From 40c60c787b5ab42e2d7b00c55e2d55a22689dc06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nagy=20K=C3=A1roly=20G=C3=A1briel?= Date: Fri, 1 Apr 2016 12:33:17 +0300 Subject: [PATCH] squashfs-tools: Updated (4.2 -> 4.3) --- filesystem/squashfs-tools/CVE-2015-4645.patch | 45 ++++++++++++++ filesystem/squashfs-tools/fix-compat.patch | 62 +++++++++++++++++++ filesystem/squashfs-tools/squashfs-tools.desc | 6 +- filesystem/squashfs-tools/vla-overlow.patch | 37 +++++++++++ 4 files changed, 147 insertions(+), 3 deletions(-) create mode 100644 filesystem/squashfs-tools/CVE-2015-4645.patch create mode 100644 filesystem/squashfs-tools/fix-compat.patch create mode 100644 filesystem/squashfs-tools/vla-overlow.patch diff --git a/filesystem/squashfs-tools/CVE-2015-4645.patch b/filesystem/squashfs-tools/CVE-2015-4645.patch new file mode 100644 index 000000000..96f7a83ad --- /dev/null +++ b/filesystem/squashfs-tools/CVE-2015-4645.patch @@ -0,0 +1,45 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../squashfs-tools/CVE-2015-4645.patch +# Copyright (C) 2016 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ecdaac796f09..2c0cf63daf67 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) + return TRUE; + } + ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); ++ + fragment_table = malloc(bytes); + if(fragment_table == NULL) + EXIT_UNSQUASH("read_fragment_table: failed to allocate " diff --git a/filesystem/squashfs-tools/fix-compat.patch b/filesystem/squashfs-tools/fix-compat.patch new file mode 100644 index 000000000..62131476c --- /dev/null +++ b/filesystem/squashfs-tools/fix-compat.patch @@ -0,0 +1,62 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../squashfs-tools/fix-compat.patch +# Copyright (C) 2016 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +--- squashfs4.3.orig/squashfs-tools/action.c ++++ squashfs4.3/squashfs-tools/action.c +@@ -1905,6 +1905,9 @@ + return 1; + } + ++#ifndef FNM_EXTMATCH ++#define FNM_EXTMATCH 0 ++#endif + + TEST_FN(name, ACTION_ALL_LNK, \ + return fnmatch(atom->argv[0], action_data->name, +--- squashfs4.3.orig/squashfs-tools/mksquashfs.c ++++ squashfs4.3/squashfs-tools/mksquashfs.c +@@ -4391,6 +4391,9 @@ + return paths; + } + ++#ifndef FNM_EXTMATCH ++#define FNM_EXTMATCH 0 ++#endif + + int excluded_match(char *name, struct pathname *path, struct pathnames **new) + { +--- squashfs4.3.orig/squashfs-tools/pseudo.c ++++ squashfs4.3/squashfs-tools/pseudo.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + #include + + #include "pseudo.h" +--- squashfs4.3.orig/squashfs-tools/unsquashfs.c ++++ squashfs4.3/squashfs-tools/unsquashfs.c +@@ -1410,6 +1410,9 @@ + free(paths); + } + ++#ifndef FNM_EXTMATCH ++#define FNM_EXTMATCH 0 ++#endif + + int matches(struct pathnames *paths, char *name, struct pathnames **new) + { diff --git a/filesystem/squashfs-tools/squashfs-tools.desc b/filesystem/squashfs-tools/squashfs-tools.desc index 63b1c07ef..c29cc67e4 100644 --- a/filesystem/squashfs-tools/squashfs-tools.desc +++ b/filesystem/squashfs-tools/squashfs-tools.desc @@ -2,7 +2,7 @@ [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. [COPY] [COPY] Filename: package/.../squashfs-tools/squashfs-tools.desc -[COPY] Copyright (C) 2006 - 2011 The OpenSDE Project +[COPY] Copyright (C) 2006 - 2016 The OpenSDE Project [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project [COPY] Copyright (C) 1998 - 2003 Clifford Wolf [COPY] @@ -31,8 +31,8 @@ [L] GPL [S] Stable -[V] 4.2 +[V] 4.3 [P] X 0?---5---- 110.100 -[D] 1141534360 squashfs4.2.tar.gz http://dl.sourceforge.net/sourceforge/squashfs/ +[D] 3711911978 squashfs4.3.tar.gz http://dl.sourceforge.net/sourceforge/squashfs/ diff --git a/filesystem/squashfs-tools/vla-overlow.patch b/filesystem/squashfs-tools/vla-overlow.patch new file mode 100644 index 000000000..b1e0174fe --- /dev/null +++ b/filesystem/squashfs-tools/vla-overlow.patch @@ -0,0 +1,37 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../squashfs-tools/vla-overlow.patch +# Copyright (C) 2016 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +--- ./squashfs-tools/unsquashfs.c.orig ++++ ./squashfs-tools/unsquashfs.c +@@ -2099,7 +2099,9 @@ + */ + void *inflator(void *arg) + { +- char tmp[block_size]; ++ char *tmp = malloc(block_size); ++ if(tmp == NULL) ++ EXIT_UNSQUASH("Out of memory allocating block buffer\n"); + + while(1) { + struct cache_entry *entry = queue_get(to_inflate); +@@ -2122,6 +2124,7 @@ + */ + cache_block_ready(entry, res == -1); + } ++ free(tmp); + } + +