From e1a2540227250d854d5bba278634bcc9e7572cda Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Thu, 21 May 2015 13:23:15 +0200 Subject: squashfs-tools: enable building unsquashfs and fix squashfs-4.2-fix-CVE-2012-4025.patch * build unsqaushfs, useful when debuging corrupt squashfs from mksquashfs * squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we weren't building and it actually breaks building it, because someone missed squashfs_fs.h change from the original change * add git headers in all patches and fix references to new github repository Signed-off-by: Martin Jansa Signed-off-by: Richard Purdie --- .../squashfs-4.2-fix-CVE-2012-4024.patch | 32 ++++++++++++----- .../squashfs-4.2-fix-CVE-2012-4025.patch | 40 ++++++++++++++++++---- ...dd-a-commment-and-fix-some-other-comments.patch | 27 +++++++++++---- .../squashfs-fix-open-file-limit.patch | 29 +++++++++++----- .../squashfs-tools/squashfs-tools_4.2.bb | 7 ++-- 5 files changed, 101 insertions(+), 34 deletions(-) (limited to 'meta') diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch index 8b9904fd56..52af60206a 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch @@ -1,7 +1,12 @@ +From bf9776123b854ce30a21403e4df4d4f5deb6af91 Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" +Date: Wed, 20 May 2015 18:14:12 +0200 +Subject: [PATCH 3/4] Fix CVE-2012-4024 + Upstream-Status: Backport -Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= -squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 +Reference: +https://github.com/plougher/squashfs-tools/commit/19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line @@ -12,10 +17,16 @@ Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. Signed-off-by: yanjun.zhu -diff -urpN a/unsquashfs.c b/unsquashfs.c ---- a/unsquashfs.c 2012-11-29 17:04:08.000000000 +0800 -+++ b/unsquashfs.c 2012-11-29 17:04:25.000000000 +0800 -@@ -1034,15 +1034,18 @@ void squashfs_closedir(struct dir *dir) +Signed-off-by: Martin Jansa +--- + squashfs-tools/unsquashfs.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/unsquashfs.c b/unsquashfs.c +index d532486..4fc04e8 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c +@@ -1076,15 +1076,18 @@ void squashfs_closedir(struct dir *dir) } @@ -37,7 +48,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c return target; } -@@ -1068,12 +1071,12 @@ void free_path(struct pathname *paths) +@@ -1110,12 +1113,12 @@ void free_path(struct pathname *paths) struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) { @@ -52,7 +63,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(paths == NULL) { paths = malloc(sizeof(struct pathname)); -@@ -1097,7 +1100,7 @@ struct pathname *add_path(struct pathnam +@@ -1139,7 +1142,7 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) sizeof(struct path_entry)); if(paths->name == NULL) EXIT_UNSQUASH("Out of memory in add_path\n"); @@ -61,7 +72,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c paths->name[i].paths = NULL; if(use_regex) { paths->name[i].preg = malloc(sizeof(regex_t)); -@@ -1130,6 +1133,8 @@ struct pathname *add_path(struct pathnam +@@ -1172,6 +1175,8 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget) /* * existing matching entry */ @@ -70,3 +81,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(paths->name[i].paths == NULL) { /* * No sub-directory which means this is the leaf +-- +2.1.4 + diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch index 0dabfba663..a5cdecf95b 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch @@ -1,7 +1,11 @@ +From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" +Date: Wed, 20 May 2015 18:18:47 +0200 +Subject: [PATCH 4/4] Fix CVE-2012-4025 + Upstream-Status: Backport -Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? -p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e +Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers @@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 -Signed-off-by: yanjun.zhu +Signed-off-by: yanjun.zhu +Signed-off-by: Martin Jansa +--- + squashfs-tools/squashfs_fs.h | 1 + + squashfs-tools/unsquashfs.c | 110 +++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 103 insertions(+), 8 deletions(-) ---- a/unsquashfs.c 2012-11-30 17:57:57.000000000 +0800 -+++ b/unsquashfs.c 2012-11-30 17:58:09.000000000 +0800 +diff --git a/squashfs_fs.h b/squashfs_fs.h +index d4fba1b..6227be2 100644 +--- a/squashfs_fs.h ++++ b/squashfs_fs.h +@@ -39,6 +39,7 @@ + #define SQUASHFS_FILE_LOG 17 + + #define SQUASHFS_FILE_MAX_SIZE 1048576 ++#define SQUASHFS_FILE_MAX_LOG 20 + + /* Max number of uids and gids */ + #define SQUASHFS_IDS 65536 +diff --git a/unsquashfs.c b/unsquashfs.c +index 4fc04e8..078d6ca 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c @@ -33,6 +33,7 @@ #include #include @@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu queue->data = malloc(sizeof(void *) * (size + 1)); if(queue->data == NULL) EXIT_UNSQUASH("Out of memory in queue_init\n"); -@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf +@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size) * allocate to_reader, to_deflate and to_writer queues. Set based on * open file limit and cache size, unless open file limit is unlimited, * in which case set purely based on cache limits @@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu to_reader = queue_init(all_buffers_size); to_deflate = queue_init(all_buffers_size); -@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon +@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns) } @@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu initialise_threads(fragment_buffer_size, data_buffer_size); fragment_data = malloc(block_size); +-- +2.1.4 + diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch index fa075f9e7d..9d3a300a03 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch @@ -1,13 +1,23 @@ +From 376dcb8ce2c9a6dab59e0a62a86549a490dee014 Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" +Date: Wed, 20 May 2015 18:16:53 +0200 +Subject: [PATCH 1/4] Add a comment and fix some other comments + Upstream-Status: Backport unsquashfs: add a commment and fix some other comments -Signed-off-by: yanjun.zhu +Signed-off-by: yanjun.zhu +Signed-off-by: Martin Jansa +--- + squashfs-tools/unsquashfs.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) -diff -urpN a/unsquashfs.c b/unsquashfs.c ---- a/unsquashfs.c 2012-11-30 15:27:14.000000000 +0800 -+++ b/unsquashfs.c 2012-11-30 15:27:56.000000000 +0800 -@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char +diff --git a/unsquashfs.c b/unsquashfs.c +index 529dfac..4f26e18 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c +@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char *pathname) /* * the writer thread is queued a squashfs_file structure describing the @@ -16,7 +26,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c * queued separately (references to blocks in the cache). */ file->fd = file_fd; -@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char +@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char *pathname) block->offset = 0; block->size = i == file_end ? inode->data & (block_size - 1) : block_size; @@ -25,7 +35,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c block->buffer = NULL; else { block->buffer = cache_get(data_cache, start, -@@ -2161,6 +2161,10 @@ options: +@@ -2156,6 +2156,10 @@ options: block_size = sBlk.s.block_size; block_log = sBlk.s.block_log; @@ -36,3 +46,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c fragment_buffer_size <<= 20 - block_log; data_buffer_size <<= 20 - block_log; initialise_threads(fragment_buffer_size, data_buffer_size); +-- +2.1.4 + diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch index c60f7b42af..7c89dc08bd 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch @@ -1,3 +1,8 @@ +From b8047131516fb39adce68f4734ff5fc178be275b Mon Sep 17 00:00:00 2001 +From: "yanjun.zhu" +Date: Wed, 20 May 2015 18:17:45 +0200 +Subject: [PATCH 2/4] Fix open file limit + Upstream-Status: Backport unsquashfs: fix open file limit @@ -30,11 +35,16 @@ track the amount of open files. Signed-off-by: Phillip Lougher -Signed-off-by: yanjun.zhu +Signed-off-by: yanjun.zhu +Signed-off-by: Martin Jansa +--- + squashfs-tools/unsquashfs.c | 134 +++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 126 insertions(+), 8 deletions(-) -diff -urpN a/unsquashfs.c b/unsquashfs.c ---- a/unsquashfs.c 2012-11-30 15:31:29.000000000 +0800 -+++ b/unsquashfs.c 2012-11-30 15:32:03.000000000 +0800 +diff --git a/unsquashfs.c b/unsquashfs.c +index 4f26e18..d532486 100644 +--- a/unsquashfs.c ++++ b/unsquashfs.c @@ -31,6 +31,8 @@ #include @@ -91,7 +101,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c int write_file(struct inode *inode, char *pathname) { unsigned int file_fd, i; -@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char +@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char *pathname) TRACE("write_file: regular file, blocks %d\n", inode->blocks); @@ -102,7 +112,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(file_fd == -1) { ERROR("write_file: failed to create file %s, because %s\n", pathname, strerror(errno)); -@@ -1712,7 +1754,7 @@ void *writer(void *arg) +@@ -1707,7 +1749,7 @@ void *writer(void *arg) } } @@ -111,7 +121,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c if(failed == FALSE) set_attributes(file->pathname, file->mode, file->uid, file->gid, file->time, file->xattr, force); -@@ -1803,9 +1845,9 @@ void *progress_thread(void *arg) +@@ -1798,9 +1840,9 @@ void *progress_thread(void *arg) void initialise_threads(int fragment_buffer_size, int data_buffer_size) { @@ -123,7 +133,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); -@@ -1841,10 +1883,86 @@ void initialise_threads(int fragment_buf +@@ -1836,10 +1878,86 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size) EXIT_UNSQUASH("Out of memory allocating thread descriptors\n"); deflator_thread = &thread[3]; @@ -213,3 +223,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c fragment_cache = cache_init(block_size, fragment_buffer_size); data_cache = cache_init(block_size, data_buffer_size); pthread_create(&thread[0], NULL, reader, NULL); +-- +2.1.4 + diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb index 57400cdda0..8fdb81030b 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb @@ -30,11 +30,12 @@ S = "${WORKDIR}/squashfs${PV}/squashfs-tools" EXTRA_OEMAKE = "MAKEFLAGS= LZMA_SUPPORT=1 LZMA_DIR=../.. XZ_SUPPORT=1" do_compile() { - oe_runmake mksquashfs + oe_runmake mksquashfs unsquashfs } do_install () { - install -d ${D}${sbindir} - install -m 0755 mksquashfs ${D}${sbindir}/ + install -d ${D}${sbindir} + install -m 0755 mksquashfs ${D}${sbindir}/ + install -m 0755 unsquashfs ${D}${sbindir}/ } ARM_INSTRUCTION_SET = "arm" -- cgit 1.2.3-korg