From 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd Mon Sep 17 00:00:00 2001 From: ToshikazuOhiwa Date: Mon, 30 Mar 2020 09:24:26 +0900 Subject: agl-basesystem --- .../bzip2/bzip2-1.0.6/CVE-2016-3189.patch | 18 +++++ .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 33 +++++++++ .../recipes-extended/bzip2/bzip2-1.0.6/Makefile.am | 73 +++++++++++++++++++ .../bzip2/bzip2-1.0.6/configure.ac | 11 +++ ...bunzip2-qt-returns-0-for-corrupt-archives.patch | 55 +++++++++++++++ .../fix-regression-CVE-2019-12900.patch | 82 ++++++++++++++++++++++ .../recipes-extended/bzip2/bzip2-1.0.6/run-ptest | 2 + .../meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 47 +++++++++++++ 8 files changed, 321 insertions(+) create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest create mode 100644 external/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb (limited to 'external/poky/meta/recipes-extended/bzip2') diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch new file mode 100644 index 00000000..1d0c3a6d --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch @@ -0,0 +1,18 @@ +Upstream-Status: Backport +https://bugzilla.suse.com/attachment.cgi?id=681334 + +CVE: CVE-2016-3189 +Signed-off-by: Armin Kuster + +Index: bzip2-1.0.6/bzip2recover.c +=================================================================== +--- bzip2-1.0.6.orig/bzip2recover.c ++++ bzip2-1.0.6/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 00000000..98416448 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,33 @@ +From 11e1fac27eb8a3076382200736874c78e09b75d6 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is + UChar selectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access + +Fixes out of bounds access discovered while fuzzying karchive +CVE: CVE-2019-12900 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal + +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index 311f566..b6e0a29 100644 +--- a/decompress.c ++++ b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am new file mode 100644 index 00000000..dcf64584 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am @@ -0,0 +1,73 @@ + +lib_LTLIBRARIES = libbz2.la +libbz2_la_LDFLAGS = -version-info 1:6:0 + +libbz2_la_SOURCES = blocksort.c \ + huffman.c \ + crctable.c \ + randtable.c \ + compress.c \ + decompress.c \ + bzlib.c + +bin_PROGRAMS = bzip2 bzip2recover + +bzip2_SOURCES = bzip2.c +bzip2_LDADD = libbz2.la +bzip2_DEPENDENCIES = libbz2.la + +include_HEADERS = bzlib.h + +bzip2recover_SOURCES = bzip2recover.c +bzip2recover_LDADD = libbz2.la +bzip2recover_DEPENDENCIES = libbz2.la + +bin_SCRIPTS = bzgrep bzmore bzdiff + +man_MANS = bzip2.1 bzgrep.1 bzmore.1 bzdiff.1 +EXTRA_DIST = $(man_MANS) + +runtest: + ./bzip2 -1 < sample1.ref > sample1.rb2 + ./bzip2 -2 < sample2.ref > sample2.rb2 + ./bzip2 -3 < sample3.ref > sample3.rb2 + ./bzip2 -d < sample1.bz2 > sample1.tst + ./bzip2 -d < sample2.bz2 > sample2.tst + ./bzip2 -ds < sample3.bz2 > sample3.tst + @if cmp sample1.bz2 sample1.rb2; then echo "PASS: sample1 compress";\ + else echo "FAIL: sample1 compress"; fi + @if cmp sample2.bz2 sample2.rb2; then echo "PASS: sample2 compress";\ + else echo "FAIL: sample2 compress"; fi + @if cmp sample3.bz2 sample3.rb2; then echo "PASS: sample3 compress";\ + else echo "FAIL: sample3 compress"; fi + @if cmp sample1.tst sample1.ref; then echo "PASS: sample1 decompress";\ + else echo "FAIL: sample1 decompress"; fi + @if cmp sample2.tst sample2.ref; then echo "PASS: sample2 decompress";\ + else echo "FAIL: sample2 decompress"; fi + @if cmp sample3.tst sample3.ref; then echo "PASS: sample3 decompress";\ + else echo "FAIL: sample3 decompress"; fi + +install-ptest: + sed -n '/^runtest:/,/^install-ptest:/{/^install-ptest:/!p}' \ + $(srcdir)/Makefile.am > $(DESTDIR)/Makefile + cp $(srcdir)/sample1.ref $(DESTDIR)/ + cp $(srcdir)/sample2.ref $(DESTDIR)/ + cp $(srcdir)/sample3.ref $(DESTDIR)/ + cp $(srcdir)/sample1.bz2 $(DESTDIR)/ + cp $(srcdir)/sample2.bz2 $(DESTDIR)/ + cp $(srcdir)/sample3.bz2 $(DESTDIR)/ + ln -s $(bindir)/bzip2 $(DESTDIR)/bzip2 + +install-exec-hook: + ln -s $(bindir)/bzip2$(EXEEXT) $(DESTDIR)$(bindir)/bunzip2$(EXEEXT) + ln -s $(bindir)/bzip2$(EXEEXT) $(DESTDIR)$(bindir)/bzcat$(EXEEXT) + ln -s $(bindir)/bzgrep$(EXEEXT) $(DESTDIR)$(bindir)/bzegrep$(EXEEXT) + ln -s $(bindir)/bzgrep$(EXEEXT) $(DESTDIR)$(bindir)/bzfgrep$(EXEEXT) + ln -s $(bindir)/bzmore$(EXEEXT) $(DESTDIR)$(bindir)/bzless$(EXEEXT) + ln -s $(bindir)/bzdiff$(EXEEXT) $(DESTDIR)$(bindir)/bzcmp$(EXEEXT) + +install-data-hook: + echo ".so man1/bzgrep.1" > $(DESTDIR)$(mandir)/man1/bzegrep.1 + echo ".so man1/bzgrep.1" > $(DESTDIR)$(mandir)/man1/bzfgrep.1 + echo ".so man1/bzmore.1" > $(DESTDIR)$(mandir)/man1/bzless.1 + echo ".so man1/bzdiff.1" > $(DESTDIR)$(mandir)/man1/bzcmp.1 diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac new file mode 100644 index 00000000..e2bf1bf1 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac @@ -0,0 +1,11 @@ +AC_PREREQ([2.57]) + +AC_INIT(bzip2, 1.0.6) +AM_INIT_AUTOMAKE(foreign) +AM_MAINTAINER_MODE + +AC_PROG_CC +AC_PROG_LIBTOOL + +AC_OUTPUT([Makefile]) + diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch new file mode 100644 index 00000000..ece90d94 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch @@ -0,0 +1,55 @@ +From 8068659388127e8e63f2d2297ba2348c72b20705 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Mon, 12 Oct 2015 03:19:51 -0400 +Subject: [PATCH] bzip2: fix bunzip2 -qt returns 0 for corrupt archives + +"bzip2 -t FILE" returns 2 if FILE exists, but is not a valid bzip2 file. +"bzip2 -qt FILE" returns 0 when this happens, although it does print out +an error message as is does so. + +This has been fix by Debian, just port changes from Debian patch file +"20-legacy.patch". + +Debian defect: +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279025 + +Fix item from changelog: +http://archive.debian.net/changelogs/pool/main/b/bzip2/bzip2_1.0.2-7/changelog + + * Fixed "bunzip2 -qt returns 0 for corrupt archives" (Closes: #279025). + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan +--- + bzip2.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/bzip2.c b/bzip2.c +index 6de9d1d..f2ce668 100644 +--- a/bzip2.c ++++ b/bzip2.c +@@ -2003,12 +2003,14 @@ IntNative main ( IntNative argc, Char *argv[] ) + testf ( aa->name ); + } + } +- if (testFailsExist && noisy) { +- fprintf ( stderr, +- "\n" +- "You can use the `bzip2recover' program to attempt to recover\n" +- "data from undamaged sections of corrupted files.\n\n" +- ); ++ if (testFailsExist) { ++ if (noisy) { ++ fprintf ( stderr, ++ "\n" ++ "You can use the `bzip2recover' program to attempt to recover\n" ++ "data from undamaged sections of corrupted files.\n\n" ++ ); ++ } + setExit(2); + exit(exitValue); + } +-- +1.9.1 + diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch new file mode 100644 index 00000000..362e6cf3 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch @@ -0,0 +1,82 @@ +From 212f3ed7ac3931c9e0e9167a0bdc16eeb3c76af4 Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Wed, 3 Jul 2019 01:28:11 +0200 +Subject: [PATCH] Accept as many selectors as the file format allows. + +But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS. + +The theoretical maximum number of selectors depends on the maximum +blocksize (900000 bytes) and the number of symbols (50) that can be +encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002. + +But the bzip2 file format allows the number of selectors to be encoded +with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in +14 bits). So the file format maximum is 32767 selectors. + +Some bzip2 encoders might actually have written out more selectors +than the theoretical maximum because they