diff options
-rw-r--r-- | package/utils/busybox/Makefile | 2 | ||||
-rw-r--r-- | package/utils/busybox/patches/006-upstream_lzop_fix.patch | 59 | ||||
-rw-r--r-- | package/utils/busybox/patches/007-upstream_zcat_no_ext_fix.patch | 59 |
3 files changed, 119 insertions, 1 deletions
diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index c546405..718cf78 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.22.1 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/utils/busybox/patches/006-upstream_lzop_fix.patch b/package/utils/busybox/patches/006-upstream_lzop_fix.patch new file mode 100644 index 0000000..6e453eb --- /dev/null +++ b/package/utils/busybox/patches/006-upstream_lzop_fix.patch @@ -0,0 +1,59 @@ +From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Mon, 30 Jun 2014 10:14:34 +0200 +Subject: [PATCH] lzop: add overflow check + +See CVE-2014-4607 +http://www.openwall.com/lists/oss-security/2014/06/26/20 + +function old new delta +lzo1x_decompress_safe 1010 1031 +21 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + archival/libarchive/liblzo.h | 2 ++ + archival/libarchive/lzo1x_d.c | 3 +++ + 2 files changed, 5 insertions(+) + +--- a/archival/libarchive/liblzo.h ++++ b/archival/libarchive/liblzo.h +@@ -76,11 +76,13 @@ + # define TEST_IP (ip < ip_end) + # define NEED_IP(x) \ + if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun + + # undef TEST_OP /* don't need both of the tests here */ + # define TEST_OP 1 + # define NEED_OP(x) \ + if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun + + #define HAVE_ANY_OP 1 + +--- a/archival/libarchive/lzo1x_d.c ++++ b/archival/libarchive/lzo1x_d.c +@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 15 + *ip++; + } + /* copy literals */ +@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 31 + *ip++; + } + #if defined(COPY_DICT) +@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* + ip++; + NEED_IP(1); + } ++ TEST_IV(t); + t += 7 + *ip++; + } + #if defined(COPY_DICT) diff --git a/package/utils/busybox/patches/007-upstream_zcat_no_ext_fix.patch b/package/utils/busybox/patches/007-upstream_zcat_no_ext_fix.patch new file mode 100644 index 0000000..2483800 --- /dev/null +++ b/package/utils/busybox/patches/007-upstream_zcat_no_ext_fix.patch @@ -0,0 +1,59 @@ +From 28dd64a0e1a9cffcde7799f2849b66c0e16bb9cc Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Fri, 10 Jan 2014 14:06:57 +0100 +Subject: [PATCH] libarchive: open_zipped() does not need to check extensions + for e.g. gzip + +We only need to check for signature-less extensions, +currently only .lzma. The rest can be happily autodetected. + +This fixes "zcat FILE_WITHOUT_GZ_EXT" case, among others. + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +(cherry picked from commit 7c47b560a8fc97956dd8132bd7f1863d83c19866) +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + archival/libarchive/open_transformer.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +--- a/archival/libarchive/open_transformer.c ++++ b/archival/libarchive/open_transformer.c +@@ -182,27 +182,26 @@ int FAST_FUNC setup_unzip_on_fd(int fd, + + int FAST_FUNC open_zipped(const char *fname) + { +- char *sfx; + int fd; + + fd = open(fname, O_RDONLY); + if (fd < 0) + return fd; + +- sfx = strrchr(fname, '.'); +- if (sfx) { +- sfx++; +- if (ENABLE_FEATURE_SEAMLESS_LZMA && strcmp(sfx, "lzma") == 0) +- /* .lzma has no header/signature, just trust it */ ++ if (ENABLE_FEATURE_SEAMLESS_LZMA) { ++ /* .lzma has no header/signature, can only detect it by extension */ ++ char *sfx = strrchr(fname, '.'); ++ if (sfx && strcmp(sfx+1, "lzma") == 0) { + open_transformer_with_sig(fd, unpack_lzma_stream, "unlzma"); +- else +- if ((ENABLE_FEATURE_SEAMLESS_GZ && strcmp(sfx, "gz") == 0) +- || (ENABLE_FEATURE_SEAMLESS_BZ2 && strcmp(sfx, "bz2") == 0) +- || (ENABLE_FEATURE_SEAMLESS_XZ && strcmp(sfx, "xz") == 0) +- ) { +- setup_unzip_on_fd(fd, /*fail_if_not_detected:*/ 1); ++ return fd; + } + } ++ if ((ENABLE_FEATURE_SEAMLESS_GZ) ++ || (ENABLE_FEATURE_SEAMLESS_BZ2) ++ || (ENABLE_FEATURE_SEAMLESS_XZ) ++ ) { ++ setup_unzip_on_fd(fd, /*fail_if_not_detected:*/ 1); ++ } + + return fd; + } |