summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch32
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch40
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch27
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch29
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb7
5 files changed, 101 insertions, 34 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch
index 8b9904fd56..52af60206a 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch
@@ -1,7 +1,12 @@
1From bf9776123b854ce30a21403e4df4d4f5deb6af91 Mon Sep 17 00:00:00 2001
2From: "yanjun.zhu" <yanjun.zhu@windriver.com>
3Date: Wed, 20 May 2015 18:14:12 +0200
4Subject: [PATCH 3/4] Fix CVE-2012-4024
5
1Upstream-Status: Backport 6Upstream-Status: Backport
2 7
3Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= 8Reference:
4squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 9https://github.com/plougher/squashfs-tools/commit/19c38fba0be1ce949ab44310d7f49887576cc123
5 10
6Fix potential stack overflow in get_component() where an individual 11Fix potential stack overflow in get_component() where an individual
7pathname component in an extract file (specified on the command line 12pathname component in an extract file (specified on the command line
@@ -12,10 +17,16 @@ Fix by dynamically allocating targname rather than storing it as
12a fixed size on the stack. 17a fixed size on the stack.
13 18
14Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 19Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
15diff -urpN a/unsquashfs.c b/unsquashfs.c 20Signed-off-by: Martin Jansa <martin.jansa@lge.com>
16--- a/unsquashfs.c 2012-11-29 17:04:08.000000000 +0800 21---
17+++ b/unsquashfs.c 2012-11-29 17:04:25.000000000 +0800 22 squashfs-tools/unsquashfs.c | 17 +++++++++++------
18@@ -1034,15 +1034,18 @@ void squashfs_closedir(struct dir *dir) 23 1 file changed, 11 insertions(+), 6 deletions(-)
24
25diff --git a/unsquashfs.c b/unsquashfs.c
26index d532486..4fc04e8 100644
27--- a/unsquashfs.c
28+++ b/unsquashfs.c
29@@ -1076,15 +1076,18 @@ void squashfs_closedir(struct dir *dir)
19 } 30 }
20 31
21 32
@@ -37,7 +48,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
37 48
38 return target; 49 return target;
39 } 50 }
40@@ -1068,12 +1071,12 @@ void free_path(struct pathname *paths) 51@@ -1110,12 +1113,12 @@ void free_path(struct pathname *paths)
41 52
42 struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) 53 struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
43 { 54 {
@@ -52,7 +63,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
52 63
53 if(paths == NULL) { 64 if(paths == NULL) {
54 paths = malloc(sizeof(struct pathname)); 65 paths = malloc(sizeof(struct pathname));
55@@ -1097,7 +1100,7 @@ struct pathname *add_path(struct pathnam 66@@ -1139,7 +1142,7 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
56 sizeof(struct path_entry)); 67 sizeof(struct path_entry));
57 if(paths->name == NULL) 68 if(paths->name == NULL)
58 EXIT_UNSQUASH("Out of memory in add_path\n"); 69 EXIT_UNSQUASH("Out of memory in add_path\n");
@@ -61,7 +72,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
61 paths->name[i].paths = NULL; 72 paths->name[i].paths = NULL;
62 if(use_regex) { 73 if(use_regex) {
63 paths->name[i].preg = malloc(sizeof(regex_t)); 74 paths->name[i].preg = malloc(sizeof(regex_t));
64@@ -1130,6 +1133,8 @@ struct pathname *add_path(struct pathnam 75@@ -1172,6 +1175,8 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
65 /* 76 /*
66 * existing matching entry 77 * existing matching entry
67 */ 78 */
@@ -70,3 +81,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
70 if(paths->name[i].paths == NULL) { 81 if(paths->name[i].paths == NULL) {
71 /* 82 /*
72 * No sub-directory which means this is the leaf 83 * No sub-directory which means this is the leaf
84--
852.1.4
86
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
index 0dabfba663..a5cdecf95b 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
@@ -1,7 +1,11 @@
1From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001
2From: "yanjun.zhu" <yanjun.zhu@windriver.com>
3Date: Wed, 20 May 2015 18:18:47 +0200
4Subject: [PATCH 4/4] Fix CVE-2012-4025
5
1Upstream-Status: Backport 6Upstream-Status: Backport
2 7
3Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? 8Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e
4p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
5 9
6Integer overflow in the queue_init function in unsquashfs.c in 10Integer overflow in the queue_init function in unsquashfs.c in
7unsquashfs in Squashfs 4.2 and earlier allows remote attackers 11unsquashfs in Squashfs 4.2 and earlier allows remote attackers
@@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow.
