summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Kanavin <alex.kanavin@gmail.com>2022-04-07 19:00:16 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-04-19 14:14:11 +0100
commitabff42ff318fd806d7607ed40da5bc0c89793d76 (patch)
tree4389b000ee4bf74027ebc1cdb3f8896aeaa4c2da
parent15df00f0f0e3c15560b3f0774227817deade81f9 (diff)
downloadpoky-abff42ff318fd806d7607ed40da5bc0c89793d76.tar.gz
squashfs-tools: update 4.5 -> 4.5.1
Drop backports. Correctly set source and installation directories. (From OE-Core rev: feaa1ed77c31a3c7dd8abe17d8d0e6f94157eb61) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-devtools/squashfs-tools/files/0001-install-manpages.sh-do-not-write-original-timestamps.patch30
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch34
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch135
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch108
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch326
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch329
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb20
7 files changed, 39 insertions, 943 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/files/0001-install-manpages.sh-do-not-write-original-timestamps.patch b/meta/recipes-devtools/squashfs-tools/files/0001-install-manpages.sh-do-not-write-original-timestamps.patch
new file mode 100644
index 0000000000..ed1d2f5b3b
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/0001-install-manpages.sh-do-not-write-original-timestamps.patch
@@ -0,0 +1,30 @@
1From b44b00dae195d8587857c7e8054e9be4eaa1f8b3 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Thu, 7 Apr 2022 09:26:09 +0200
4Subject: [PATCH] install-manpages.sh: do not write original timestamps into
5 .gz metadata
6
7This helps binary reproducibility.
8
9Upstream-Status: Submitted [https://github.com/plougher/squashfs-tools/pull/177]
10Signed-off-by: Alexander Kanavin <alex@linutronix.de>
11---
12 generate-manpages/install-manpages.sh | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15diff --git a/generate-manpages/install-manpages.sh b/generate-manpages/install-manpages.sh
16index d4c9e91..6a43b89 100755
17--- a/generate-manpages/install-manpages.sh
18+++ b/generate-manpages/install-manpages.sh
19@@ -56,7 +56,7 @@ for i in mksquashfs unsquashfs sqfstar sqfscat; do
20 exit 1
21 fi
22
23- if ! gzip -f9 $2/$i.1; then
24+ if ! gzip -n -f9 $2/$i.1; then
25 echo "$0: Compressing installed manpage failed. Aborting" >&2
26 exit 1
27 fi
28--
292.30.2
30
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
deleted file mode 100644
index b505f05735..0000000000
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From c9e263a7add76df1ed92e879d964264067c0f6e8 Mon Sep 17 00:00:00 2001
2From: Patrick McCarty <patrick.mccarty@intel.com>
3Date: Mon, 26 Jul 2021 11:38:43 -0700
4Subject: [PATCH] Avoid use of INSTALL_DIR for symlink targets
5
6In case INSTALL_DIR is overridden with a staged install location, using
7INSTALL_DIR for the symlink target path prefix will yield an incorrect location
8for the final installation.
9
10Because the symlink itself is already installed to INSTALL_DIR, simply removing
11the INSTALL_DIR prefix suffices as a fix.
12
13Note that using $DESTDIR/$INSTALL_DIR where appropriate can avoid this type of
14issue, but that can be considered a future enhancement.
15
16Upstream-Status: Backport
17Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
18Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
19---
20 squashfs-tools/Makefile | 4 ++--
21 1 file changed, 2 insertions(+), 2 deletions(-)
22
23diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
24index 5795d0d..998c5fd 100755
25--- a/Makefile
26+++ b/Makefile
27@@ -406,5 +406,5 @@ install: mksquashfs unsquashfs
28 mkdir -p $(INSTALL_DIR)
29 cp mksquashfs $(INSTALL_DIR)
30 cp unsquashfs $(INSTALL_DIR)
31- ln -fs $(INSTALL_DIR)/unsquashfs $(INSTALL_DIR)/sqfscat
32- ln -fs $(INSTALL_DIR)/mksquashfs $(INSTALL_DIR)/sqfstar
33+ ln -fs unsquashfs $(INSTALL_DIR)/sqfscat
34+ ln -fs mksquashfs $(INSTALL_DIR)/sqfstar
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch
deleted file mode 100644
index d01b5c6871..0000000000
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch
+++ /dev/null
@@ -1,135 +0,0 @@
1The commit is required by the fix for CVE-2021-41072.
