[source] busybox: v1.25.0 upstream patches

LEDE Commits lede-commits at lists.infradead.org
Tue Sep 27 09:21:09 PDT 2016 

blogic pushed a commit to source.git, branch master:
https://git.lede-project.org/78ae7d8efda344075c7991c731afdbd47ae1cee9

commit 78ae7d8efda344075c7991c731afdbd47ae1cee9
Author: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
AuthorDate: Wed Sep 21 20:02:01 2016 +0100

    busybox: v1.25.0 upstream patches
    
    Include upstream patches for gzip, ip & ntpd.
    
    Signed-off-by: Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>
---
 .../busybox/patches/000-busybox-1.25.0-gzip.patch  | 30 ++++++++++++++++++++++
 .../busybox/patches/000-busybox-1.25.0-ip.patch    | 17 ++++++++++++
 .../busybox/patches/000-busybox-1.25.0-ntpd.patch  | 28 ++++++++++++++++++++
 3 files changed, 75 insertions(+)

diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch b/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch
new file mode 100644
index 0000000..7110f8d
--- /dev/null
+++ b/package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch
@@ -0,0 +1,30 @@
+gzip: fix compression level bug. Closes 9131
+fix broken logic to get the gzip_level_config value from options -1 to
+-9.
+
+This fixes an off-by-one bug that caused gzip -9 output bigger files
+than the other compression levels.
+
+It fixes so that compression level 1 to 3 are actually mapped to level 4
+as comments say.
+
+It also fixes that levels -4 to -9 is mapped to correct level and avoids
+out-of-bounds access.
+
+Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+
+--- a/archival/gzip.c
++++ b/archival/gzip.c
+@@ -2220,10 +2220,7 @@ int gzip_main(int argc UNUSED_PARAM, cha
+ 	opt >>= ENABLE_GUNZIP ? 7 : 5; /* drop cfv[dt]qn bits */
+ 	if (opt == 0)
+ 		opt = 1 << 6; /* default: 6 */
+-	/* Map 1..3 to 4 */
+-	if (opt & 0x7)
+-		opt |= 1 << 4;
+-	opt = ffs(opt >> 3);
++	opt = ffs(opt >> 4); /* Maps -1..-4 to [0], -5 to [1] ... -9 to [5] */
+ 	max_chain_length = 1 << gzip_level_config[opt].chain_shift;
+ 	good_match	 = gzip_level_config[opt].good;
+ 	max_lazy_match	 = gzip_level_config[opt].lazy2 * 2;
diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch b/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch
new file mode 100644
index 0000000..50cd775
--- /dev/null
+++ b/package/utils/busybox/patches/000-busybox-1.25.0-ip.patch
@@ -0,0 +1,17 @@
+ip: fix an improper optimization: req.r.rtm_scope may be nonzero here
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+
+--- a/networking/libiproute/iproute.c
++++ b/networking/libiproute/iproute.c
+@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,)
+ 		req.r.rtm_scope = RT_SCOPE_NOWHERE;
+ 
+ 	if (cmd != RTM_DELROUTE) {
++		req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ 		if (RTPROT_BOOT != 0)
+ 			req.r.rtm_protocol = RTPROT_BOOT;
+-		if (RT_SCOPE_UNIVERSE != 0)
+-			req.r.rtm_scope = RT_SCOPE_UNIVERSE;
+ 		if (RTN_UNICAST != 0)
+ 			req.r.rtm_type = RTN_UNICAST;
+ 	}
diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch
new file mode 100644
index 0000000..0eb887d
--- /dev/null
+++ b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch
@@ -0,0 +1,28 @@
+ntpd: respond only to client and symmetric active packets
+The busybox NTP implementation doesn't check the NTP mode of packets
+received on the server port and responds to any packet with the right
+size. This includes responses from another NTP server. An attacker can
+send a packet with a spoofed source address in order to create an
+infinite loop of responses between two busybox NTP servers. Adding
+more packets to the loop increases the traffic between the servers
+until one of them has a fully loaded CPU and/or network.
+
+Signed-off-by: Miroslav Lichvar <mlichvar at redhat.com>
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+
+--- a/networking/ntpd.c
++++ b/networking/ntpd.c
+@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int f
+ 		goto bail;
+ 	}
+ 
++	/* Respond only to client and symmetric active packets */
++	if ((msg.m_status & MODE_MASK) != MODE_CLIENT
++	 && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
++	) {
++		goto bail;
++	}
++
+ 	query_status = msg.m_status;
+ 	query_xmttime = msg.m_xmttime;
+

More information about the lede-commits mailing list