10 14
11http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 15http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
12 16
13Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 17Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
18Signed-off-by: Martin Jansa <martin.jansa@lge.com>
19---
20 squashfs-tools/squashfs_fs.h | 1 +
21 squashfs-tools/unsquashfs.c | 110 +++++++++++++++++++++++++++++++++++++++----
22 2 files changed, 103 insertions(+), 8 deletions(-)
14 23
15--- a/unsquashfs.c 2012-11-30 17:57:57.000000000 +0800 24diff --git a/squashfs_fs.h b/squashfs_fs.h
16+++ b/unsquashfs.c 2012-11-30 17:58:09.000000000 +0800 25index d4fba1b..6227be2 100644
26--- a/squashfs_fs.h
27+++ b/squashfs_fs.h
28@@ -39,6 +39,7 @@
29 #define SQUASHFS_FILE_LOG 17
30
31 #define SQUASHFS_FILE_MAX_SIZE 1048576
32+#define SQUASHFS_FILE_MAX_LOG 20
33
34 /* Max number of uids and gids */
35 #define SQUASHFS_IDS 65536
36diff --git a/unsquashfs.c b/unsquashfs.c
37index 4fc04e8..078d6ca 100644
38--- a/unsquashfs.c
39+++ b/unsquashfs.c
17@@ -33,6 +33,7 @@ 40@@ -33,6 +33,7 @@
18 #include <sys/types.h> 41 #include <sys/types.h>
19 #include <sys/time.h> 42 #include <sys/time.h>
@@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
58 queue->data = malloc(sizeof(void *) * (size + 1)); 81 queue->data = malloc(sizeof(void *) * (size + 1));
59 if(queue->data == NULL) 82 if(queue->data == NULL)
60 EXIT_UNSQUASH("Out of memory in queue_init\n"); 83 EXIT_UNSQUASH("Out of memory in queue_init\n");
61@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf 84@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
62 * allocate to_reader, to_deflate and to_writer queues. Set based on 85 * allocate to_reader, to_deflate and to_writer queues. Set based on
63 * open file limit and cache size, unless open file limit is unlimited, 86 * open file limit and cache size, unless open file limit is unlimited,
64 * in which case set purely based on cache limits 87 * in which case set purely based on cache limits
@@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
90 113
91 to_reader = queue_init(all_buffers_size); 114 to_reader = queue_init(all_buffers_size);
92 to_deflate = queue_init(all_buffers_size); 115 to_deflate = queue_init(all_buffers_size);
93@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon 116@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns)
94 } 117 }
95 118
96 119
@@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
188 initialise_threads(fragment_buffer_size, data_buffer_size); 211 initialise_threads(fragment_buffer_size, data_buffer_size);
189 212
190 fragment_data = malloc(block_size); 213 fragment_data = malloc(block_size);
214--
2152.1.4
216
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch
index fa075f9e7d..9d3a300a03 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch
@@ -1,13 +1,23 @@
1From 376dcb8ce2c9a6dab59e0a62a86549a490dee014 Mon Sep 17 00:00:00 2001
2From: "yanjun.zhu" <yanjun.zhu@windriver.com>
3Date: Wed, 20 May 2015 18:16:53 +0200
4Subject: [PATCH 1/4] Add a comment and fix some other comments
5
1Upstream-Status: Backport 6Upstream-Status: Backport
2 7
3unsquashfs: add a commment and fix some other comments 8unsquashfs: add a commment and fix some other comments
4 9
5Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 10Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
11Signed-off-by: Martin Jansa <martin.jansa@lge.com>
12---
13 squashfs-tools/unsquashfs.c | 8 ++++++--
14 1 file changed, 6 insertions(+), 2 deletions(-)
6 15
7diff -urpN a/unsquashfs.c b/unsquashfs.c 16diff --git a/unsquashfs.c b/unsquashfs.c
8--- a/unsquashfs.c 2012-11-30 15:27:14.000000000 +0800 17index 529dfac..4f26e18 100644
9+++ b/unsquashfs.c 2012-11-30 15:27:56.000000000 +0800 18--- a/unsquashfs.c
10@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char 19+++ b/unsquashfs.c
20@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char *pathname)
11 21
12 /* 22 /*
13 * the writer thread is queued a squashfs_file structure describing the 23 * the writer thread is queued a squashfs_file structure describing the
@@ -16,7 +26,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
16 * queued separately (references to blocks in the cache). 26 * queued separately (references to blocks in the cache).