2
3Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441]
4
5Signed-off-by: Kai Kang <kai.kang@windriver.com>
6
7From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001
8From: Phillip Lougher <phillip@squashfs.org.uk>
9Date: Sun, 12 Sep 2021 19:58:19 +0100
10Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory
11
12Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
13---
14 squashfs-tools/unsquash-1.c | 3 +--
15 squashfs-tools/unsquash-1234.c | 11 +++++++++--
16 squashfs-tools/unsquash-2.c | 3 +--
17 squashfs-tools/unsquash-3.c | 3 +--
18 squashfs-tools/unsquash-4.c | 3 +--
19 squashfs-tools/unsquashfs.c | 7 -------
20 squashfs-tools/unsquashfs.h | 1 +
21 7 files changed, 14 insertions(+), 17 deletions(-)
22
23diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
24index acba821..7598499 100644
25--- a/squashfs-tools/unsquash-1.c
26+++ b/squashfs-tools/unsquash-1.c
27@@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
28 return dir;
29
30 corrupted:
31- free(dir->dirs);
32- free(dir);
33+ squashfs_closedir(dir);
34 return NULL;
35 }
36
37diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
38index c2d4f42..0c8dfbb 100644
39--- a/squashfs-tools/unsquash-1234.c
40+++ b/squashfs-tools/unsquash-1234.c
41@@ -25,8 +25,8 @@
42 * unsquash-4.
43 */
44
45-#define TRUE 1
46-#define FALSE 0
47+#include "unsquashfs.h"
48+
49 /*
50 * Check name for validity, name should not
51 * - be ".", "./", or
52@@ -56,3 +56,10 @@ int check_name(char *name, int size)
53
54 return TRUE;
55 }
56+
57+
58+void squashfs_closedir(struct dir *dir)
59+{
60+ free(dir->dirs);
61+ free(dir);
62+}
63diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
64index 0746b3d..86f62ba 100644
65--- a/squashfs-tools/unsquash-2.c
66+++ b/squashfs-tools/unsquash-2.c
67@@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
68 return dir;
69
70 corrupted:
71- free(dir->dirs);
72- free(dir);
73+ squashfs_closedir(dir);
74 return NULL;
75 }
76
77diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
78index 094caaa..c04aa9e 100644
79--- a/squashfs-tools/unsquash-3.c
80+++ b/squashfs-tools/unsquash-3.c
81@@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
82 return dir;
83
84 corrupted:
85- free(dir->dirs);
86- free(dir);
87+ squashfs_closedir(dir);
88 return NULL;
89 }
90
91diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
92index 3a1b9e1..ff62dcc 100644
93--- a/squashfs-tools/unsquash-4.c
94+++ b/squashfs-tools/unsquash-4.c
95@@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
96 return dir;
97
98 corrupted:
99- free(dir->dirs);
100- free(dir);
101+ squashfs_closedir(dir);
102 return NULL;
103 }
104
105diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
106index 7b590bd..04be53c 100644
107--- a/squashfs-tools/unsquashfs.c
108+++ b/squashfs-tools/unsquashfs.c
109@@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type)
110 }
111
112
113-void squashfs_closedir(struct dir *dir)
114-{
115- free(dir->dirs);
116- free(dir);
117-}
118-
119-
120 char *get_component(char *target, char **targname)
121 {
122 char *start;
123diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
124index 2e9201c..5ecb2ab 100644
125--- a/squashfs-tools/unsquashfs.h
126+++ b/squashfs-tools/unsquashfs.h
127@@ -291,4 +291,5 @@ extern long long *alloc_index_table(int);
128
129 /* unsquash-1234.c */
130 extern int check_name(char *, int);
131+extern void squashfs_closedir(struct dir *);
132 #endif
133--
1342.17.1
135
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch
deleted file mode 100644
index 6b230b35c6..0000000000
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch
+++ /dev/null
@@ -1,108 +0,0 @@
1The commit is required by the fix for CVE-2021-41072.
2
3Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e]
4
5Signed-off-by: Kai Kang <kai.kang@windriver.com>
6
7From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001
8From: Phillip Lougher <phillip@squashfs.org.uk>
9Date: Sun, 12 Sep 2021 20:09:13 +0100
10Subject: [PATCH] unsquashfs: dynamically allocate name
11
12Dynamically allocate name rather than store it
13directly in structure.
