summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
diff options
context:
space:
mode:
authoryanjun.zhu <yanjun.zhu@windriver.com>2012-11-30 19:41:23 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2012-12-07 15:58:20 +0000
commita6f0dcbe7d8149865896d8917d4962da95f491ba (patch)
treeff5f02d572d0c1c7eea4f93bf78dc0476bbcb4b3 /meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
parentcf796f8908985b9eb7adb35f4a93850130c781bc (diff)
downloadpoky-a6f0dcbe7d8149865896d8917d4962da95f491ba.tar.gz
squashfs: fix for CVE-2012-4024
Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line or in an extract file) could exceed the 1024 byte sized targname allocated on the stack. Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. [YOCTO #3513] Fixes denzil [YOCTO #3520] (From OE-Core rev: d35560f33f257bd12a07c7c0be770319086d6ad9) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb')
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
index c54081be9f..9922f1ef51 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
@@ -3,6 +3,7 @@
3DESCRIPTION = "Tools to manipulate Squashfs filesystems." 3DESCRIPTION = "Tools to manipulate Squashfs filesystems."
4SECTION = "base" 4SECTION = "base"
5LICENSE = "GPL-2 & PD" 5LICENSE = "GPL-2 & PD"
6FILESEXTRAPATHS_prepend := "${THISDIR}/patches:"
6LIC_FILES_CHKSUM = "file://../COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ 7LIC_FILES_CHKSUM = "file://../COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
7 file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \ 8 file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \
8 " 9 "
@@ -12,6 +13,8 @@ PR = "1"
12SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \ 13SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \
13 http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \ 14 http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \
14 " 15 "
16SRC_URI += "file://squashfs-4.2-fix-CVE-2012-4024.patch \
17 "
15SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852" 18SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852"
16SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96" 19SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96"
17SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759" 20SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759"