17 */ 27 */
18 file->fd = file_fd; 28 file->fd = file_fd;
19@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char 29@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char *pathname)
20 block->offset = 0; 30 block->offset = 0;
21 block->size = i == file_end ? inode->data & (block_size - 1) : 31 block->size = i == file_end ? inode->data & (block_size - 1) :
22 block_size; 32 block_size;
@@ -25,7 +35,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
25 block->buffer = NULL; 35 block->buffer = NULL;
26 else { 36 else {
27 block->buffer = cache_get(data_cache, start, 37 block->buffer = cache_get(data_cache, start,
28@@ -2161,6 +2161,10 @@ options: 38@@ -2156,6 +2156,10 @@ options:
29 block_size = sBlk.s.block_size; 39 block_size = sBlk.s.block_size;
30 block_log = sBlk.s.block_log; 40 block_log = sBlk.s.block_log;
31 41
@@ -36,3 +46,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
36 fragment_buffer_size <<= 20 - block_log; 46 fragment_buffer_size <<= 20 - block_log;
37 data_buffer_size <<= 20 - block_log; 47 data_buffer_size <<= 20 - block_log;
38 initialise_threads(fragment_buffer_size, data_buffer_size); 48 initialise_threads(fragment_buffer_size, data_buffer_size);
49--
502.1.4
51
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch
index c60f7b42af..7c89dc08bd 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch
@@ -1,3 +1,8 @@
1From b8047131516fb39adce68f4734ff5fc178be275b Mon Sep 17 00:00:00 2001
2From: "yanjun.zhu" <yanjun.zhu@windriver.com>
3Date: Wed, 20 May 2015 18:17:45 +0200
4Subject: [PATCH 2/4] Fix open file limit
5
1Upstream-Status: Backport 6Upstream-Status: Backport
2 7
3unsquashfs: fix open file limit 8unsquashfs: fix open file limit
@@ -30,11 +35,16 @@ track the amount of open files.