14
15Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
16---
17 squashfs-tools/unsquash-1.c | 2 +-
18 squashfs-tools/unsquash-1234.c | 5 +++++
19 squashfs-tools/unsquash-2.c | 2 +-
20 squashfs-tools/unsquash-3.c | 2 +-
21 squashfs-tools/unsquash-4.c | 2 +-
22 squashfs-tools/unsquashfs.h | 2 +-
23 6 files changed, 10 insertions(+), 5 deletions(-)
24
25diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
26index 7598499..d0121c6 100644
27--- a/squashfs-tools/unsquash-1.c
28+++ b/squashfs-tools/unsquash-1.c
29@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
30 dir->dirs = new_dir;
31 }
32
33- strcpy(dir->dirs[dir->dir_count].name, dire->name);
34+ dir->dirs[dir->dir_count].name = strdup(dire->name);
35 dir->dirs[dir->dir_count].start_block =
36 dirh.start_block;
37 dir->dirs[dir->dir_count].offset = dire->offset;
38diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
39index 0c8dfbb..ac46d9d 100644
40--- a/squashfs-tools/unsquash-1234.c
41+++ b/squashfs-tools/unsquash-1234.c
42@@ -60,6 +60,11 @@ int check_name(char *name, int size)
43
44 void squashfs_closedir(struct dir *dir)
45 {
46+ int i;
47+
48+ for(i = 0; i < dir->dir_count; i++)
49+ free(dir->dirs[i].name);
50+
51 free(dir->dirs);
52 free(dir);
53 }
54diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
55index 86f62ba..e847980 100644
56--- a/squashfs-tools/unsquash-2.c
57+++ b/squashfs-tools/unsquash-2.c
58@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
59 dir->dirs = new_dir;
60 }
61
62- strcpy(dir->dirs[dir->dir_count].name, dire->name);
63+ dir->dirs[dir->dir_count].name = strdup(dire->name);
64 dir->dirs[dir->dir_count].start_block =
65 dirh.start_block;
66 dir->dirs[dir->dir_count].offset = dire->offset;
67diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
68index c04aa9e..8223f27 100644
69--- a/squashfs-tools/unsquash-3.c
70+++ b/squashfs-tools/unsquash-3.c
71@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
72 dir->dirs = new_dir;
73 }
74
75- strcpy(dir->dirs[dir->dir_count].name, dire->name);
76+ dir->dirs[dir->dir_count].name = strdup(dire->name);
77 dir->dirs[dir->dir_count].start_block =
78 dirh.start_block;
79 dir->dirs[dir->dir_count].offset = dire->offset;
80diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
81index ff62dcc..1e199a7 100644
82--- a/squashfs-tools/unsquash-4.c
83+++ b/squashfs-tools/unsquash-4.c
84@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
85 dir->dirs = new_dir;
86 }
87
88- strcpy(dir->dirs[dir->dir_count].name, dire->name);
89+ dir->dirs[dir->dir_count].name = strdup(dire->name);
90 dir->dirs[dir->dir_count].start_block =
91 dirh.start_block;
92 dir->dirs[dir->dir_count].offset = dire->offset;
93diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
94index 5ecb2ab..583fbe4 100644
95--- a/squashfs-tools/unsquashfs.h
96+++ b/squashfs-tools/unsquashfs.h
97@@ -164,7 +164,7 @@ struct queue {
98 #define DIR_ENT_SIZE 16
99
100 struct dir_ent {
101- char name[SQUASHFS_NAME_LEN + 1];
102+ char *name;
103 unsigned int start_block;
104 unsigned int offset;
105 unsigned int type;
106--
1072.17.1
108
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch
deleted file mode 100644
index 5d5df6f15b..0000000000
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch
+++ /dev/null
@@ -1,326 +0,0 @@
1The commit is required by the fix for CVE-2021-41072.
2
3Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/9938154]
4
5Signed-off-by: Kai Kang <kai.kang@windriver.com>
6
7From 9938154174756ee48a94ea0b076397a2944b028d Mon Sep 17 00:00:00 2001
8From: Phillip Lougher <phillip@squashfs.org.uk>
9Date: Sun, 12 Sep 2021 22:58:11 +0100
10Subject: [PATCH] unsquashfs: use linked list to store directory names
11
12This should bring higher performance, and it allows sorting
13if necessary (1.x and 2.0 filesystems).
14
15Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
16---
17 squashfs-tools/unsquash-1.c | 30 +++++++++++++++---------------
18 squashfs-tools/unsquash-1234.c | 12 ++++++++----
19 squashfs-tools/unsquash-2.c | 29 +++++++++++++++--------------
20 squashfs-tools/unsquash-3.c | 29 +++++++++++++++--------------
21 squashfs-tools/unsquash-4.c | 29 +++++++++++++++--------------
22 squashfs-tools/unsquashfs.c | 16 ++++++++++------
23 squashfs-tools/unsquashfs.h | 3 ++-
24 7 files changed, 80 insertions(+), 68 deletions(-)
25
26diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
27index d0121c6..b604434 100644
28--- a/squashfs-tools/unsquash-1.c
29+++ b/squashfs-tools/unsquash-1.c
30@@ -254,7 +254,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
31 long long start;
32 int bytes = 0;
33 int dir_count, size, res;
34- struct dir_ent *new_dir;
35+ struct dir_ent *ent, *cur_ent = NULL;
36 struct dir *dir;
37
38 TRACE("squashfs_opendir: inode start block %d, offset %d\n",
39@@ -267,7 +267,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
