aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/busybox-1.24.1-unzip-regression.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-03-22 11:39:58 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-03-22 11:43:05 +0000
commit6ad5097ddbca9754f6a9aa3833090534baff76a6 (patch)
tree62def94fdc4971425ab9bc7da37c2fa50d737045 /main/busybox/busybox-1.24.1-unzip-regression.patch
parentce1b9f834595b6c8853588d9fbb58a1988320936 (diff)
downloadaports-6ad5097ddbca9754f6a9aa3833090534baff76a6.tar.bz2
aports-6ad5097ddbca9754f6a9aa3833090534baff76a6.tar.xz
main/busybox: upgrade to 1.24.2, fix CVE-2016-2147,CVE-2016-2148
Diffstat (limited to 'main/busybox/busybox-1.24.1-unzip-regression.patch')
-rw-r--r--main/busybox/busybox-1.24.1-unzip-regression.patch135
1 files changed, 0 insertions, 135 deletions
diff --git a/main/busybox/busybox-1.24.1-unzip-regression.patch b/main/busybox/busybox-1.24.1-unzip-regression.patch
deleted file mode 100644
index 58d7b7c6bb..0000000000
--- a/main/busybox/busybox-1.24.1-unzip-regression.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 30 Oct 2015 23:41:53 +0100
-Subject: [PATCH] [g]unzip: fix recent breakage.
-
-Also, do emit error message we so painstakingly pass from gzip internals
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
- testsuite/unzip.tests | 1 +
- 2 files changed, 22 insertions(+), 12 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index c76fd31..357c9bf 100644
---- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
- huft_t *q; /* points to current table */
- huft_t r; /* table entry for structure assignment */
- huft_t *u[BMAX]; /* table stack */
-- unsigned v[N_MAX]; /* values in order of bit length */
-- unsigned v_end;
-+ unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
- int ws[BMAX + 1]; /* bits decoded stack */
- int w; /* bits decoded */
- unsigned x[BMAX + 1]; /* bit offsets, then code stack */
-@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
- *xp++ = j;
- }
-
-- /* Make a table of values in order of bit lengths */
-+ /* Make a table of values in order of bit lengths.
-+ * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
-+ * In particular, last v[i] is never filled and must not be accessed.
-+ */
-+ memset(v, 0xff, sizeof(v));
- p = b;
- i = 0;
-- v_end = 0;
- do {
- j = *p++;
- if (j != 0) {
- v[x[j]++] = i;
-- v_end = x[j];
- }
- } while (++i < n);
-
-@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
-
- /* set up table entry in r */
- r.b = (unsigned char) (k - w);
-- if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
-+ if (/*p >= v + n || -- redundant, caught by the second check: */
-+ *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
-+ ) {
- r.e = 99; /* out of values--invalid code */
- } else if (*p < s) {
- r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
-@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
- e = t->e;
- if (e > 16)
- do {
-- if (e == 99)
-- abort_unzip(PASS_STATE_ONLY);;
-+ if (e == 99) {
-+ abort_unzip(PASS_STATE_ONLY);
-+ }
- bb >>= t->b;
- k -= t->b;
- e -= 16;
-@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
- e = t->e;
- if (e > 16)
- do {
-- if (e == 99)
-+ if (e == 99) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
- bb >>= t->b;
- k -= t->b;
- e -= 16;
-@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
-
- b_dynamic >>= 4;
- k_dynamic -= 4;
-- if (nl > 286 || nd > 30)
-+ if (nl > 286 || nd > 30) {
- abort_unzip(PASS_STATE_ONLY); /* bad lengths */
-+ }
-
- /* read in bit-length-code lengths */
- for (j = 0; j < nb; j++) {
-@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
- bl = lbits;
-
- i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
-- if (i != 0)
-+ if (i != 0) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
- bd = dbits;
- i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
-- if (i != 0)
-+ if (i != 0) {
- abort_unzip(PASS_STATE_ONLY);
-+ }
-
- /* set up data for inflate_codes() */
- inflate_codes_setup(PASS_STATE bl, bd);
-@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
- error_msg = "corrupted data";
- if (setjmp(error_jmp)) {
- /* Error from deep inside zip machinery */
-+ bb_error_msg(error_msg);
- n = -1;
- goto ret;
- }
-diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
-index ca0a458..d8738a3 100755
---- a/testsuite/unzip.tests
-+++ b/testsuite/unzip.tests
-@@ -34,6 +34,7 @@ rm foo.zip
- testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
- "Archive: bad.zip
- inflating: ]3j½r«IK-%Ix
-+unzip: corrupted data
- unzip: inflate error
- 1
- " \
---
-2.6.2
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 21:07:46 +0000