diff options
| -rw-r--r-- | meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch | 68 | ||||
| -rw-r--r-- | meta/recipes-devtools/dpkg/dpkg_1.17.4.bb | 1 |
2 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch new file mode 100644 index 0000000000..e59c6661ea --- /dev/null +++ b/meta/recipes-devtools/dpkg/dpkg/dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch @@ -0,0 +1,68 @@ +dpkg: Security Advisory - CVE-2014-3127 + +commit a12eb58959d0a10584a428f4a3103a49204c410f upstream + +dpkg 1.15.9 on Debian squeeze introduces support for the "C-style +encoded filenames" feature without recognizing that the squeeze patch +program lacks this feature, which triggers an interaction error that +allows remote attackers to conduct directory traversal attacks and +modify files outside of the intended directories via a crafted source +package. + +NOTE: this can be considered a release engineering problem in the +effort to fix CVE-2014-0471. + +Upstream-Status: Backport + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +===================================================== +diff -uarN dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm +--- dpkg-1.17.1-org/scripts/Dpkg/Source/Patch.pm 2014-06-05 16:32:41.765446564 +0800 ++++ dpkg-1.17.1/scripts/Dpkg/Source/Patch.pm 2014-06-05 16:37:21.461446359 +0800 +@@ -324,31 +324,6 @@ + return $line; + } + +-my %ESCAPE = (( +- 'a' => "\a", +- 'b' => "\b", +- 'f' => "\f", +- 'n' => "\n", +- 'r' => "\r", +- 't' => "\t", +- 'v' => "\cK", +- '\\' => '\\', +- '"' => '"', +-), ( +- map { sprintf('%03o', $_) => chr($_) } (0..255) +-)); +- +-sub _unescape { +- my ($diff, $str) = @_; +- +- if (exists $ESCAPE{$str}) { +- return $ESCAPE{$str}; +- } else { +- error(_g('diff %s patches file with unknown escape sequence \\%s'), +- $diff, $str); +- } +-} +- + # Fetch the header filename ignoring the optional timestamp + sub _fetch_filename { + my ($diff, $header) = @_; +@@ -358,12 +333,7 @@ + + # Is it a C-style string? + if ($header =~ m/^"/) { +- $header =~ m/^"((?:[^\\"]|\\.)*)"/; +- error(_g('diff %s patches file with unbalanced quote'), $diff) +- unless defined $1; +- +- $header = $1; +- $header =~ s/\\([0-3][0-7]{2}|.)/_unescape($diff, $1)/eg; ++ error(_g('diff %s patches file with C-style encoded filename'), $diff); + } else { + # Tab is the official separator, it's always used when + # filename contain spaces. Try it first, otherwise strip on space diff --git a/meta/recipes-devtools/dpkg/dpkg_1.17.4.bb b/meta/recipes-devtools/dpkg/dpkg_1.17.4.bb index 48e13948f0..83526f3c96 100644 --- a/meta/recipes-devtools/dpkg/dpkg_1.17.4.bb +++ b/meta/recipes-devtools/dpkg/dpkg_1.17.4.bb @@ -13,6 +13,7 @@ SRC_URI += "file://noman.patch \ file://glibc2.5-sync_file_range.patch \ file://no-vla-warning.patch \ file://dpkg-1.17.4-CVE-2014-0471.patch \ + file://dpkg-1.17.4-CVE-2014-0471-CVE-2014-3127.patch \ " SRC_URI[md5sum] = "cc25086e1e3bd9512a95f14cfe9002e1" |