40 MEM_ERROR();
41
42 dir->dir_count = 0;
43- dir->cur_entry = 0;
44+ dir->cur_entry = NULL;
45 dir->mode = (*i)->mode;
46 dir->uid = (*i)->uid;
47 dir->guid = (*i)->gid;
48@@ -351,20 +351,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
49 "%d:%d, type %d\n", dire->name,
50 dirh.start_block, dire->offset, dire->type);
51
52- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
53- new_dir = realloc(dir->dirs, (dir->dir_count +
54- DIR_ENT_SIZE) * sizeof(struct dir_ent));
55- if(new_dir == NULL)
56- MEM_ERROR();
57-
58- dir->dirs = new_dir;
59- }
60+ ent = malloc(sizeof(struct dir_ent));
61+ if(ent == NULL)
62+ MEM_ERROR();
63
64- dir->dirs[dir->dir_count].name = strdup(dire->name);
65- dir->dirs[dir->dir_count].start_block =
66- dirh.start_block;
67- dir->dirs[dir->dir_count].offset = dire->offset;
68- dir->dirs[dir->dir_count].type = dire->type;
69+ ent->name = strdup(dire->name);
70+ ent->start_block = dirh.start_block;
71+ ent->offset = dire->offset;
72+ ent->type = dire->type;
73+ ent->next = NULL;
74+ if(cur_ent == NULL)
75+ dir->dirs = ent;
76+ else
77+ cur_ent->next = ent;
78+ cur_ent = ent;
79 dir->dir_count ++;
80 bytes += dire->size + 1;
81 }
82diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
83index ac46d9d..e389f8d 100644
84--- a/squashfs-tools/unsquash-1234.c
85+++ b/squashfs-tools/unsquash-1234.c
86@@ -60,11 +60,15 @@ int check_name(char *name, int size)
87
88 void squashfs_closedir(struct dir *dir)
89 {
90- int i;
91+ struct dir_ent *ent = dir->dirs;
92
93- for(i = 0; i < dir->dir_count; i++)
94- free(dir->dirs[i].name);
95+ while(ent) {
96+ struct dir_ent *tmp = ent;
97+
98+ ent = ent->next;
99+ free(tmp->name);
100+ free(tmp);
101+ }
102
103- free(dir->dirs);
104 free(dir);
105 }
106diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
107index e847980..956f96f 100644
108--- a/squashfs-tools/unsquash-2.c
109+++ b/squashfs-tools/unsquash-2.c
110@@ -347,7 +347,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
111 long long start;
112 int bytes = 0;
113 int dir_count, size, res;
114- struct dir_ent *new_dir;
115+ struct dir_ent *ent, *cur_ent = NULL;
116 struct dir *dir;
117
118 TRACE("squashfs_opendir: inode start block %d, offset %d\n",
119@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
120 MEM_ERROR();
121
122 dir->dir_count = 0;
123- dir->cur_entry = 0;
124+ dir->cur_entry = NULL;
125 dir->mode = (*i)->mode;
126 dir->uid = (*i)->uid;
127 dir->guid = (*i)->gid;
128@@ -444,19 +444,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
129 "%d:%d, type %d\n", dire->name,
130 dirh.start_block, dire->offset, dire->type);
131
132- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
133- new_dir = realloc(dir->dirs, (dir->dir_count +
134- DIR_ENT_SIZE) * sizeof(struct dir_ent));
135- if(new_dir == NULL)
136- MEM_ERROR();
137- dir->dirs = new_dir;
138- }
139+ ent = malloc(sizeof(struct dir_ent));
140+ if(ent == NULL)
141+ MEM_ERROR();
142
143- dir->dirs[dir->dir_count].name = strdup(dire->name);
144- dir->dirs[dir->dir_count].start_block =
145- dirh.start_block;
146- dir->dirs[dir->dir_count].offset = dire->offset;
147- dir->dirs[dir->dir_count].type = dire->type;
148+ ent->name = strdup(dire->name);
149+ ent->start_block = dirh.start_block;
150+ ent->offset = dire->offset;
151+ ent->type = dire->type;
152+ ent->next = NULL;
153+ if(cur_ent == NULL)
154+ dir->dirs = ent;
155+ else
156+ cur_ent->next = ent;
157+ cur_ent = ent;
158 dir->dir_count ++;
159 bytes += dire->size + 1;
160 }
161diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
162index 8223f27..835a574 100644
163--- a/squashfs-tools/unsquash-3.c
164+++ b/squashfs-tools/unsquash-3.c
165@@ -381,7 +381,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
166 long long start;
167 int bytes = 0;
168 int dir_count, size, res;
169- struct dir_ent *new_dir;
170+ struct dir_ent *ent, *cur_ent = NULL;
171 struct dir *dir;
172
173 TRACE("squashfs_opendir: inode start block %d, offset %d\n",
174@@ -394,7 +394,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
175 MEM_ERROR();
176
177 dir->dir_count = 0;
178- dir->cur_entry = 0;
179+ dir->cur_entry = NULL;
180 dir->mode = (*i)->mode;
181 dir->uid = (*i)->uid;
182 dir->guid = (*i)->gid;
183@@ -478,19 +478,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
184 "%d:%d, type %d\n", dire->name,
185 dirh.start_block, dire->offset, dire->type);
186
187- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
188- new_dir = realloc(dir->dirs, (dir->dir_count +
189- DIR_ENT_SIZE) * sizeof(struct dir_ent));
190- if(new_dir == NULL)
191- MEM_ERROR();
192- dir->dirs = new_dir;
193- }
194+ ent = malloc(sizeof(struct dir_ent));
195+ if(ent == NULL)
196+ MEM_ERROR();
197
198- dir->dirs[dir->dir_count].name = strdup(dire->name);
199- dir->dirs[dir->dir_count].start_block =
