diff options
author | Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> | 2015-06-10 14:55:14 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-06-23 11:38:17 +0100 |
commit | 0a1f924157cb75d0f67cf534762c89dc8656d352 (patch) | |
tree | 909511762e2cf5aa1024c876e2e31fe9955ba934 | |
parent | f6478e8c73f9cfb79d1f7680b7bf3ff957eb51cb (diff) | |
download | openembedded-core-0a1f924157cb75d0f67cf534762c89dc8656d352.tar.gz openembedded-core-0a1f924157cb75d0f67cf534762c89dc8656d352.tar.bz2 openembedded-core-0a1f924157cb75d0f67cf534762c89dc8656d352.zip |
rpm: Fix CVE-2014-8118
Backport patch to fix CVE-2014-8118. Description is on [1] and
original patch taken from [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1168715
[2] https://bugzilla.redhat.com/attachment.cgi?id=962159
[YOCTO #7181]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch | 43 | ||||
-rw-r--r-- | meta/recipes-devtools/rpm/rpm_4.11.2.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch new file mode 100644 index 0000000000..bf1795ca49 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch @@ -0,0 +1,43 @@ +From 71c812edf1431a9967bd99ba6ffa6ab89eb7ec7c Mon Sep 17 00:00:00 2001 +From: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> +Date: Wed, 10 Jun 2015 12:56:55 +0000 +Subject: [PATCH 1/2] rpm: CVE-2014-8118 + +Upstream-Status: Backport + +Reference: +https://bugzilla.redhat.com/show_bug.cgi?id=1168715 + +Description: +It was found that RPM could encounter an integer overflow, +leading to a stack-based overflow, while parsing a crafted +CPIO header in the payload section of an RPM file. This could +allow an attacker to modify signed RPM files in such a way that +they would execute code chosen by the attacker during package +installation. + +Original Patch: +https://bugzilla.redhat.com/attachment.cgi?id=962159 + +Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> +--- + lib/cpio.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/cpio.c b/lib/cpio.c +index 382eeb6..74ddd9c 100644 +--- a/lib/cpio.c ++++ b/lib/cpio.c +@@ -296,6 +296,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, struct stat * st) + st->st_rdev = makedev(major, minor); + + GET_NUM_FIELD(hdr.namesize, nameSize); ++ if (nameSize <= 0 || nameSize > 4096) { ++ return CPIOERR_BAD_HEADER; ++ } + + *path = xmalloc(nameSize + 1); + read = Fread(*path, nameSize, 1, cpio->fd); +-- +1.8.4.5 + diff --git a/meta/recipes-devtools/rpm/rpm_4.11.2.bb b/meta/recipes-devtools/rpm/rpm_4.11.2.bb index 4e44bc4fec..7c402b6cfb 100644 --- a/meta/recipes-devtools/rpm/rpm_4.11.2.bb +++ b/meta/recipes-devtools/rpm/rpm_4.11.2.bb @@ -34,6 +34,7 @@ SRC_URI += "http://rpm.org/releases/rpm-4.11.x/${BP}.tar.bz2 \ file://fix_libdir.patch \ file://rpm-scriptetexechelp.patch \ file://pythondeps.sh \ + file://rpm-CVE-2014-8118.patch \ " SRC_URI[md5sum] = "876ac9948a88367054f8ddb5c0e87173" |