summaryrefslogtreecommitdiff
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorAndre McCurdy <armccurdy@gmail.com>2015-04-14 19:53:53 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-04-19 13:34:04 +0100
commita753d3d8884b96baad5ed1a03335a81586420b86 (patch)
tree8a20ae0bf834c94e0cc06cbd4cf4eb1d76885efc /meta/recipes-core
parenta40309f284805e8cda024f7299a676cfdf8f97a5 (diff)
downloadopenembedded-core-a753d3d8884b96baad5ed1a03335a81586420b86.tar.gz
openembedded-core-a753d3d8884b96baad5ed1a03335a81586420b86.tar.bz2
openembedded-core-a753d3d8884b96baad5ed1a03335a81586420b86.zip
busybox: remove CVE-2014-9645 patch (already upstream in 1.23.x)
The CVE-2014-9645 fix was merged in Busybox prior to the 1.23.0 release [1]. The fix was then reworked in Busybox 1.23.1, in such a way that the original change was no longer required [2]. Although oe-core's CVE-2014-9645 patch still applies cleanly to Busybox 1.23.1 and 1.23.2, applying it partially reverts the second version of the upstream fix. [1] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=4e314faa0aecb66717418e9a47a4451aec59262b [2] http://git.busybox.net/busybox/commit/modutils/modprobe.c?h=1_23_stable&id=1ecfe811fe2f70380170ef7d820e8150054e88ca Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch41
-rw-r--r--meta/recipes-core/busybox/busybox_1.23.2.bb1
2 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch b/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
deleted file mode 100644
index 4e76067b3c..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2014-9645_busybox_reject_module_names_with_slashes.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-status: Backport
-http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
-
-CVE-2014-9645 fix.
-
-[YOCTO #7257]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-From 4e314faa0aecb66717418e9a47a4451aec59262b Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Thu, 20 Nov 2014 17:24:33 +0000
-Subject: modprobe,rmmod: reject module names with slashes
-
-function old new delta
-add_probe 86 113 +27
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
-Index: busybox-1.22.1/modutils/modprobe.c
-===================================================================
---- busybox-1.22.1.orig/modutils/modprobe.c
-+++ busybox-1.22.1/modutils/modprobe.c
-@@ -238,6 +238,17 @@ static void add_probe(const char *name)
- {
- struct module_entry *m;
-
-+ /*
-+ * get_or_add_modentry() strips path from name and works
-+ * on remaining basename.
-+ * This would make "rmmod dir/name" and "modprobe dir/name"
-+ * to work like "rmmod name" and "modprobe name",
-+ * which is wrong, and can be abused via implicit modprobing:
-+ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial.
-+ */
-+ if (strchr(name, '/'))
-+ bb_error_msg_and_die("malformed module name '%s'", name);
-+
- m = get_or_add_modentry(name);
- if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS))
- && (m->flags & MODULE_FLAG_LOADED)
diff --git a/meta/recipes-core/busybox/busybox_1.23.2.bb b/meta/recipes-core/busybox/busybox_1.23.2.bb
index 0af292df6f..b1b90327dd 100644
--- a/meta/recipes-core/busybox/busybox_1.23.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.23.2.bb
@@ -30,7 +30,6 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://login-utilities.cfg \
file://recognize_connmand.patch \
file://busybox-cross-menuconfig.patch \
- file://CVE-2014-9645_busybox_reject_module_names_with_slashes.patch \
"
SRC_URI[tarball.md5sum] = "7925683d7dd105aabe9b6b618d48cc73"