200- dirh.start_block;
201- dir->dirs[dir->dir_count].offset = dire->offset;
202- dir->dirs[dir->dir_count].type = dire->type;
203+ ent->name = strdup(dire->name);
204+ ent->start_block = dirh.start_block;
205+ ent->offset = dire->offset;
206+ ent->type = dire->type;
207+ ent->next = NULL;
208+ if(cur_ent == NULL)
209+ dir->dirs = ent;
210+ else
211+ cur_ent->next = ent;
212+ cur_ent = ent;
213 dir->dir_count ++;
214 bytes += dire->size + 1;
215 }
216diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
217index 1e199a7..694783d 100644
218--- a/squashfs-tools/unsquash-4.c
219+++ b/squashfs-tools/unsquash-4.c
220@@ -331,7 +331,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
221 struct squashfs_dir_entry *dire = (struct squashfs_dir_entry *) buffer;
222 long long start;
223 int bytes = 0, dir_count, size, res;
224- struct dir_ent *new_dir;
225+ struct dir_ent *ent, *cur_ent = NULL;
226 struct dir *dir;
227
228 TRACE("squashfs_opendir: inode start block %d, offset %d\n",
229@@ -344,7 +344,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
230 MEM_ERROR();
231
232 dir->dir_count = 0;
233- dir->cur_entry = 0;
234+ dir->cur_entry = NULL;
235 dir->mode = (*i)->mode;
236 dir->uid = (*i)->uid;
237 dir->guid = (*i)->gid;
238@@ -415,19 +415,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
239 "%d:%d, type %d\n", dire->name,
240 dirh.start_block, dire->offset, dire->type);
241
242- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
243- new_dir = realloc(dir->dirs, (dir->dir_count +
244- DIR_ENT_SIZE) * sizeof(struct dir_ent));
245- if(new_dir == NULL)
246- MEM_ERROR();
247- dir->dirs = new_dir;
248- }
249+ ent = malloc(sizeof(struct dir_ent));
250+ if(ent == NULL)
251+ MEM_ERROR();
252
253- dir->dirs[dir->dir_count].name = strdup(dire->name);
254- dir->dirs[dir->dir_count].start_block =
255- dirh.start_block;
256- dir->dirs[dir->dir_count].offset = dire->offset;
257- dir->dirs[dir->dir_count].type = dire->type;
258+ ent->name = strdup(dire->name);
259+ ent->start_block = dirh.start_block;
260+ ent->offset = dire->offset;
261+ ent->type = dire->type;
262+ ent->next = NULL;
263+ if(cur_ent == NULL)
264+ dir->dirs = ent;
265+ else
266+ cur_ent->next = ent;
267+ cur_ent = ent;
268 dir->dir_count ++;
269 bytes += dire->size + 1;
270 }
271diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
272index 04be53c..fee28ec 100644
273--- a/squashfs-tools/unsquashfs.c
274+++ b/squashfs-tools/unsquashfs.c
275@@ -1337,14 +1337,18 @@ failed:
276 int squashfs_readdir(struct dir *dir, char **name, unsigned int *start_block,
277 unsigned int *offset, unsigned int *type)
278 {
279- if(dir->cur_entry == dir->dir_count)
280+ if(dir->cur_entry == NULL)
281+ dir->cur_entry = dir->dirs;
282+ else
283+ dir->cur_entry = dir->cur_entry->next;
284+
285+ if(dir->cur_entry == NULL)
286 return FALSE;
287
288- *name = dir->dirs[dir->cur_entry].name;
289- *start_block = dir->dirs[dir->cur_entry].start_block;
290- *offset = dir->dirs[dir->cur_entry].offset;
291- *type = dir->dirs[dir->cur_entry].type;
292- dir->cur_entry ++;
293+ *name = dir->cur_entry->name;
294+ *start_block = dir->cur_entry->start_block;
295+ *offset = dir->cur_entry->offset;
296+ *type = dir->cur_entry->type;
297
298 return TRUE;
299 }
300diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
301index 583fbe4..f8cf78c 100644
302--- a/squashfs-tools/unsquashfs.h
303+++ b/squashfs-tools/unsquashfs.h
304@@ -168,17 +168,18 @@ struct dir_ent {
305 unsigned int start_block;
306 unsigned int offset;
307 unsigned int type;
308+ struct dir_ent *next;
309 };
310
311 struct dir {
312 int dir_count;
313- int cur_entry;
314 unsigned int mode;
315 uid_t uid;
316 gid_t guid;
317 unsigned int mtime;
318 unsigned int xattr;
319 struct dir_ent *dirs;
320+ struct dir_ent *cur_entry;
321 };
322
323 struct file_entry {
324--
3252.17.1
326
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch
deleted file mode 100644
index f807af60bc..0000000000
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch
+++ /dev/null
@@ -1,329 +0,0 @@
1CVE: CVE-2021-41072
2Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/e048580]
3
4Update on 20211109:
5Squash a follow-up fix for CVE-2021-41072 from upstream:
6https://github.com/plougher/squashfs-tools/commit/19fcc93
7
8Signed-off-by: Kai Kang <kai.kang@windriver.com>
9
10From e0485802ec72996c20026da320650d8362f555bd Mon Sep 17 00:00:00 2001
11From: Phillip Lougher <phillip@squashfs.org.uk>
12Date: Sun, 12 Sep 2021 23:50:06 +0100
13Subject: [PATCH] Unsquashfs: additional write outside destination directory
14 exploit fix
15
16An issue on github (https://github.com/plougher/squashfs-tools/issues/72)
17showed how some specially crafted Squashfs filesystems containing
18invalid file names (with '/' and '..') can cause Unsquashfs to write
19files outside of the destination directory.
