diff options
Diffstat (limited to 'user/squashfs-tools')
-rw-r--r-- | user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch | 60 | ||||
-rw-r--r-- | user/squashfs-tools/APKBUILD | 39 | ||||
-rw-r--r-- | user/squashfs-tools/CVE-2015-4645.patch | 29 | ||||
-rw-r--r-- | user/squashfs-tools/fix-compat.patch | 38 | ||||
-rw-r--r-- | user/squashfs-tools/vla-overlow.patch | 21 |
5 files changed, 32 insertions, 155 deletions
diff --git a/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch b/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch deleted file mode 100644 index 51f588818..000000000 --- a/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch +++ /dev/null @@ -1,60 +0,0 @@ -From de03266983ceb62e5365aac84fcd3b2fd4d16e6f Mon Sep 17 00:00:00 2001 -From: Phillip Lougher <phillip@squashfs.org.uk> -Date: Thu, 18 Sep 2014 01:28:11 +0100 -Subject: [PATCH] mksquashfs: fix rare race in fragment waiting in filesystem - finalisation - -Fix a rare race condition in fragment waiting when finalising the -filesystem. This is a race condition that was initially fixed in 2009, -but inadvertantly re-introduced in the latest release when the code -was rewritten. - -Background: - -When finalising the filesystem, the main control thread needs to ensure -all the in-flight fragments have been queued to the writer thread before -asking the writer thread to finish, and then writing the metadata. - -It does this by waiting on the fragments_outstanding counter. Once this -counter reaches 0, it synchronises with the writer thread, waiting until -the writer thread reports no outstanding data to be written. - -However, the main thread can race with the fragment deflator thread(s) -because the fragment deflator thread(s) decrement the fragments_outstanding -counter and release the mutex before queueing the compressed fragment -to the writer thread, i.e. the offending code is: - - fragments_outstanding --; - pthread_mutex_unlock(&fragment_mutex); - queue_put(to_writer, write_buffer); - -In extremely rare circumstances, the main thread may see the -fragments_outstanding counter is zero before the fragment -deflator sends the fragment buffer to the writer thread, and synchronise -with the writer thread, and finalise before the fragment has been written. - -The fix is to ensure the fragment is queued to the writer thread -before releasing the mutex. - -Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> ---- - squashfs-tools/mksquashfs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c -index 87b7d86..f1fcff1 100644 ---- a/squashfs-tools/mksquashfs.c -+++ b/squashfs-tools/mksquashfs.c -@@ -2419,8 +2419,8 @@ void *frag_deflator(void *arg) - write_buffer->block = bytes; - bytes += compressed_size; - fragments_outstanding --; -- pthread_mutex_unlock(&fragment_mutex); - queue_put(to_writer, write_buffer); -+ pthread_mutex_unlock(&fragment_mutex); - TRACE("Writing fragment %lld, uncompressed size %d, " - "compressed size %d\n", file_buffer->block, - file_buffer->size, compressed_size); --- -2.10.2 - diff --git a/user/squashfs-tools/APKBUILD b/user/squashfs-tools/APKBUILD index 227faf11d..be6eddb44 100644 --- a/user/squashfs-tools/APKBUILD +++ b/user/squashfs-tools/APKBUILD @@ -1,35 +1,32 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=squashfs-tools -pkgver=4.3 -pkgrel=5 +pkgver=4.6.1 +pkgrel=0 pkgdesc="Tools for SquashFS, a highly compressed read-only filesystem" -url="http://squashfs.sourceforge.net" +url="https://squashfs.sourceforge.net" arch="all" options="!check" # No test suite. license="GPL-2.0+" -depends= -makedepends="zlib-dev xz-dev lzo-dev lz4-dev attr-dev" -source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz +depends="" +makedepends="attr-dev lz4-dev lzo-dev xz-dev zlib-dev" +source="https://downloads.sourceforge.net/squashfs/squashfs$pkgver.tar.gz fix-compat.patch - vla-overlow.patch - CVE-2015-4645.patch - 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch -" -builddir="$srcdir/squashfs$pkgver" + " + +# secfixes: +# 4.3-r5: +# - CVE-2015-4645 +# 4.4-r0: +# - CVE-2015-4646 build() { - cd "$builddir"/$pkgname - make XZ_SUPPORT=1 LZO_SUPPORT=1 LZ4_SUPPORT=1 + make XZ_SUPPORT=1 LZO_SUPPORT=1 LZ4_SUPPORT=1 -C squashfs-tools } package() { - cd "$builddir"/$pkgname - mkdir -p "$pkgdir"/sbin - cp -a mksquashfs unsquashfs "$pkgdir"/sbin + mkdir -p "$pkgdir"/usr/sbin + cp -a squashfs-tools/mksquashfs squashfs-tools/unsquashfs "$pkgdir"/usr/sbin } -sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz -868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch -975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch -77431a0a4a529ce63f1613a65a23af2fb8683a16d14ad1a5cfed3a9fac4df6a1212f081d1879ede188a25b77e860445058012131423c546657fb562069865d2c CVE-2015-4645.patch -1b2338a448ec8a2b75880ddc8c13f99392451847ab26277e1bc82b49a3a804796934e212dd1ba54a502940537a61891ee0103e913d0bda65cff0ca2827b8b41c 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch" +sha512sums="10e8a4b1e2327e062aef4f85860e76ebcd7a29e4c19e152ff7edec4a38316982b5bcfde4ab69da6bcb931258d264c2b6cb40cb5f635f9e6f6eba1ed5976267cb squashfs4.6.1.tar.gz +7572f2fab6357525bc607a8db92b0c1f5fc7d482e935c3ee1828543a3de474162b71b8441f77ee1656873def8593d99158b14c55ec44799f22eed2978aa19147 fix-compat.patch" diff --git a/user/squashfs-tools/CVE-2015-4645.patch b/user/squashfs-tools/CVE-2015-4645.patch deleted file mode 100644 index f69025f18..000000000 --- a/user/squashfs-tools/CVE-2015-4645.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c -index ecdaac796f09..2c0cf63daf67 100644 ---- a/squashfs-tools/unsquash-4.c -+++ b/squashfs-tools/unsquash-4.c -@@ -31,9 +31,9 @@ static unsigned int *id_table; - int read_fragment_table_4(long long *directory_table_end) - { - int res, i; -- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); -- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); -- long long fragment_table_index[indexes]; -+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); -+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); -+ long long *fragment_table_index; - - TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " - "from 0x%llx\n", sBlk.s.fragments, indexes, -@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) - return TRUE; - } - -+ fragment_table_index = malloc(indexes*sizeof(long long)); -+ if(fragment_table_index == NULL) -+ EXIT_UNSQUASH("read_fragment_table: failed to allocate " -+ "fragment table index\n"); -+ - fragment_table = malloc(bytes); - if(fragment_table == NULL) - EXIT_UNSQUASH("read_fragment_table: failed to allocate " diff --git a/user/squashfs-tools/fix-compat.patch b/user/squashfs-tools/fix-compat.patch index 2a3b33ca9..adc7e420d 100644 --- a/user/squashfs-tools/fix-compat.patch +++ b/user/squashfs-tools/fix-compat.patch @@ -1,6 +1,6 @@ ---- squashfs4.3.orig/squashfs-tools/action.c -+++ squashfs4.3/squashfs-tools/action.c -@@ -1905,6 +1905,9 @@ +--- a/squashfs-tools/action.c ++++ b/squashfs-tools/action.c +@@ -2562,6 +2562,9 @@ return 1; } @@ -10,31 +10,21 @@ TEST_FN(name, ACTION_ALL_LNK, \ return fnmatch(atom->argv[0], action_data->name, ---- squashfs4.3.orig/squashfs-tools/mksquashfs.c -+++ squashfs4.3/squashfs-tools/mksquashfs.c -@@ -4391,6 +4391,9 @@ - return paths; +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -4557,6 +4557,9 @@ + return source; } +#ifndef FNM_EXTMATCH +#define FNM_EXTMATCH 0 +#endif - int excluded_match(char *name, struct pathname *path, struct pathnames **new) - { ---- squashfs4.3.orig/squashfs-tools/pseudo.c -+++ squashfs4.3/squashfs-tools/pseudo.c -@@ -32,6 +32,7 @@ - #include <stdlib.h> - #include <sys/types.h> - #include <sys/wait.h> -+#include <sys/stat.h> - #include <ctype.h> - - #include "pseudo.h" ---- squashfs4.3.orig/squashfs-tools/unsquashfs.c -+++ squashfs4.3/squashfs-tools/unsquashfs.c -@@ -1410,6 +1410,9 @@ + static struct dir_info *add_source(struct dir_info *sdir, char *source, + char *subpath, char *file, char **prefix, +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1450,6 +1450,9 @@ free(paths); } @@ -42,5 +32,5 @@ +#define FNM_EXTMATCH 0 +#endif - int matches(struct pathnames *paths, char *name, struct pathnames **new) - { + struct pathname *add_path(struct pathname *paths, int type, char *target, + char *alltarget) diff --git a/user/squashfs-tools/vla-overlow.patch b/user/squashfs-tools/vla-overlow.patch deleted file mode 100644 index a9840fe01..000000000 --- a/user/squashfs-tools/vla-overlow.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- ./squashfs-tools/unsquashfs.c.orig -+++ ./squashfs-tools/unsquashfs.c -@@ -2099,7 +2099,9 @@ - */ - void *inflator(void *arg) - { -- char tmp[block_size]; -+ char *tmp = malloc(block_size); -+ if(tmp == NULL) -+ EXIT_UNSQUASH("Out of memory allocating block buffer\n"); - - while(1) { - struct cache_entry *entry = queue_get(to_inflate); -@@ -2122,6 +2124,7 @@ - */ - cache_block_ready(entry, res == -1); - } -+ free(tmp); - } - - |