diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2014-11-13 11:25:12 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2014-11-13 17:32:10 +0100 |
commit | 55c51a3a3f34f89e90b27490c4d424ac4c434700 (patch) | |
tree | 7cb9516b40ea72d59d60b41e43914e44461362ef | |
parent | 3df9fc9af4ce9b432afada51d22a3e07b0ae2b0f (diff) | |
download | ptxdist-55c51a3a3f34f89e90b27490c4d424ac4c434700.tar.gz ptxdist-55c51a3a3f34f89e90b27490c4d424ac4c434700.tar.xz |
busybox: add lzop security fix
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
6 files changed, 68 insertions, 5 deletions
diff --git a/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch b/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch new file mode 100644 index 000000000..ae0620bcd --- /dev/null +++ b/patches/busybox-1.22.1/0001-lzop-add-overflow-check.patch @@ -0,0 +1,62 @@ +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Mon, 30 Jun 2014 10:14:34 +0200 +Subject: [PATCH] lzop: add overflow check + +See CVE-2014-4607 +http://www.openwall.com/lists/oss-security/2014/06/26/20 + +function old new delta +lzo1x_decompress_safe 1010 1031 +21 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + archival/libarchive/liblzo.h | 2 ++ + archival/libarchive/lzo1x_d.c | 3 +++ + 2 files changed, 5 insertions(+) + +diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h +index 843997cb9cfe..4596620fee23 100644 +--- a/archival/libarchive/liblzo.h ++++ b/archival/libarchive/liblzo.h +@@ -76,11 +76,13 @@ + # define TEST_IP (ip < ip_end) + # define NEED_IP(x) \ + if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun + + # undef TEST_OP /* don't need both of the tests here */ + # define TEST_OP 1 + # define NEED_OP(x) \ + if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun + + #define HAVE_ANY_OP 1 + +diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c +index 9bc1270da81f..40b167e688e2 100644 +--- a/archival/libarchive/lzo1x_d.c ++++ b/archival/libarchive/lzo1x_d.c +@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 15 + *ip++; + } + /* copy literals */ +@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 31 + *ip++; + } + #if defined(COPY_DICT) +@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 7 + *ip++; + } + #if defined(COPY_DICT) diff --git a/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch b/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch index 5ed2bf0bc..55869e9fe 100644 --- a/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch +++ b/patches/busybox-1.22.1/0200-reactivate-check-for-tty.patch @@ -14,7 +14,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c -index ea2446a..8b70f99 100644 +index ea2446a89814..8b70f99e7633 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -498,7 +498,7 @@ int main(int ac, char **av) diff --git a/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch b/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch index 67cd9bee0..98ad36e1d 100644 --- a/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch +++ b/patches/busybox-1.22.1/0201-Fix-the-format-warning-when-building-applets-usage_p.patch @@ -16,7 +16,7 @@ Signed-off-by: Dinny Wu <dinny.wu@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applets/usage_pod.c b/applets/usage_pod.c -index 0b1c4aa..a67e8b4 100644 +index 0b1c4aadb8c4..a67e8b4ac348 100644 --- a/applets/usage_pod.c +++ b/applets/usage_pod.c @@ -71,7 +71,7 @@ int main(void) diff --git a/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch index 257e62db1..d3027e0c2 100644 --- a/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch +++ b/patches/busybox-1.22.1/0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 1 insertion(+) diff --git a/Makefile.flags b/Makefile.flags -index 307afa7..d68c9c4 100644 +index 307afa7f5212..d68c9c4e97c6 100644 --- a/Makefile.flags +++ b/Makefile.flags @@ -141,6 +141,7 @@ ifeq ($(CONFIG_SELINUX),y) diff --git a/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch index acc930d61..5d888347e 100644 --- a/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch +++ b/patches/busybox-1.22.1/0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch @@ -9,7 +9,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/trylink b/scripts/trylink -index e471699..671b22b 100755 +index e471699173bf..671b22b71d93 100755 --- a/scripts/trylink +++ b/scripts/trylink @@ -241,7 +241,12 @@ if test "$CONFIG_BUILD_LIBBUSYBOX" = y; then diff --git a/patches/busybox-1.22.1/series b/patches/busybox-1.22.1/series index 84c80aa6e..e7012679c 100644 --- a/patches/busybox-1.22.1/series +++ b/patches/busybox-1.22.1/series @@ -1,10 +1,11 @@ # generated by git-ptx-patches #tag:base --start-number 1 #tag:upstream-stable --start-number 1 +0001-lzop-add-overflow-check.patch #tag:upstream-master --start-number 100 #tag:ptx --start-number 200 0200-reactivate-check-for-tty.patch 0201-Fix-the-format-warning-when-building-applets-usage_p.patch 0202-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch 0203-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch -# 0036b420b1a49106a872780e90251289 - git-ptx-patches magic +# c333ef9a178a9815e7c412dac8c8a0bc - git-ptx-patches magic |