mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-19 13:48:06 +00:00
busybox: v1.25.0 upstream patches
Include upstream patches for gzip, ip & ntpd. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This commit is contained in:
parent
edbc8fec8a
commit
78ae7d8efd
30
package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch
Normal file
30
package/utils/busybox/patches/000-busybox-1.25.0-gzip.patch
Normal file
@ -0,0 +1,30 @@
|
||||
gzip: fix compression level bug. Closes 9131
|
||||
fix broken logic to get the gzip_level_config value from options -1 to
|
||||
-9.
|
||||
|
||||
This fixes an off-by-one bug that caused gzip -9 output bigger files
|
||||
than the other compression levels.
|
||||
|
||||
It fixes so that compression level 1 to 3 are actually mapped to level 4
|
||||
as comments say.
|
||||
|
||||
It also fixes that levels -4 to -9 is mapped to correct level and avoids
|
||||
out-of-bounds access.
|
||||
|
||||
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
|
||||
--- a/archival/gzip.c
|
||||
+++ b/archival/gzip.c
|
||||
@@ -2220,10 +2220,7 @@ int gzip_main(int argc UNUSED_PARAM, cha
|
||||
opt >>= ENABLE_GUNZIP ? 7 : 5; /* drop cfv[dt]qn bits */
|
||||
if (opt == 0)
|
||||
opt = 1 << 6; /* default: 6 */
|
||||
- /* Map 1..3 to 4 */
|
||||
- if (opt & 0x7)
|
||||
- opt |= 1 << 4;
|
||||
- opt = ffs(opt >> 3);
|
||||
+ opt = ffs(opt >> 4); /* Maps -1..-4 to [0], -5 to [1] ... -9 to [5] */
|
||||
max_chain_length = 1 << gzip_level_config[opt].chain_shift;
|
||||
good_match = gzip_level_config[opt].good;
|
||||
max_lazy_match = gzip_level_config[opt].lazy2 * 2;
|
17
package/utils/busybox/patches/000-busybox-1.25.0-ip.patch
Normal file
17
package/utils/busybox/patches/000-busybox-1.25.0-ip.patch
Normal file
@ -0,0 +1,17 @@
|
||||
ip: fix an improper optimization: req.r.rtm_scope may be nonzero here
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
|
||||
--- a/networking/libiproute/iproute.c
|
||||
+++ b/networking/libiproute/iproute.c
|
||||
@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,)
|
||||
req.r.rtm_scope = RT_SCOPE_NOWHERE;
|
||||
|
||||
if (cmd != RTM_DELROUTE) {
|
||||
+ req.r.rtm_scope = RT_SCOPE_UNIVERSE;
|
||||
if (RTPROT_BOOT != 0)
|
||||
req.r.rtm_protocol = RTPROT_BOOT;
|
||||
- if (RT_SCOPE_UNIVERSE != 0)
|
||||
- req.r.rtm_scope = RT_SCOPE_UNIVERSE;
|
||||
if (RTN_UNICAST != 0)
|
||||
req.r.rtm_type = RTN_UNICAST;
|
||||
}
|
28
package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch
Normal file
28
package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch
Normal file
@ -0,0 +1,28 @@
|
||||
ntpd: respond only to client and symmetric active packets
|
||||
The busybox NTP implementation doesn't check the NTP mode of packets
|
||||
received on the server port and responds to any packet with the right
|
||||
size. This includes responses from another NTP server. An attacker can
|
||||
send a packet with a spoofed source address in order to create an
|
||||
infinite loop of responses between two busybox NTP servers. Adding
|
||||
more packets to the loop increases the traffic between the servers
|
||||
until one of them has a fully loaded CPU and/or network.
|
||||
|
||||
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
|
||||
--- a/networking/ntpd.c
|
||||
+++ b/networking/ntpd.c
|
||||
@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int f
|
||||
goto bail;
|
||||
}
|
||||
|
||||
+ /* Respond only to client and symmetric active packets */
|
||||
+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
|
||||
+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
|
||||
+ ) {
|
||||
+ goto bail;
|
||||
+ }
|
||||
+
|
||||
query_status = msg.m_status;
|
||||
query_xmttime = msg.m_xmttime;
|
||||
|
Loading…
Reference in New Issue
Block a user