1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch
new file mode 100644
index 0000000000..195d309506
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch
@@ -0,0 +1,97 @@
+dpkg: Security Advisory - CVE-2014-0471
+commit a82651188476841d190c58693f95827d61959b51 upstream
+Directory traversal vulnerability in the unpacking functionality in
+dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8
+allows remote attackers to write arbitrary files via a crafted source
+package, related to "C-style filename quoting."
+Upstream-Status: Backport
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+===================================================
+diff -uarN dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm
+--- dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm        2014-06-05 15:24:07.422446284 +0800
+++ dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm    2014-06-05 15:41:37.746446314 +0800
+@@ -324,14 +324,53 @@
+     return $line;
+ }
+ 
+-# Strip timestamp
+-sub _strip_ts {
+-    my $header = shift;
+-
+-    # Tab is the official separator, it's always used when
+-    # filename contain spaces. Try it first, otherwise strip on space
+-    # if there's no tab
+-    $header =~ s/\s.*// unless ($header =~ s/\t.*//);
+my %ESCAPE = ((
+    'a' => "\a",
+    'b' => "\b",
+    'f' => "\f",
+    'n' => "\n",
+    'r' => "\r",
+    't' => "\t",
+    'v' => "\cK",
+    '\\' => '\\',
+    '"' => '"',
+), (
+    map { sprintf('%03o', $_) => chr($_) } (0..255)
+));
+
+sub _unescape {
+    my ($diff, $str) = @_;
+
+    if (exists $ESCAPE{$str}) {
+        return $ESCAPE{$str};
+    } else {
+        error(_g('diff %s patches file with unknown escape sequence \\%s'),
+              $diff, $str);
+    }
+}
+
+# Fetch the header filename ignoring the optional timestamp
+sub _fetch_filename {
+    my ($diff, $header) = @_;
+
+    # Strip any leading spaces.
+    $header =~ s/^\s+//;
+
+    # Is it a C-style string?
+    if ($header =~ m/^"/) {
+        $header =~ m/^"((?:[^\\"]|\\.)*)"/;
+        error(_g('diff %s patches file with unbalanced quote'), $diff)
+            unless defined $1;
+
+        $header = $1;
+        $header =~ s/\\([0-3][0-7]{2}|.)/_unescape($diff, $1)/eg;
+    } else {
+        # Tab is the official separator, it's always used when
+        # filename contain spaces. Try it first, otherwise strip on space
+        # if there's no tab
+        $header =~ s/\s.*// unless $header =~ s/\t.*//;
+    }
+
+     return $header;
+ }
+ 
+@@ -400,7 +439,7 @@
+        unless(s/^--- //) {
+            error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
+        }
+-        $path{old} = $_ = _strip_ts($_);
+       $path{old} = $_ = _fetch_filename($diff, $_);
+        $fn{old} = $_ if $_ ne '/dev/null' and s{^[^/]*/+}{$destdir/};
+        if (/\.dpkg-orig$/) {
+            error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
+@@ -412,7 +451,7 @@
+        unless (s/^\+\+\+ //) {
+            error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
+        }
+-        $path{new} = $_ = _strip_ts($_);
+       $path{new} = $_ = _fetch_filename($diff, $_);
+        $fn{new} = $_ if $_ ne '/dev/null' and s{^[^/]*/+}{$destdir/};
+ 
+        unless (defined $fn{old} or defined $fn{new}) {

diff --git a/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch new file mode 100644 index 0000000000..195d309506 --- /dev/null +++ b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471.patch
@@ -0,0 +1,97 @@
	1	dpkg: Security Advisory - CVE-2014-0471
	2
	3	commit a82651188476841d190c58693f95827d61959b51 upstream
	4
	5	Directory traversal vulnerability in the unpacking functionality in
	6	dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8
	7	allows remote attackers to write arbitrary files via a crafted source
	8	package, related to "C-style filename quoting."
	9
	10	Upstream-Status: Backport
	11
	12	Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
	13	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	14	===================================================
	15	diff -uarN dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm
	16	--- dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm 2014-06-05 15:24:07.422446284 +0800
	17	+++ dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm 2014-06-05 15:41:37.746446314 +0800
	18	@@ -324,14 +324,53 @@
	19	return $line;
	20	}
	21
	22	-# Strip timestamp
	23	-sub _strip_ts {
	24	- my $header = shift;
	25	-
	26	- # Tab is the official separator, it's always used when
	27	- # filename contain spaces. Try it first, otherwise strip on space
	28	- # if there's no tab
	29	- $header =~ s/\s.// unless ($header =~ s/\t.//);
	30	+my %ESCAPE = ((
	31	+ 'a' => "\a",
	32	+ 'b' => "\b",
	33	+ 'f' => "\f",
	34	+ 'n' => "\n",
	35	+ 'r' => "\r",
	36	+ 't' => "\t",
	37	+ 'v' => "\cK",
	38	+ '\\' => '\\',
	39	+ '"' => '"',
	40	+), (
	41	+ map { sprintf('%03o', $_) => chr($_) } (0..255)
	42	+));
	43	+
	44	+sub _unescape {
	45	+ my ($diff, $str) = @_;
	46	+
	47	+ if (exists $ESCAPE{$str}) {
	48	+ return $ESCAPE{$str};
	49	+ } else {
	50	+ error(_g('diff %s patches file with unknown escape sequence \\%s'),
	51	+ $diff, $str);
	52	+ }
	53	+}
	54	+
	55	+# Fetch the header filename ignoring the optional timestamp
	56	+sub _fetch_filename {
	57	+ my ($diff, $header) = @_;
	58	+
	59	+ # Strip any leading spaces.
	60	+ $header =~ s/^\s+//;
	61	+
	62	+ # Is it a C-style string?
	63	+ if ($header =~ m/^"/) {
	64	+ $header =~ m/^"((?:[^\\"]\|\\.)*)"/;
	65	+ error(_g('diff %s patches file with unbalanced quote'), $diff)
	66	+ unless defined $1;
	67	+
	68	+ $header = $1;
	69	+ $header =~ s/\\([0-3][0-7]{2}\|.)/_unescape($diff, $1)/eg;
	70	+ } else {
	71	+ # Tab is the official separator, it's always used when
	72	+ # filename contain spaces. Try it first, otherwise strip on space
	73	+ # if there's no tab
	74	+ $header =~ s/\s.// unless $header =~ s/\t.//;
	75	+ }
	76	+
	77	return $header;
	78	}
	79
	80	@@ -400,7 +439,7 @@
	81	unless(s/^--- //) {
	82	error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
	83	}
	84	- $path{old} = $_ = _strip_ts($_);
	85	+ $path{old} = $_ = _fetch_filename($diff, $_);
	86	$fn{old} = $_ if $_ ne '/dev/null' and s{^[^/]*/+}{$destdir/};
	87	if (/\.dpkg-orig$/) {
	88	error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
	89	@@ -412,7 +451,7 @@
	90	unless (s/^\+\+\+ //) {
	91	error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
	92	}
	93	- $path{new} = $_ = _strip_ts($_);
	94	+ $path{new} = $_ = _fetch_filename($diff, $_);
	95	$fn{new} = $_ if $_ ne '/dev/null' and s{^[^/]*/+}{$destdir/};
	96
	97	unless (defined $fn{old} or defined $fn{new}) {