!69 fix CVE-2022-30065
From: @jackey_1024 Reviewed-by: @duguhaotian Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot
Gitee
commit
5990a363e7
46
backport-CVE-2022-30065.patch
Normal file
46
backport-CVE-2022-30065.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 4ec641f81717e19198fc6375cf06b514ac381ab9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: jackey_1024 <jikui2@huawei.com>
|
||||||
|
Date: Sat, 20 Aug 2022 18:07:04 +0800
|
||||||
|
Subject: [PATCH] busybox: fix CVE-2022-30065
|
||||||
|
|
||||||
|
backport from upstream:
|
||||||
|
https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e
|
||||||
|
|
||||||
|
Signed-off-by: jackey_1024 <jikui2@huawei.com>
|
||||||
|
---
|
||||||
|
editors/awk.c | 3 +++
|
||||||
|
testsuite/awk.tests | 6 ++++++
|
||||||
|
2 files changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/editors/awk.c b/editors/awk.c
|
||||||
|
index 62cd019..66d2646 100644
|
||||||
|
--- a/editors/awk.c
|
||||||
|
+++ b/editors/awk.c
|
||||||
|
@@ -3094,6 +3094,9 @@ static var *evaluate(node *op, var *res)
|
||||||
|
|
||||||
|
case XC( OC_MOVE ):
|
||||||
|
debug_printf_eval("MOVE\n");
|
||||||
|
+ /* make sure that we never return a temp var */
|
||||||
|
+ if (L.v == TMPVAR0)
|
||||||
|
+ L.v = res;
|
||||||
|
/* if source is a temporary string, jusk relink it to dest */
|
||||||
|
if (R.v == TMPVAR1
|
||||||
|
&& !(R.v->type & VF_NUMBER)
|
||||||
|
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
|
||||||
|
index 64ca9fd..2200488 100755
|
||||||
|
--- a/testsuite/awk.tests
|
||||||
|
+++ b/testsuite/awk.tests
|
||||||
|
@@ -463,4 +463,10 @@ testing "awk \"cmd\" | getline" \
|
||||||
|
"HELLO\n" \
|
||||||
|
'' ''
|
||||||
|
|
||||||
|
+testing 'awk assign while test' \
|
||||||
|
+ "awk '\$1==\$1=\"foo\" {print \$1}'" \
|
||||||
|
+ "foo\n" \
|
||||||
|
+ "" \
|
||||||
|
+ "foo"
|
||||||
|
+
|
||||||
|
exit $FAILCOUNT
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
@ -4,7 +4,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if "%{!?RELEASE:1}"
|
%if "%{!?RELEASE:1}"
|
||||||
%define RELEASE 12
|
%define RELEASE 13
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: busybox
|
Name: busybox
|
||||||
@ -26,6 +26,7 @@ Patch6003: backport-CVE-2021-42377.patch
|
|||||||
Patch6004: backport-CVE-2021-42376.patch
|
Patch6004: backport-CVE-2021-42376.patch
|
||||||
Patch6005: backport-fix-awk-cve.patch
|
Patch6005: backport-fix-awk-cve.patch
|
||||||
Patch6006: backport-CVE-2022-28391.patch
|
Patch6006: backport-CVE-2022-28391.patch
|
||||||
|
Patch6007: backport-CVE-2022-30065.patch
|
||||||
|
|
||||||
BuildRoot: %_topdir/BUILDROOT
|
BuildRoot: %_topdir/BUILDROOT
|
||||||
#Dependency
|
#Dependency
|
||||||
@ -101,6 +102,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
|
|||||||
%{_mandir}/man1/busybox.petitboot.1.gz
|
%{_mandir}/man1/busybox.petitboot.1.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 19 2022 jikui <jikui2@huawei.com> - 1:1.31.1-13
|
||||||
|
- Type:CVE
|
||||||
|
- Id:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC: fix CVE-2022-30065
|
||||||
|
|
||||||
* Tue Apr 19 2022 jikui <jikui2@huawei.com> - 1:1.31.1-12
|
* Tue Apr 19 2022 jikui <jikui2@huawei.com> - 1:1.31.1-12
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- Id:NA
|
- Id:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user