20
21Since then it has been shown that specially crafted Squashfs filesystems
22that contain a symbolic link pointing outside of the destination directory,
23coupled with an identically named file within the same directory, can
24cause Unsquashfs to write files outside of the destination directory.
25
26Specifically the symbolic link produces a pathname pointing outside
27of the destination directory, which is then followed when writing the
28duplicate identically named file within the directory.
29
30This commit fixes this exploit by explictly checking for duplicate
31filenames within a directory. As directories in v2.1, v3.x, and v4.0
32filesystems are sorted, this is achieved by checking for consecutively
33identical filenames. Additionally directories are checked to
34ensure they are sorted, to avoid attempts to evade the duplicate
35check.
36
37Version 1.x and 2.0 filesystems (where the directories were unsorted)
38are sorted and then the above duplicate filename check is applied.
39
40Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
41---
42 squashfs-tools/Makefile | 6 +-
43 squashfs-tools/unsquash-1.c | 6 ++
44 squashfs-tools/unsquash-12.c | 110 +++++++++++++++++++++++++++++++++
45 squashfs-tools/unsquash-1234.c | 21 +++++++
46 squashfs-tools/unsquash-2.c | 16 +++++
47 squashfs-tools/unsquash-3.c | 6 ++
48 squashfs-tools/unsquash-4.c | 6 ++
49 squashfs-tools/unsquashfs.h | 4 ++
50 8 files changed, 173 insertions(+), 2 deletions(-)
51 create mode 100644 squashfs-tools/unsquash-12.c
52
53diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
54index 7262a2e..1b544ed 100755
55--- a/squashfs-tools/Makefile
56+++ b/squashfs-tools/Makefile
57@@ -160,8 +160,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o pseudo.o compressor.o \
58 caches-queues-lists.o reader.o tar.o
59
60 UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
61- unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \
62- compressor.o unsquashfs_info.o
63+ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o unsquash-12.o \
64+ swap.o compressor.o unsquashfs_info.o
65
66 CFLAGS ?= -O2
67 CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
68@@ -393,6 +393,8 @@ unsquash-34.o: unsquashfs.h unsquash-34.c unsquashfs_error.h
69
70 unsquash-1234.o: unsquash-1234.c unsquashfs_error.h
71
72+unsquash-12.o: unsquash-12.c unsquashfs.h
73+
74 unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h unsquashfs_error.h
75
76 unsquashfs_info.o: unsquashfs.h squashfs_fs.h unsquashfs_error.h
77diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
78index b604434..88866fc 100644
79--- a/squashfs-tools/unsquash-1.c
80+++ b/squashfs-tools/unsquash-1.c
81@@ -370,6 +370,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
82 }
83 }
84
85+ /* check directory for duplicate names. Need to sort directory first */
86+ sort_directory(dir);
87+ if(check_directory(dir) == FALSE) {
88+ ERROR("File system corrupted: directory has duplicate names\n");
89+ goto corrupted;
90+ }
91 return dir;
92
93 corrupted:
94diff --git a/squashfs-tools/unsquash-12.c b/squashfs-tools/unsquash-12.c
95new file mode 100644
96index 0000000..61bf128
97--- /dev/null
98+++ b/squashfs-tools/unsquash-12.c
99@@ -0,0 +1,110 @@
100+/*
101+ * Unsquash a squashfs filesystem. This is a highly compressed read only
102+ * filesystem.
103+ *
104+ * Copyright (c) 2021
105+ * Phillip Lougher <phillip@squashfs.org.uk>
106+ *
107+ * This program is free software; you can redistribute it and/or
108+ * modify it under the terms of the GNU General Public License
109+ * as published by the Free Software Foundation; either version 2,
110+ * or (at your option) any later version.
