[OE-core] [PATCH] busybox: remove CVE-2014-9645 patch (already upstream in 1.23.x)
Andre McCurdy
armccurdy at gmail.com
Wed Apr 15 02:53:53 UTC 2015
The CVE-2014-9645 fix was merged in Busybox prior to the 1.23.0
release [1]. The fix was then reworked in Busybox 1.23.1, in such
a way that the original change was no longer required [2].
Although oe-core's CVE-2014-9645 patch still applies cleanly to
Busybox 1.23.1 and 1.23.2, applying it partially reverts the second
version of the upstream fix.
[1] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=4e314faa0aecb66717418e9a47a4451aec59262b
[2] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=1ecfe811fe2f70380170ef7d820e8150054e88ca
Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
---
..._busybox_reject_module_names_with_slashes.patch | 41 ----------------------
meta/recipes-core/busybox/busybox_1.23.2.bb | 1 -
2 files changed, 42 deletions(-)
delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
deleted file mode 100644
index 4e76067..0000000
--- a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-status: Backport
-http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
-
-CVE-2014-9645 fix.
-
-[YOCTO #7257]
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
-From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux at googlemail.com>
-Date: Thu, 20 Nov 2014 17:24:33 +0000
-Subject: modprobe,rmmod: reject module names with slashes
-
-function old new delta
-add_probe 86 113 +27
-
-Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
----
-Index: busybox-1.22.1/modutils/modprobe.c
-===================================================================
---- busybox-1.22.1.orig/modutils/modprobe.c
-+++ busybox-1.22.1/modutils/modprobe.c
-@@ -238,6 +238,17 @@ static void add_probe(const char *name)
- {
- struct module_entry *m;
-
-+ /*
-+ * get_or_add_modentry() strips path from name and works
-+ * on remaining basename.
-+ * This would make "rmmod dir/name" and "modprobe dir/name"
-+ * to work like "rmmod name" and "modprobe name",
-+ * which is wrong, and can be abused via implicit modprobing:
-+ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial.
-+ */
-+ if (strchr(name, '/'))
-+ bb_error_msg_and_die("malformed module name '%s'", name);
-+
- m = get_or_add_modentry(name);
- if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS))
- && (m->flags & MODULE_FLAG_LOADED)
diff --git a/meta/recipes-core/busybox/busybox_1.23.2.bb b/meta/recipes-core/busybox/busybox_1.23.2.bb
index 0af292d..b1b9032 100644
--- a/meta/recipes-core/busybox/busybox_1.23.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.23.2.bb
@@ -30,7 +30,6 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://login-utilities.cfg \
file://recognize_connmand.patch \
file://busybox-cross-menuconfig.patch \
- file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \
"
SRC_URI[tarball.md5sum] = "7925683d7dd105aabe9b6b618d48cc73"
--
1.9.1
More information about the Openembedded-core
mailing list