[kirkstone,05/30] busybox: fix CVE-2022-30065

Message ID	aacc1091d8d17b817c6ad1108d9ab44b234bc08e.1656876825.git.steve@sakoman.com
State	Accepted, archived
Commit	aacc1091d8d17b817c6ad1108d9ab44b234bc08e
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/30] busybox: fix CVE-2022-30065 Date: Sun, 3 Jul 2022 09:35:40 -1000 Message-Id: <aacc1091d8d17b817c6ad1108d9ab44b234bc08e.1656876825.git.steve@sakoman.com> In-Reply-To: <cover.1656876825.git.steve@sakoman.com> References: <cover.1656876825.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/30] unzip: Port debian fixes for two CVEs \| expand [kirkstone,01/30] unzip: Port debian fixes for two CVEs [kirkstone,02/30] ghostscript: fix CVE-2022-2085 [kirkstone,03/30] binutils : CVE-2019-1010204 [kirkstone,04/30] cups: ignore CVE-2022-26691 [kirkstone,05/30] busybox: fix CVE-2022-30065 [kirkstone,06/30] cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) [kirkstone,07/30] cve-check: hook cleanup to the BuildCompleted event, not CookerExit [kirkstone,08/30] wireless-regdb: upgrade 2022.04.08 -> 2022.06.06 [kirkstone,09/30] vim: 8.2.5083 -> 9.0.0005 [kirkstone,10/30] openssl: Upgrade 3.0.3 -> 3.0.4 [kirkstone,11/30] initramfs-framework: move storage mounts to actual rootfs [kirkstone,12/30] libffi: fix native build being not portable [kirkstone,13/30] wic: fix WicError message [kirkstone,14/30] perf: sort-pmuevents: really keep array terminators [kirkstone,15/30] kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set [kirkstone,16/30] insane.bbclass: host-user-contaminated: Correct per package home path [kirkstone,17/30] sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity [kirkstone,18/30] oeqa/sdk: drop the nativesdk-python 2.x test [kirkstone,19/30] base.bbclass: Correct the test for obsolete license exceptions [kirkstone,20/30] coreutils: Tweak packaging variable names for coreutils-dev [kirkstone,21/30] at: take tarballs from debian [kirkstone,22/30] rust: fix issue building cross-canadian tools for aarch64 on x86_64 [kirkstone,23/30] recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG [kirkstone,24/30] glibc-tests: not clear BBCLASSEXTEND [kirkstone,25/30] curl: backport openssl fix CN check error code [kirkstone,26/30] oeqa/runtime/scp: Disable scp test for dropbear [kirkstone,27/30] packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation [kirkstone,28/30] oe-selftest-image: Ensure the image has sftp as well as dropbear [kirkstone,29/30] openssh: break dependency on base package for -dev package [kirkstone,30/30] dropbear: break dependency on base package for -dev package

Message ID

aacc1091d8d17b817c6ad1108d9ab44b234bc08e.1656876825.git.steve@sakoman.com

State

Accepted, archived

Commit

aacc1091d8d17b817c6ad1108d9ab44b234bc08e

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/30] busybox: fix CVE-2022-30065
Date: Sun,  3 Jul 2022 09:35:40 -1000
Message-Id: 
 <aacc1091d8d17b817c6ad1108d9ab44b234bc08e.1656876825.git.steve@sakoman.com>
In-Reply-To: <cover.1656876825.git.steve@sakoman.com>
References: <cover.1656876825.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/30] unzip: Port debian fixes for two CVEs | expand

Commit Message

Steve Sakoman July 3, 2022, 7:35 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf3d981b0303eab91d4cb19092ac27b489c8ad27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2022-30065.patch      | 29 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-30065.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
new file mode 100644
index 0000000000..25ad653b25
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
@@ -0,0 +1,29 @@ 
+Fix use-after-free in awk.
+
+CVE: CVE-2022-30065
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+ 
+ 		case XC( OC_MOVE ):
+ 			debug_printf_eval("MOVE\n");
++			/* make sure that we never return a temp var */
++			if (L.v == TMPVAR0)
++				L.v = res;
+ 			/* if source is a temporary string, jusk relink it to dest */
+ 			if (R.v == TMPVAR1
+ 			 && !(R.v->type & VF_NUMBER)
+-- 
+2.36.1
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index f2f1b35902..edf896485e 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -49,6 +49,7 @@  SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
            file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
            file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
+           file://CVE-2022-30065.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "

[kirkstone,05/30] busybox: fix CVE-2022-30065

Commit Message

Patch