111+ *
112+ * This program is distributed in the hope that it will be useful,
113+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
114+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
115+ * GNU General Public License for more details.
116+ *
117+ * You should have received a copy of the GNU General Public License
118+ * along with this program; if not, write to the Free Software
119+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
120+ *
121+ * unsquash-12.c
122+ *
123+ * Helper functions used by unsquash-1 and unsquash-2.
124+ */
125+
126+#include "unsquashfs.h"
127+
128+/*
129+ * Bottom up linked list merge sort.
130+ *
131+ */
132+void sort_directory(struct dir *dir)
133+{
134+ struct dir_ent *cur, *l1, *l2, *next;
135+ int len1, len2, stride = 1;
136+
137+ if(dir->dir_count < 2)
138+ return;
139+
140+ /*
141+ * We can consider our linked-list to be made up of stride length
142+ * sublists. Eacn iteration around this loop merges adjacent
143+ * stride length sublists into larger 2*stride sublists. We stop
144+ * when stride becomes equal to the entire list.
145+ *
146+ * Initially stride = 1 (by definition a sublist of 1 is sorted), and
147+ * these 1 element sublists are merged into 2 element sublists, which
148+ * are then merged into 4 element sublists and so on.
149+ */
150+ do {
151+ l2 = dir->dirs; /* head of current linked list */
152+ cur = NULL; /* empty output list */
153+
154+ /*
155+ * Iterate through the linked list, merging adjacent sublists.
156+ * On each interation l2 points to the next sublist pair to be
157+ * merged (if there's only one sublist left this is simply added
158+ * to the output list)
159+ */
160+ while(l2) {
161+ l1 = l2;
162+ for(len1 = 0; l2 && len1 < stride; len1 ++, l2 = l2->next);
163+ len2 = stride;
164+
165+ /*
166+ * l1 points to first sublist.
167+ * l2 points to second sublist.
168+ * Merge them onto the output list
169+ */
170+ while(len1 && l2 && len2) {
171+ if(strcmp(l1->name, l2->name) <= 0) {
172+ next = l1;
173+ l1 = l1->next;
174+ len1 --;
175+ } else {
176+ next = l2;
177+ l2 = l2->next;
178+ len2 --;
179+ }
180+
181+ if(cur) {
182+ cur->next = next;
183+ cur = next;
184+ } else
185+ dir->dirs = cur = next;
186+ }
187+ /*
188+ * One sublist is now empty, copy the other one onto the
189+ * output list
190+ */
191+ for(; len1; len1 --, l1 = l1->next) {
192+ if(cur) {
193+ cur->next = l1;
194+ cur = l1;
195+ } else
196+ dir->dirs = cur = l1;
197+ }
198+ for(; l2 && len2; len2 --, l2 = l2->next) {
199+ if(cur) {
200+ cur->next = l2;
201+ cur = l2;
202+ } else
203+ dir->dirs = cur = l2;
204+ }
205+ }
206+ cur->next = NULL;
207+ stride = stride << 1;
208+ } while(stride < dir->dir_count);
209+}
210diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
211index e389f8d..98a81ed 100644
212--- a/squashfs-tools/unsquash-1234.c
213+++ b/squashfs-tools/unsquash-1234.c
214@@ -72,3 +72,24 @@ void squashfs_closedir(struct dir *dir)
215
216 free(dir);
217 }
218+
219+
220+/*
221+ * Check directory for duplicate names. As the directory should be sorted,
222+ * duplicates will be consecutive. Obviously we also need to check if the
223+ * directory has been deliberately unsorted, to evade this check.
224+ */
225+int check_directory(struct dir *dir)
226+{
227+ int i;
228+ struct dir_ent *ent;
229+
230+ if(dir->dir_count < 2)
231+ return TRUE;
232+
233+ for(ent = dir->dirs, i = 0; i < dir->dir_count - 1; ent = ent->next, i++)
234+ if(strcmp(ent->name, ent->next->name) >= 0)
235+ return FALSE;
236+
237+ return TRUE;
238+}
239diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
240index 956f96f..0e36f7d 100644
241--- a/squashfs-tools/unsquash-2.c
242+++ b/squashfs-tools/unsquash-2.c
243@@ -29,6 +29,7 @@
244 static squashfs_fragment_entry_2 *fragment_table;
245 static unsigned int *uid_table, *guid_table;
246 static squashfs_operations ops;
247+static int needs_sorting = FALSE;
248
249
250 static void read_block_list(unsigned int *block_list, long long start,
251@@ -463,6 +464,17 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
252 }
253 }
254
255+ if(needs_sorting)
256+ sort_directory(dir);
257+
258+ /* check directory for duplicate names and sorting */
259+ if(check_directory(dir) == FALSE) {
260+ if(needs_sorting)
261+ ERROR("File system corrupted: directory has duplicate names\n");
262+ else
263+ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
264+ goto corrupted;
265+ }
266 return dir;
267
268 corrupted:
269@@ -596,6 +608,10 @@ int read_super_2(squashfs_operations **s_ops, void *s)
270 * 2.x filesystems use gzip compression.
