On Wed, 2015-04-29 at 12:43 -0700, Andre McCurdy wrote: > The CVE-2014-9645 fix was merged in Busybox prior to the 1.23.0 > release [1]. The fix was then reworked in Busybox 1.23.1, in such > a way that the original change was no longer required [2]. > > Although oe-core's CVE-2014-9645 patch still applies cleanly to > Busybox 1.23.1 and 1.23.2, applying it partially reverts the second > version of the upstream fix. > > [1] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_2 > 3_stable&id=4e314faa0aecb66717418e9a47a4451aec59262b > [2] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_2 > 3_stable&id=1ecfe811fe2f70380170ef7d820e8150054e88ca > > This is a fido (busybox 1.23.1) backport of the fix already in > oe-core master (busybox 1.23.2): > > http://git.openembedded.org/openembedded > -core/commit/?id=a753d3d8884b96baad5ed1a03335a81586420b86 > > Signed-off-by: Andre McCurdy <armccu...@gmail.com>
Thanks for the patch Andre, this is queued in my fido-next branch on poky-contrib[1]. Regards, Joshua 1. http://git.yoctoproject.org/cgit/cgit.cgi/poky -contrib/log/?h=joshuagl/fido-next > --- > ..._busybox_reject_module_names_with_slashes.patch | 41 ----------- > ----------- > meta/recipes-core/busybox/busybox_1.23.1.bb | 1 - > 2 files changed, 42 deletions(-) > delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2014 > -9645_busybox_reject_module_names_with_slashes.patch > > diff --git a/meta/recipes-core/busybox/busybox/CVE-2014 > -9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes > -core/busybox/busybox/CVE-2014 > -9645_busybox_reject_module_names_with_slashes.patch > deleted file mode 100644 > index 4e76067..0000000 > --- a/meta/recipes-core/busybox/busybox/CVE-2014 > -9645_busybox_reject_module_names_with_slashes.patch > +++ /dev/null > @@ -1,41 +0,0 @@ > -Upstream-status: Backport > -http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47 > a4451aec59262b > - > -CVE-2014-9645 fix. > - > -[YOCTO #7257] > - > -Signed-off-by: Armin Kuster <akus...@mvista.com> > - > -From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 > 2001 > -From: Denys Vlasenko <vda.li...@googlemail.com> > -Date: Thu, 20 Nov 2014 17:24:33 +0000 > -Subject: modprobe,rmmod: reject module names with slashes > - > -function old new > delta > -add_probe 86 113 > +27 > - > -Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> > ---- > -Index: busybox-1.22.1/modutils/modprobe.c > -=================================================================== > ---- busybox-1.22.1.orig/modutils/modprobe.c > -+++ busybox-1.22.1/modutils/modprobe.c > -@@ -238,6 +238,17 @@ static void add_probe(const char *name) > - { > - struct module_entry *m; > - > -+ /* > -+ * get_or_add_modentry() strips path from name and works > -+ * on remaining basename. > -+ * This would make "rmmod dir/name" and "modprobe dir/name" > -+ * to work like "rmmod name" and "modprobe name", > -+ * which is wrong, and can be abused via implicit > modprobing: > -+ * "ifconfig /usbserial up" tries to modprobe netdev > -/usbserial. > -+ */ > -+ if (strchr(name, '/')) > -+ bb_error_msg_and_die("malformed module name '%s'", > name); > -+ > - m = get_or_add_modentry(name); > - if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS)) > - && (m->flags & MODULE_FLAG_LOADED) > diff --git a/meta/recipes-core/busybox/busybox_1.23.1.bb > b/meta/recipes-core/busybox/busybox_1.23.1.bb > index 1742390..7c3ed84 100644 > --- a/meta/recipes-core/busybox/busybox_1.23.1.bb > +++ b/meta/recipes-core/busybox/busybox_1.23.1.bb > @@ -30,7 +30,6 @@ SRC_URI = " > http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ > file://login-utilities.cfg \ > file://recognize_connmand.patch \ > file://busybox-cross-menuconfig.patch \ > - file://CVE-2014 > -9645_busybox_reject_module_names_with_slashes.patch \ > " > > SRC_URI[tarball.md5sum] = "5c94d6301a964cd91619bd4d74605245" > -- > 1.9.1 > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
