1 files changed, 33 insertions, 7 deletions

diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
index 0dabfba663..a5cdecf95b 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
@@ -1,7 +1,11 @@
+From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:18:47 +0200
+Subject: [PATCH 4/4] Fix CVE-2012-4025
+
 Upstream-Status: Backport
 
-Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
-p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
+Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e
 
 Integer overflow in the queue_init function in unsquashfs.c in
 unsquashfs in Squashfs 4.2 and earlier allows remote attackers
@@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow.
 
 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
 
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/squashfs_fs.h |   1 +
+ squashfs-tools/unsquashfs.c  | 110 +++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 103 insertions(+), 8 deletions(-)
 
---- a/unsquashfs.c      2012-11-30 17:57:57.000000000 +0800
-+++ b/unsquashfs.c      2012-11-30 17:58:09.000000000 +0800
+diff --git a/squashfs_fs.h b/squashfs_fs.h
+index d4fba1b..6227be2 100644
+--- a/squashfs_fs.h
++++ b/squashfs_fs.h
+@@ -39,6 +39,7 @@
+ #define SQUASHFS_FILE_LOG              17
+ 
+ #define SQUASHFS_FILE_MAX_SIZE         1048576
++#define SQUASHFS_FILE_MAX_LOG          20
+ 
+ /* Max number of uids and gids */
+ #define SQUASHFS_IDS                   65536
+diff --git a/unsquashfs.c b/unsquashfs.c
+index 4fc04e8..078d6ca 100644
+--- a/unsquashfs.c
++++ b/unsquashfs.c
 @@ -33,6 +33,7 @@
  #include <sys/types.h>
  #include <sys/time.h>
@@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
         queue->data = malloc(sizeof(void *) * (size + 1));
         if(queue->data == NULL)
                 EXIT_UNSQUASH("Out of memory in queue_init\n");
-@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf
+@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
          * allocate to_reader, to_deflate and to_writer queues.  Set based on
          * open file limit and cache size, unless open file limit is unlimited,
          * in which case set purely based on cache limits
@@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
  
                 to_reader = queue_init(all_buffers_size);
                 to_deflate = queue_init(all_buffers_size);
-@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon
+@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns)
  }
  
  
@@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
         initialise_threads(fragment_buffer_size, data_buffer_size);
  
         fragment_data = malloc(block_size);
+-- 
+2.1.4
+