271 */
272 comp = lookup_compressor("gzip");
273+
274+ if(sBlk_3->s_minor == 0)
275+ needs_sorting = TRUE;
276+
277 return TRUE;
278 }
279
280diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
281index 835a574..0123562 100644
282--- a/squashfs-tools/unsquash-3.c
283+++ b/squashfs-tools/unsquash-3.c
284@@ -497,6 +497,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
285 }
286 }
287
288+ /* check directory for duplicate names and sorting */
289+ if(check_directory(dir) == FALSE) {
290+ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
291+ goto corrupted;
292+ }
293+
294 return dir;
295
296 corrupted:
297diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
298index 694783d..c615bb8 100644
299--- a/squashfs-tools/unsquash-4.c
300+++ b/squashfs-tools/unsquash-4.c
301@@ -434,6 +434,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
302 }
303 }
304
305+ /* check directory for duplicate names and sorting */
306+ if(check_directory(dir) == FALSE) {
307+ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
308+ goto corrupted;
309+ }
310+
311 return dir;
312
313 corrupted:
314diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
315index f8cf78c..bf2a80d 100644
316--- a/squashfs-tools/unsquashfs.h
317+++ b/squashfs-tools/unsquashfs.h
318@@ -293,4 +293,8 @@ extern long long *alloc_index_table(int);
319 /* unsquash-1234.c */
320 extern int check_name(char *, int);
321 extern void squashfs_closedir(struct dir *);
322+extern int check_directory(struct dir *);
323+
324+/* unsquash-12.c */
325+extern void sort_directory(struct dir *);
326 #endif
327--
3282.17.1
329
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
index c92a5f80a8..4e009d2625 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
@@ -5,20 +5,16 @@ HOMEPAGE = "https://github.com/plougher/squashfs-tools"
5DESCRIPTION = "Tools to create and extract Squashfs filesystems." 5DESCRIPTION = "Tools to create and extract Squashfs filesystems."
6SECTION = "base" 6SECTION = "base"
7LICENSE = "GPL-2.0-only" 7LICENSE = "GPL-2.0-only"
8LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" 8LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
9 9
10PV = "4.5" 10PV = "4.5.1"
11SRCREV = "0496d7c3de3e09da37ba492081c86159806ebb07" 11SRCREV = "afdd63fc386919b4aa40d573b0a6069414d14317"
12SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \ 12SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \
13 file://0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch \ 13 file://0001-install-manpages.sh-do-not-write-original-timestamps.patch \
14 file://CVE-2021-41072-requisite-1.patch;striplevel=2 \
15 file://CVE-2021-41072-requisite-2.patch;striplevel=2 \
16 file://CVE-2021-41072-requisite-3.patch;striplevel=2 \
17 file://CVE-2021-41072.patch;striplevel=2 \
18 " 14 "
19UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" 15UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
20 16
21S = "${WORKDIR}/git/squashfs-tools" 17S = "${WORKDIR}/git"
22 18
23EXTRA_OEMAKE = "${PACKAGECONFIG_CONFARGS}" 19EXTRA_OEMAKE = "${PACKAGECONFIG_CONFARGS}"
24 20
@@ -33,13 +29,15 @@ PACKAGECONFIG[zstd] = "ZSTD_SUPPORT=1,ZSTD_SUPPORT=0,zstd"
33PACKAGECONFIG[reproducible] = "REPRODUCIBLE_DEFAULT=1,REPRODUCIBLE_DEFAULT=0," 29PACKAGECONFIG[reproducible] = "REPRODUCIBLE_DEFAULT=1,REPRODUCIBLE_DEFAULT=0,"
34 30
35do_compile() { 31do_compile() {
32 cd ${S}/squashfs-tools
36 oe_runmake all 33 oe_runmake all
37} 34}
38 35
39do_install() { 36do_install() {
37 cd ${S}/squashfs-tools
40 install -d "${D}${includedir}" 38 install -d "${D}${includedir}"
41 oe_runmake install INSTALL_DIR=${D}${sbindir} 39 oe_runmake install INSTALL_PREFIX=${D}${prefix} INSTALL_MANPAGES_DIR=${D}${datadir}/man/man1
42 install -m 0644 "${S}"/squashfs_fs.h "${D}${includedir}" 40 install -m 0644 "${S}"/squashfs-tools/squashfs_fs.h "${D}${includedir}"
43} 41}
44 42
45ARM_INSTRUCTION_SET:armv4 = "arm" 43ARM_INSTRUCTION_SET:armv4 = "arm"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-13 21:02:44 +0000