diff options
author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> | 2016-09-21 20:02:01 +0100 |
---|---|---|
committer | John Crispin <john@phrozen.org> | 2016-09-27 17:50:22 +0200 |
commit | 78ae7d8efda344075c7991c731afdbd47ae1cee9 (patch) | |
tree | 43539cb8d9b71a14ed0a82137bbd34ae2a8a001d /package/utils/busybox | |
parent | edbc8fec8a9747a746fc321e97d9b96f7e95fa7e (diff) | |
download | upstream-78ae7d8efda344075c7991c731afdbd47ae1cee9.tar.gz upstream-78ae7d8efda344075c7991c731afdbd47ae1cee9.tar.bz2 upstream-78ae7d8efda344075c7991c731afdbd47ae1cee9.zip |
busybox: v1.25.0 upstream patches
Include upstream patches for gzip, ip & ntpd.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/utils/busybox')
3 files changed, 75 insertions, 0 deletions
diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch b/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch new file mode 100644 index 0000000000..7110f8d2c5 --- /dev/null +++ b/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch @@ -0,0 +1,30 @@ +gzip: fix compression level bug. Closes 9131 +fix broken logic to get the gzip_level_config value from options -1 to +-9. + +This fixes an off-by-one bug that caused gzip -9 output bigger files +than the other compression levels. + +It fixes so that compression level 1 to 3 are actually mapped to level 4 +as comments say. + +It also fixes that levels -4 to -9 is mapped to correct level and avoids +out-of-bounds access. + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +--- a/archival/gzip.c ++++ b/archival/gzip.c +@@ -2220,10 +2220,7 @@ int gzip_main(int argc UNUSED_PARAM, cha + opt >>= ENABLE_GUNZIP ? 7 : 5; /* drop cfv[dt]qn bits */ + if (opt == 0) + opt = 1 << 6; /* default: 6 */ +- /* Map 1..3 to 4 */ +- if (opt & 0x7) +- opt |= 1 << 4; +- opt = ffs(opt >> 3); ++ opt = ffs(opt >> 4); /* Maps -1..-4 to [0], -5 to [1] ... -9 to [5] */ + max_chain_length = 1 << gzip_level_config[opt].chain_shift; + good_match = gzip_level_config[opt].good; + max_lazy_match = gzip_level_config[opt].lazy2 * 2; diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch b/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch new file mode 100644 index 0000000000..50cd77509e --- /dev/null +++ b/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch @@ -0,0 +1,17 @@ +ip: fix an improper optimization: req.r.rtm_scope may be nonzero here +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +--- a/networking/libiproute/iproute.c ++++ b/networking/libiproute/iproute.c +@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,) + req.r.rtm_scope = RT_SCOPE_NOWHERE; + + if (cmd != RTM_DELROUTE) { ++ req.r.rtm_scope = RT_SCOPE_UNIVERSE; + if (RTPROT_BOOT != 0) + req.r.rtm_protocol = RTPROT_BOOT; +- if (RT_SCOPE_UNIVERSE != 0) +- req.r.rtm_scope = RT_SCOPE_UNIVERSE; + if (RTN_UNICAST != 0) + req.r.rtm_type = RTN_UNICAST; + } diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch new file mode 100644 index 0000000000..0eb887d23c --- /dev/null +++ b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch @@ -0,0 +1,28 @@ +ntpd: respond only to client and symmetric active packets +The busybox NTP implementation doesn't check the NTP mode of packets +received on the server port and responds to any packet with the right +size. This includes responses from another NTP server. An attacker can +send a packet with a spoofed source address in order to create an +infinite loop of responses between two busybox NTP servers. Adding +more packets to the loop increases the traffic between the servers +until one of them has a fully loaded CPU and/or network. + +Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> + +--- a/networking/ntpd.c ++++ b/networking/ntpd.c +@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int f + goto bail; + } + ++ /* Respond only to client and symmetric active packets */ ++ if ((msg.m_status & MODE_MASK) != MODE_CLIENT ++ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT ++ ) { ++ goto bail; ++ } ++ + query_status = msg.m_status; + query_xmttime = msg.m_xmttime; + |