Projects
openEuler:20.03:LTS:SP3
busybox
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm_kernel_repo:busybox.spec
Changed
@@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 7 +%define RELEASE 8 %endif Name: busybox @@ -21,6 +21,8 @@ Patch6000: backport-CVE-2018-1000500.patch Patch6001: backport-CVE-2021-28831.patch +Patch6002: backport-CVE-2021-42374.patch +Patch6003: backport-CVE-2021-42377.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -96,6 +98,12 @@ %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Mon Nov 22 2021 jikui<jikui2@huawei.com> - 1:1.31.1-8 +- Type:CVE +- Id:NA +- SUG:NA +- DESC: fix CVE-2021-42374 and CVE-2021-42377 + * Sat Apr 17 2021 leizhongkai<leizhongkai@huawei.com> - 1:1.31.1-7 - Type:CVE - Id:NA
View file
_service:tar_scm_kernel_repo:backport-CVE-2021-42374.patch
Added
@@ -0,0 +1,59 @@ +From 78bd0d8e6153da378ddc9016b42e0fe1bf89a853 Mon Sep 17 00:00:00 2001 +From: jikui <jikui2@huawei.com> +Date: Mon, 22 Nov 2021 10:46:40 +0800 +Subject: [PATCH] busybox: fix CVE-2021-42374 + +backport from upstream: +https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 + +Signed-off-by: jikui <jikui2@huawei.com> +--- + archival/libarchive/decompress_unlzma.c | 5 ++++- + testsuite/unlzma.tests | 10 ++++++---- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index 668b016..57a5c4a 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate) + uint32_t pos; + + pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ if ((int32_t)pos < 0) ++ goto bad; ++ } + match_byte = buffer[pos]; + do { + int bit; +diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests +index 0e98afe..8c120b1 100755 +--- a/testsuite/unlzma.tests ++++ b/testsuite/unlzma.tests +@@ -8,14 +8,16 @@ + + # Damaged encrypted streams + testing "unlzma (bad archive 1)" \ +- "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \ +-"1 ++ "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \ ++"unlzma: corrupted data ++1 + " "" "" + + # Damaged encrypted streams + testing "unlzma (bad archive 2)" \ +- "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \ +-"1 ++ "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \ ++"unlzma: corrupted data ++1 + " "" "" + + exit $FAILCOUNT +-- +2.25.1 +
View file
_service:tar_scm_kernel_repo:backport-CVE-2021-42377.patch
Added
@@ -0,0 +1,42 @@ +From 977939c73d94cc6752192e6956e0cced3e0f2989 Mon Sep 17 00:00:00 2001 +From: jikui <jikui2@huawei.com> +Date: Mon, 22 Nov 2021 16:36:26 +0800 +Subject: [PATCH] busybox: fix CVE-2021-42377 + +backport from upstream: +https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839 + +Signed-off-by: jikui <jikui2@huawei.com> +--- + shell/hush.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/shell/hush.c b/shell/hush.c +index 8d9ab24..08358c1 100644 +--- a/shell/hush.c ++++ b/shell/hush.c +@@ -3637,9 +3637,10 @@ static void debug_print_tree(struct pipe *pi, int lvl) + + pin = 0; + while (pi) { +- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n", ++ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n", + lvl*2, "", + pin, ++ pi->num_cmds, + (IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""), + RES[pi->res_word], + pi->followup, PIPE[pi->followup] +@@ -3782,6 +3783,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type) + #endif + /* Replace all pipes in ctx with one newly created */ + ctx->list_head = ctx->pipe = pi; ++ /* for case like "cmd && &", do not be tricked by last command ++ * being null - the entire {...} & is NOT null! */ ++ not_null = 1; + } else { + no_conv: + ctx->pipe->followup = type; +-- +2.25.1 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.