aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-12-11 12:34:52 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-12-11 12:34:52 +0000
commit7902826268d6673814d5ffc58466abb6773da01c (patch)
treed676edfcf6da54883536a64e7461e1fa68b404a3 /main
parent3aa8dade2d1f5f2305e19a6b358c2387cad1e44e (diff)
downloadaports-7902826268d6673814d5ffc58466abb6773da01c.tar.bz2
aports-7902826268d6673814d5ffc58466abb6773da01c.tar.xz
main/busybox: fix a regression in udhcpc
The cve-2011-2716 fix introduced a regression. It was fixed upstream with: http://git.uclibc.org/busybox/commit/networking/udhcp/dhcpc.c?id=d2266d43bfe3cd9a40deb50dfe80ab679d2def0c ref #1346 (cherry picked from commit 6f1a6b214766d7214b117626dfb38ebb1943a24f) Conflicts: main/busybox/APKBUILD
Diffstat (limited to 'main')
-rw-r--r--main/busybox/APKBUILD4
-rw-r--r--main/busybox/CVE-2011-2716-2.patch23
2 files changed, 26 insertions, 1 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 39a34d4795..772281e298 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.18.4
-pkgrel=3
+pkgrel=4
_bbsuidver=0.6
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
@@ -17,6 +17,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
busybox-uname-is-not-gnu.patch
loginutils-sha512.patch
CVE-2011-2716.patch
+ CVE-2011-2716-2.patch
busyboxconfig"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -86,4 +87,5 @@ md5sums="b03c5b46ced732679e525a920a1a62f5 busybox-1.18.4.tar.bz2
b5375210f13fd6e1ca61a565e8fabd35 busybox-uname-is-not-gnu.patch
d21d70d590e9e04bfc65ecb23b9d1617 loginutils-sha512.patch
319e7773d612e8a98e1a1757c6adc303 CVE-2011-2716.patch
+f6a2b1e5443905744b76df1d1669d160 CVE-2011-2716-2.patch
7297e212d5e2a5517f770b4ad1f4654d busyboxconfig"
diff --git a/main/busybox/CVE-2011-2716-2.patch b/main/busybox/CVE-2011-2716-2.patch
new file mode 100644
index 0000000000..8787e88178
--- /dev/null
+++ b/main/busybox/CVE-2011-2716-2.patch
@@ -0,0 +1,23 @@
+From d2266d43bfe3cd9a40deb50dfe80ab679d2def0c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Sun, 22 Apr 2012 01:37:01 +0000
+Subject: udhcpc: fix improper size calculation for OPTION_STRING_HOST
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+(limited to 'networking/udhcp/dhcpc.c')
+
+diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
+index 2f2016c..ddb328d 100644
+--- a/networking/udhcp/dhcpc.c
++++ b/networking/udhcp/dhcpc.c
+@@ -101,6 +101,7 @@ static const uint8_t len_of_option_as_string[] = {
+ [OPTION_STATIC_ROUTES ] = sizeof("255.255.255.255/32 255.255.255.255 "),
+ [OPTION_6RD ] = sizeof("32 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 255.255.255.255 "),
+ [OPTION_STRING ] = 1,
++ [OPTION_STRING_HOST ] = 1,
+ #if ENABLE_FEATURE_UDHCP_RFC3397
+ [OPTION_DNS_STRING ] = 1, /* unused */
+ /* Hmmm, this severely overestimates size if SIP_SERVERS option
+--
+cgit v0.9.0.1-2-gef13