busybox: add lzop security fix

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

6 files changed, 68 insertions, 5 deletions

diff --git a/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch b/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch
new file mode 100644
index 000000000..ae0620bcd
--- /dev/null
+++ b/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch
@@ -0,0 +1,62 @@
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function                                             old     new   delta
+lzo1x_decompress_safe                               1010    1031     +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h  | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997cb9cfe..4596620fee23 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ #    define TEST_IP             (ip < ip_end)
+ #    define NEED_IP(x) \
+             if ((unsigned)(ip_end - ip) < (unsigned)(x))  goto input_overrun
++#    define TEST_IV(x)          if ((x) > (unsigned)0 - (511)) goto input_overrun
+ 
+ #    undef TEST_OP              /* don't need both of the tests here */
+ #    define TEST_OP             1
+ #    define NEED_OP(x) \
+             if ((unsigned)(op_end - op) < (unsigned)(x))  goto output_overrun
++#    define TEST_OV(x)          if ((x) > (unsigned)0 - (511)) goto output_overrun
+ 
+ #define HAVE_ANY_OP 1
+ 
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270da81f..40b167e688e2 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ 				ip++;
+ 				NEED_IP(1);
+ 			}
++			TEST_IV(t);
+ 			t += 15 + *ip++;
+ 		}
+ 		/* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ 						ip++;
+ 						NEED_IP(1);
+ 					}
++					TEST_IV(t);
+ 					t += 31 + *ip++;
+ 				}
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ 						ip++;
+ 						NEED_IP(1);
+ 					}
++					TEST_IV(t);
+ 					t += 7 + *ip++;
+ 				}
+ #if defined(COPY_DICT)
diff --git a/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch b/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch
index 5ed2bf0bc..55869e9fe 100644
--- a/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch
+++ b/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch
@@ -14,7 +14,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
-index ea2446a..8b70f99 100644
+index ea2446a89814..8b70f99e7633 100644
 --- a/scripts/kconfig/conf.c
 +++ b/scripts/kconfig/conf.c
 @@ -498,7 +498,7 @@ int main(int ac, char **av)
diff --git a/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch b/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch
index 67cd9bee0..98ad36e1d 100644
--- a/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch
+++ b/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch
@@ -16,7 +16,7 @@ Signed-off-by: Dinny Wu <dinny.wu@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/applets/usage_pod.c b/applets/usage_pod.c
-index 0b1c4aa..a67e8b4 100644
+index 0b1c4aadb8c4..a67e8b4ac348 100644
 --- a/applets/usage_pod.c
 +++ b/applets/usage_pod.c
 @@ -71,7 +71,7 @@ int main(void)
diff --git a/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
index 257e62db1..d3027e0c2 100644
--- a/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
+++ b/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.flags b/Makefile.flags
-index 307afa7..d68c9c4 100644
+index 307afa7f5212..d68c9c4e97c6 100644
 --- a/Makefile.flags
 +++ b/Makefile.flags
 @@ -141,6 +141,7 @@ ifeq ($(CONFIG_SELINUX),y)
diff --git a/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
index acc930d61..5d888347e 100644
--- a/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
+++ b/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
@@ -9,7 +9,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 14 insertions(+), 3 deletions(-)
 
 diff --git a/scripts/trylink b/scripts/trylink
-index e471699..671b22b 100755
+index e471699173bf..671b22b71d93 100755
 --- a/scripts/trylink
 +++ b/scripts/trylink
 @@ -241,7 +241,12 @@ if test "$CONFIG_BUILD_LIBBUSYBOX" = y; then
diff --git a/patches/busybox-1.22.1/series b/patches/busybox-1.22.1/series
index 84c80aa6e..e7012679c 100644
--- a/patches/busybox-1.22.1/series
+++ b/patches/busybox-1.22.1/series
@@ -1,10 +1,11 @@
 # generated by git-ptx-patches
 #tag:base --start-number 1
 #tag:upstream-stable --start-number 1
+0001-lzop-add-overflow-check.patch
 #tag:upstream-master --start-number 100
 #tag:ptx --start-number 200
 0200-reactivate-check-for-tty.patch
 0201-Fix-the-format-warning-when-building-applets-usage_p.patch
 0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
 0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
-# 0036b420b1a49106a872780e90251289  - git-ptx-patches magic
+# c333ef9a178a9815e7c412dac8c8a0bc  - git-ptx-patches magic