diff --git a/backport-CVE-2021-42374.patch b/backport-CVE-2021-42374.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f28a3608440c4f05f42e4e75932839ca2c72ed5 --- /dev/null +++ b/backport-CVE-2021-42374.patch @@ -0,0 +1,59 @@ +From 78bd0d8e6153da378ddc9016b42e0fe1bf89a853 Mon Sep 17 00:00:00 2001 +From: jikui +Date: Mon, 22 Nov 2021 10:46:40 +0800 +Subject: [PATCH] busybox: fix CVE-2021-42374 + +backport from upstream: +https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 + +Signed-off-by: jikui +--- + archival/libarchive/decompress_unlzma.c | 5 ++++- + testsuite/unlzma.tests | 10 ++++++---- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index 668b016..57a5c4a 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate) + uint32_t pos; + + pos = buffer_pos - rep0; +- if ((int32_t)pos < 0) ++ if ((int32_t)pos < 0) { + pos += header.dict_size; ++ if ((int32_t)pos < 0) ++ goto bad; ++ } + match_byte = buffer[pos]; + do { + int bit; +diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests +index 0e98afe..8c120b1 100755 +--- a/testsuite/unlzma.tests ++++ b/testsuite/unlzma.tests +@@ -8,14 +8,16 @@ + + # Damaged encrypted streams + testing "unlzma (bad archive 1)" \ +- "unlzma /dev/null; echo \$?" \ +-"1 ++ "unlzma &1 >/dev/null; echo \$?" \ ++"unlzma: corrupted data ++1 + " "" "" + + # Damaged encrypted streams + testing "unlzma (bad archive 2)" \ +- "unlzma /dev/null; echo \$?" \ +-"1 ++ "unlzma &1 >/dev/null; echo \$?" \ ++"unlzma: corrupted data ++1 + " "" "" + + exit $FAILCOUNT +-- +2.25.1 + diff --git a/backport-CVE-2021-42377.patch b/backport-CVE-2021-42377.patch new file mode 100644 index 0000000000000000000000000000000000000000..2a511332566e4d68fa50f09fa7b6f10e562a3549 --- /dev/null +++ b/backport-CVE-2021-42377.patch @@ -0,0 +1,42 @@ +From 977939c73d94cc6752192e6956e0cced3e0f2989 Mon Sep 17 00:00:00 2001 +From: jikui +Date: Mon, 22 Nov 2021 16:36:26 +0800 +Subject: [PATCH] busybox: fix CVE-2021-42377 + +backport from upstream: +https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839 + +Signed-off-by: jikui +--- + shell/hush.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/shell/hush.c b/shell/hush.c +index 8d9ab24..08358c1 100644 +--- a/shell/hush.c ++++ b/shell/hush.c +@@ -3637,9 +3637,10 @@ static void debug_print_tree(struct pipe *pi, int lvl) + + pin = 0; + while (pi) { +- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n", ++ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n", + lvl*2, "", + pin, ++ pi->num_cmds, + (IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""), + RES[pi->res_word], + pi->followup, PIPE[pi->followup] +@@ -3782,6 +3783,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type) + #endif + /* Replace all pipes in ctx with one newly created */ + ctx->list_head = ctx->pipe = pi; ++ /* for case like "cmd && &", do not be tricked by last command ++ * being null - the entire {...} & is NOT null! */ ++ not_null = 1; + } else { + no_conv: + ctx->pipe->followup = type; +-- +2.25.1 + diff --git a/busybox.spec b/busybox.spec index 8995a9100c341592d7e9b1bfed0e21cb614ca072..6d2e668743375710855c63bf3621229a231dfbb5 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 7 +%define RELEASE 8 %endif Name: busybox @@ -21,6 +21,8 @@ Source3: busybox-dynamic.config Patch6000: backport-CVE-2018-1000500.patch Patch6001: backport-CVE-2021-28831.patch +Patch6002: backport-CVE-2021-42374.patch +Patch6003: backport-CVE-2021-42377.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -96,6 +98,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Mon Nov 22 2021 jikui - 1:1.31.1-8 +- Type:CVE +- Id:NA +- SUG:NA +- DESC: fix CVE-2021-42374 and CVE-2021-42377 + * Sat Apr 17 2021 leizhongkai - 1:1.31.1-7 - Type:CVE - Id:NA