diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2014-12-10 17:14:41 -0300 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2014-12-10 21:23:00 +0100 |
| commit | 4d980cd6a73e866b63949a76a9106689522e2e21 (patch) | |
| tree | a1b68739dfe246eb7e92f21a911ebfde6b15d267 /package/util-linux/util-linux-001-sscanf-no-ms-as.patch | |
| parent | 83b0d8f821a972aa85d003ab1b750dc8e184fe9d (diff) | |
| download | buildroot-4d980cd6a73e866b63949a76a9106689522e2e21.tar.gz buildroot-4d980cd6a73e866b63949a76a9106689522e2e21.zip | |
util-linux: add security patch for CVE-2014-9114
Fixes CVE-2014-9114 - command injection flaw in blkid.
See https://bugzilla.redhat.com/show_bug.cgi?id=1168485
Patch upstream.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/util-linux/util-linux-001-sscanf-no-ms-as.patch')
| -rw-r--r-- | package/util-linux/util-linux-001-sscanf-no-ms-as.patch | 175 |
1 files changed, 0 insertions, 175 deletions
diff --git a/package/util-linux/util-linux-001-sscanf-no-ms-as.patch b/package/util-linux/util-linux-001-sscanf-no-ms-as.patch deleted file mode 100644 index be2b0eb269..0000000000 --- a/package/util-linux/util-linux-001-sscanf-no-ms-as.patch +++ /dev/null @@ -1,175 +0,0 @@ -Fix libmount build under uClibc - -See https://bugs.gentoo.org/show_bug.cgi?id=406303 -http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/util-linux/files/util-linux-2.21.1-no-printf-alloc.patch?revision=1.2 - -[Gustavo: Ported to util-linux-2.25.1] - -Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> - -diff -Nura util-linux-2.25.1.orig/configure.ac util-linux-2.25.1/configure.ac ---- util-linux-2.25.1.orig/configure.ac 2014-09-05 10:44:45.302080174 -0300 -+++ util-linux-2.25.1/configure.ac 2014-09-05 10:45:07.183832640 -0300 -@@ -791,7 +791,6 @@ - UL_BUILD_INIT([libmount]) - UL_REQUIRES_LINUX([libmount]) - UL_REQUIRES_BUILD([libmount], [libblkid]) --UL_REQUIRES_HAVE([libmount], [scanf_alloc_modifier], [scanf string alloc modifier]) - AM_CONDITIONAL([BUILD_LIBMOUNT], [test "x$build_libmount" = xyes]) - AM_CONDITIONAL([BUILD_LIBMOUNT_TESTS], [test "x$build_libmount" = xyes -a "x$enable_static" = xyes]) - -diff -Nura util-linux-2.25.1.orig/lib/colors.c util-linux-2.25.1/lib/colors.c ---- util-linux-2.25.1.orig/lib/colors.c 2014-09-05 10:44:45.301080140 -0300 -+++ util-linux-2.25.1/lib/colors.c 2014-09-05 13:12:00.175205476 -0300 -@@ -16,6 +16,10 @@ - #include "pathnames.h" - #include "strutils.h" - -+#ifndef HAVE_SCANF_MS_MODIFIER -+# define UL_SCNsA "%s" -+#endif -+ - /* - * terminal-colors.d file types - */ -@@ -577,9 +581,19 @@ - if (*p == '\0' || *p == '#') - continue; - -+#ifndef HAVE_SCANF_MS_MODIFIER -+ size_t len = strlen(p) + 1; -+ cn = malloc(len); -+ seq = malloc(len); -+#endif -+ - rc = sscanf(p, UL_SCNsA" " /* name */ - UL_SCNsA, /* color */ -+#ifdef HAVE_SCANF_MS_MODIFIER - &cn, &seq); -+#else -+ cn, seq); -+#endif - if (rc == 2 && cn && seq) - rc = colors_add_scheme(cc, cn, seq); /* set rc=0 on success */ - if (rc) { -diff -Nura util-linux-2.25.1.orig/libmount/src/tab_parse.c util-linux-2.25.1/libmount/src/tab_parse.c ---- util-linux-2.25.1.orig/libmount/src/tab_parse.c 2014-09-05 10:44:45.276079280 -0300 -+++ util-linux-2.25.1/libmount/src/tab_parse.c 2014-09-05 10:51:22.500738967 -0300 -@@ -22,6 +22,10 @@ - #include "pathnames.h" - #include "strutils.h" - -+#ifndef HAVE_SCANF_MS_MODIFIER -+# define UL_SCNsA "%s" -+#endif -+ - static int next_number(char **s, int *num) - { - char *end = NULL; -@@ -52,16 +56,31 @@ - int rc, n = 0, xrc; - char *src = NULL, *fstype = NULL, *optstr = NULL; - -+#ifndef HAVE_SCANF_MS_MODIFIER -+ size_t len = strlen(s) + 1; -+ src = malloc(len); -+ fstype = malloc(len); -+ fs->target = malloc(len); -+ optstr = malloc(len); -+#endif -+ - rc = sscanf(s, UL_SCNsA" " /* (1) source */ - UL_SCNsA" " /* (2) target */ - UL_SCNsA" " /* (3) FS type */ - UL_SCNsA" " /* (4) options */ - "%n", /* byte count */ - -+#ifdef HAVE_SCANF_MS_MODIFIER - &src, - &fs->target, - &fstype, - &optstr, -+#else -+ src, -+ fs->target, -+ fstype, -+ optstr, -+#endif - &n); - xrc = rc; - -@@ -127,6 +146,16 @@ - unsigned int maj, min; - char *fstype = NULL, *src = NULL, *p; - -+#ifndef HAVE_SCANF_MS_MODIFIER -+ size_t len = strlen(s) + 1; -+ fs->root = malloc(len); -+ fs->target = malloc(len); -+ fs->vfs_optstr = malloc(len); -+ fs->fs_optstr = malloc(len); -+ fstype = malloc(len); -+ src = malloc(len); -+#endif -+ - rc = sscanf(s, "%d " /* (1) id */ - "%d " /* (2) parent */ - "%u:%u " /* (3) maj:min */ -@@ -138,9 +167,15 @@ - &fs->id, - &fs->parent, - &maj, &min, -+#ifdef HAVE_SCANF_MS_MODIFIER - &fs->root, - &fs->target, - &fs->vfs_optstr, -+#else -+ fs->root, -+ fs->target, -+ fs->vfs_optstr, -+#endif - &end); - - if (rc >= 7 && end > 0) -@@ -160,9 +195,15 @@ - UL_SCNsA" " /* (9) source */ - UL_SCNsA, /* (10) fs options (fs specific) */ - -+#ifdef HAVE_SCANF_MS_MODIFIER - &fstype, - &src, - &fs->fs_optstr); -+#else -+ fstype, -+ src, -+ fs->fs_optstr); -+#endif - - if (rc >= 10) { - size_t sz; -@@ -281,14 +322,25 @@ - int rc; - char *src = NULL; - -+#ifndef HAVE_SCANF_MS_MODIFIER -+ size_t len = strlen(s) + 1; -+ src = malloc(len); -+ fs->swaptype = malloc(len); -+#endif -+ - rc = sscanf(s, UL_SCNsA" " /* (1) source */ - UL_SCNsA" " /* (2) type */ - "%ju" /* (3) size */ - "%ju" /* (4) used */ - "%d", /* priority */ - -+#ifdef HAVE_SCANF_MS_MODIFIER - &src, - &fs->swaptype, -+#else -+ src, -+ fs->swaptype, -+#endif - &fsz, - &usz, - &fs->priority); |