rounded up the number of +selectors to some convenient factor of 8. + +The extra 14766 selectors can never be validly used by the decompression +algorithm. So we can read them, but then discard them. + +This is effectively what was done (by accident) before we added a +check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate +CVE-2019-12900. + +The extra selectors were written out after the array inside the +EState struct. But the struct has extra space allocated after the +selector arrays of 18060 bytes (which is larger than 14766). +All of which will be initialized later (so the overwrite of that +space with extra selector values would have been harmless). + +Upstream-Status: Backport +Signed-off-by: Anuj Mittal + +--- + compress.c | 2 +- + decompress.c | 10 ++++++++-- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/compress.c b/compress.c +index caf7696..19b662b 100644 +--- a/compress.c ++++ b/compress.c +@@ -454,7 +454,7 @@ void sendMTFValues ( EState* s ) + + AssertH( nGroups < 8, 3002 ); + AssertH( nSelectors < 32768 && +- nSelectors <= (2 + (900000 / BZ_G_SIZE)), ++ nSelectors <= BZ_MAX_SELECTORS, + 3003 ); + + +diff --git a/decompress.c b/decompress.c +index b6e0a29..78060c9 100644 +--- a/decompress.c ++++ b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s ) + j++; + if (j >= nGroups) RETURN(BZ_DATA_ERROR); + } +- s->selectorMtf[i] = j; ++ /* Having more than BZ_MAX_SELECTORS doesn't make much sense ++ since they will never be used, but some implementations might ++ "round up" the number of selectors, so just ignore those. */ ++ if (i < BZ_MAX_SELECTORS) ++ s->selectorMtf[i] = j; + } ++ if (nSelectors > BZ_MAX_SELECTORS) ++ nSelectors = BZ_MAX_SELECTORS; + + /*--- Undo the MTF values for the selectors. ---*/ + { diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest new file mode 100644 index 00000000..3b20fce1 --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +make -k runtest diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/external/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb new file mode 100644 index 00000000..33cb8dda --- /dev/null +++ b/external/poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -0,0 +1,47 @@ +SUMMARY = "Very high-quality data compression program" +DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \ +Huffman coding. Compression is generally considerably better than that achieved by more conventional \ +LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors." +HOMEPAGE = "https://sourceware.org/bzip2/" +SECTION = "console/utils" +LICENSE = "bzip2" +LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=39406315f540c69bd05b1531daedd2ae" +PR = "r5" + +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ + file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ + file://configure.ac;subdir=${BP} \ + file://Makefile.am;subdir=${BP} \ + file://run-ptest \ + file://CVE-2016-3189.patch \ + file://CVE-2019-12900.patch \ + file://fix-regression-CVE-2019-12900.patch \ + " + +SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" +SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" + +UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/" +UPSTREAM_VERSION_UNKNOWN = "1" + +PACKAGES =+ "libbz2" + +CFLAGS_append = " -fPIC -fpic -Winline -fno-strength-reduce -D_FILE_OFFSET_BITS=64" + +inherit autotools update-alternatives ptest relative_symlinks + +ALTERNATIVE_PRIORITY = "100" +ALTERNATIVE_${PN} = "bunzip2 bzcat" + +#install binaries to bzip2-native under sysroot for replacement-native +EXTRA_OECONF_append_class-native = " --bindir=${STAGING_BINDIR_NATIVE}/${PN}" + +do_install_ptest () { + sed -i -e "s|^Makefile:|_Makefile:|" ${D}${PTEST_PATH}/Makefile +} + +FILES_libbz2 = "${libdir}/lib*${SOLIBS}" + +PROVIDES_append_class-native = " bzip2-replacement-native" +BBCLASSEXTEND = "native nativesdk" + -- cgit 1.2.3-korg