of values--invalid code */ | ||
73 | } else if (*p < s) { | ||
74 | r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */ | ||
75 | diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests | ||
76 | index 8677a03..ca0a458 100755 | ||
77 | --- a/testsuite/unzip.tests | ||
78 | +++ b/testsuite/unzip.tests | ||
79 | @@ -7,7 +7,7 @@ | ||
80 | |||
81 | . ./testing.sh | ||
82 | |||
83 | -# testing "test name" "options" "expected result" "file input" "stdin" | ||
84 | +# testing "test name" "commands" "expected result" "file input" "stdin" | ||
85 | # file input will be file called "input" | ||
86 | # test can create a file "actual" instead of writing to stdout | ||
87 | |||
88 | @@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f | ||
89 | rmdir foo | ||
90 | rm foo.zip | ||
91 | |||
92 | +# File containing some damaged encrypted stream | ||
93 | +testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \ | ||
94 | +"Archive: bad.zip | ||
95 | + inflating: ]3j½r«IK-%Ix | ||
96 | +unzip: inflate error | ||
97 | +1 | ||
98 | +" \ | ||
99 | +"" "\ | ||
100 | +begin-base64 644 bad.zip | ||
101 | +UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ | ||
102 | +eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA | ||
103 | +AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA | ||
104 | +oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst | ||
105 | +JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA | ||
106 | +BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW | ||
107 | +NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM= | ||
108 | +==== | ||
109 | +" | ||
110 | + | ||
111 | +rm * | ||
112 | + | ||
113 | # Clean up scratch directory. | ||
114 | |||
115 | cd .. | ||
116 | -- | ||
117 | 2.6.2 | ||
118 | |||
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb index 7d2a7b203c..02e8a4959f 100644 --- a/meta/recipes-core/busybox/busybox_1.24.1.bb +++ b/meta/recipes-core/busybox/busybox_1.24.1.bb | |||
@@ -32,6 +32,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
32 | file://busybox-cross-menuconfig.patch \ | 32 | file://busybox-cross-menuconfig.patch \ |
33 | file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \ | 33 | file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \ |
34 | file://0002-Passthrough-r-to-linker.patch \ | 34 | file://0002-Passthrough-r-to-linker.patch \ |
35 | file://busybox-1.24.1-unzip.patch \ | ||
36 | file://busybox-1.24.1-unzip-regression.patch \ | ||
35 | file://mount-via-label.cfg \ | 37 | file://mount-via-label.cfg \ |
36 | file://sha1sum.cfg \ | 38 | file://sha1sum.cfg \ |
37 | file://sha256sum.cfg \ | 39 | file://sha256sum.cfg \ |