30 35
31Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> 36Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
32 37
33Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 38Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
39Signed-off-by: Martin Jansa <martin.jansa@lge.com>
40---
41 squashfs-tools/unsquashfs.c | 134 +++++++++++++++++++++++++++++++++++++++++---
42 1 file changed, 126 insertions(+), 8 deletions(-)
34 43
35diff -urpN a/unsquashfs.c b/unsquashfs.c 44diff --git a/unsquashfs.c b/unsquashfs.c
36--- a/unsquashfs.c 2012-11-30 15:31:29.000000000 +0800 45index 4f26e18..d532486 100644
37+++ b/unsquashfs.c 2012-11-30 15:32:03.000000000 +0800 46--- a/unsquashfs.c
47+++ b/unsquashfs.c
38@@ -31,6 +31,8 @@ 48@@ -31,6 +31,8 @@
39 49
40 #include <sys/sysinfo.h> 50 #include <sys/sysinfo.h>
@@ -91,7 +101,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
91 int write_file(struct inode *inode, char *pathname) 101 int write_file(struct inode *inode, char *pathname)
92 { 102 {
93 unsigned int file_fd, i; 103 unsigned int file_fd, i;
94@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char 104@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char *pathname)
95 105
96 TRACE("write_file: regular file, blocks %d\n", inode->blocks); 106 TRACE("write_file: regular file, blocks %d\n", inode->blocks);
97 107
@@ -102,7 +112,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
102 if(file_fd == -1) { 112 if(file_fd == -1) {
103 ERROR("write_file: failed to create file %s, because %s\n", 113 ERROR("write_file: failed to create file %s, because %s\n",
104 pathname, strerror(errno)); 114 pathname, strerror(errno));
105@@ -1712,7 +1754,7 @@ void *writer(void *arg) 115@@ -1707,7 +1749,7 @@ void *writer(void *arg)
106 } 116 }
107 } 117 }
108 118
@@ -111,7 +121,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
111 if(failed == FALSE) 121 if(failed == FALSE)
112 set_attributes(file->pathname, file->mode, file->uid, 122 set_attributes(file->pathname, file->mode, file->uid,
113 file->gid, file->time, file->xattr, force); 123 file->gid, file->time, file->xattr, force);
114@@ -1803,9 +1845,9 @@ void *progress_thread(void *arg) 124@@ -1798,9 +1840,9 @@ void *progress_thread(void *arg)
115 125
116 void initialise_threads(int fragment_buffer_size, int data_buffer_size) 126 void initialise_threads(int fragment_buffer_size, int data_buffer_size)
117 { 127 {
@@ -123,7 +133,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
123 133
124 sigemptyset(&sigmask); 134 sigemptyset(&sigmask);
125 sigaddset(&sigmask, SIGINT); 135 sigaddset(&sigmask, SIGINT);
126@@ -1841,10 +1883,86 @@ void initialise_threads(int fragment_buf 136@@ -1836,10 +1878,86 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
127 EXIT_UNSQUASH("Out of memory allocating thread descriptors\n"); 137 EXIT_UNSQUASH("Out of memory allocating thread descriptors\n");
128 deflator_thread = &thread[3]; 138 deflator_thread = &thread[3];
129 139
@@ -213,3 +223,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
213 fragment_cache = cache_init(block_size, fragment_buffer_size); 223 fragment_cache = cache_init(block_size, fragment_buffer_size);
214 data_cache = cache_init(block_size, data_buffer_size); 224 data_cache = cache_init(block_size, data_buffer_size);
215 pthread_create(&thread[0], NULL, reader, NULL); 225 pthread_create(&thread[0], NULL, reader, NULL);
226--
2272.1.4
228
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
index 57400cdda0..8fdb81030b 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
@@ -30,11 +30,12 @@ S = "${WORKDIR}/squashfs${PV}/squashfs-tools"
30EXTRA_OEMAKE = "MAKEFLAGS= LZMA_SUPPORT=1 LZMA_DIR=../.. XZ_SUPPORT=1" 30EXTRA_OEMAKE = "MAKEFLAGS= LZMA_SUPPORT=1 LZMA_DIR=../.. XZ_SUPPORT=1"
31 31
32do_compile() { 32do_compile() {
33 oe_runmake mksquashfs 33 oe_runmake mksquashfs unsquashfs
34} 34}
35do_install () { 35do_install () {
36 install -d ${D}${sbindir} 36 install -d ${D}${sbindir}
37 install -m 0755 mksquashfs ${D}${sbindir}/ 37 install -m 0755 mksquashfs ${D}${sbindir}/
38 install -m 0755 unsquashfs ${D}${sbindir}/
38} 39}
39 40
40ARM_INSTRUCTION_SET = "arm" 41ARM_INSTRUCTION_SET = "arm"