From 21fdc5cafaa2049fc394886159a4303bf83f6615 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Thu, 3 Oct 2019 19:01:26 +0000
Subject: user/squashfs-tools: [CVE] bump to 4.4, modernise (#163)

---
 ...fix-rare-race-in-fragment-waiting-in-file.patch | 60 ----------------------
 user/squashfs-tools/APKBUILD                       | 31 +++++------
 user/squashfs-tools/CVE-2015-4645.patch            | 29 -----------
 user/squashfs-tools/fix-compat.patch               | 28 ++++------
 user/squashfs-tools/vla-overlow.patch              | 21 --------
 5 files changed, 23 insertions(+), 146 deletions(-)
 delete mode 100644 user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch
 delete mode 100644 user/squashfs-tools/CVE-2015-4645.patch
 delete mode 100644 user/squashfs-tools/vla-overlow.patch

(limited to 'user/squashfs-tools')

diff --git a/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch b/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch
deleted file mode 100644
index 51f588818..000000000
--- a/user/squashfs-tools/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From de03266983ceb62e5365aac84fcd3b2fd4d16e6f Mon Sep 17 00:00:00 2001
-From: Phillip Lougher <phillip@squashfs.org.uk>
-Date: Thu, 18 Sep 2014 01:28:11 +0100
-Subject: [PATCH] mksquashfs: fix rare race in fragment waiting in filesystem
- finalisation
-
-Fix a rare race condition in fragment waiting when finalising the
-filesystem.  This is a race condition that was initially fixed in 2009,
-but inadvertantly re-introduced in the latest release when the code
-was rewritten.
-
-Background:
-
-When finalising the filesystem, the main control thread needs to ensure
-all the in-flight fragments have been queued to the writer thread before
-asking the writer thread to finish, and then writing the metadata.
-
-It does this by waiting on the fragments_outstanding counter.  Once this
-counter reaches 0, it synchronises with the writer thread, waiting until
-the writer thread reports no outstanding data to be written.
-
-However, the main thread can race with the fragment deflator thread(s)
-because the fragment deflator thread(s) decrement the fragments_outstanding
-counter and release the mutex before queueing the compressed fragment
-to the writer thread, i.e. the offending code is:
-
-                        fragments_outstanding --;
-                        pthread_mutex_unlock(&fragment_mutex);
-                        queue_put(to_writer, write_buffer);
-
-In extremely rare circumstances, the main thread may see the
-fragments_outstanding counter is zero before the fragment
-deflator sends the fragment buffer to the writer thread, and synchronise
-with the writer thread, and finalise before the fragment has been written.
-
-The fix is to ensure the fragment is queued to the writer thread
-before releasing the mutex.
-
-Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
----
- squashfs-tools/mksquashfs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
-index 87b7d86..f1fcff1 100644
---- a/squashfs-tools/mksquashfs.c
-+++ b/squashfs-tools/mksquashfs.c
-@@ -2419,8 +2419,8 @@ void *frag_deflator(void *arg)
- 			write_buffer->block = bytes;
- 			bytes += compressed_size;
- 			fragments_outstanding --;
--			pthread_mutex_unlock(&fragment_mutex);
- 			queue_put(to_writer, write_buffer);
-+			pthread_mutex_unlock(&fragment_mutex);
- 			TRACE("Writing fragment %lld, uncompressed size %d, "
- 				"compressed size %d\n", file_buffer->block,
- 				file_buffer->size, compressed_size);
--- 
-2.10.2
-
diff --git a/user/squashfs-tools/APKBUILD b/user/squashfs-tools/APKBUILD
index 227faf11d..c25eb0a83 100644
--- a/user/squashfs-tools/APKBUILD
+++ b/user/squashfs-tools/APKBUILD
@@ -1,35 +1,32 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=squashfs-tools
-pkgver=4.3
-pkgrel=5
+pkgver=4.4
+pkgrel=0
 pkgdesc="Tools for SquashFS, a highly compressed read-only filesystem"
 url="http://squashfs.sourceforge.net"
 arch="all"
 options="!check"  # No test suite.
 license="GPL-2.0+"
-depends=
-makedepends="zlib-dev xz-dev lzo-dev lz4-dev attr-dev"
-source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
+depends=""
+makedepends="attr-dev lz4-dev lzo-dev xz-dev zlib-dev"
+source="https://downloads.sourceforge.net/squashfs/squashfs$pkgver.tar.gz
 	fix-compat.patch
-	vla-overlow.patch
-	CVE-2015-4645.patch
-	0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch
-"
-builddir="$srcdir/squashfs$pkgver"
+	"
+builddir="$srcdir/squashfs$pkgver/$pkgname"
+
+# secfixes:
+#   4.4-r0:
+#     - CVE-2015-4645
+#     - CVE-2015-4646
 
 build() {
-	cd "$builddir"/$pkgname
 	make XZ_SUPPORT=1 LZO_SUPPORT=1 LZ4_SUPPORT=1
 }
 
 package() {
-	cd "$builddir"/$pkgname
 	mkdir -p "$pkgdir"/sbin
 	cp -a mksquashfs unsquashfs "$pkgdir"/sbin
 }
 
-sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79  squashfs4.3.tar.gz
-868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140  fix-compat.patch
-975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360  vla-overlow.patch
-77431a0a4a529ce63f1613a65a23af2fb8683a16d14ad1a5cfed3a9fac4df6a1212f081d1879ede188a25b77e860445058012131423c546657fb562069865d2c  CVE-2015-4645.patch
-1b2338a448ec8a2b75880ddc8c13f99392451847ab26277e1bc82b49a3a804796934e212dd1ba54a502940537a61891ee0103e913d0bda65cff0ca2827b8b41c  0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch"
+sha512sums="e7119f82cea0eda8dffcbf15c9ee511ad457e004bfc0c5a5685e84785e49cf34f3c053036449af6bba0012cef48426f65958c97b9958d58f1b31175cb0bbbe24  squashfs4.4.tar.gz
+12f5739aa32b9e15ba3d22e5953034f17867a8837475f13bde5bbc378dbded0483cde42c0cdfc5d33ab3723b9de752c71b5ba8f4301ca7b59aa4054d669c262d  fix-compat.patch"
diff --git a/user/squashfs-tools/CVE-2015-4645.patch b/user/squashfs-tools/CVE-2015-4645.patch
deleted file mode 100644
index f69025f18..000000000
--- a/user/squashfs-tools/CVE-2015-4645.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
-index ecdaac796f09..2c0cf63daf67 100644
---- a/squashfs-tools/unsquash-4.c
-+++ b/squashfs-tools/unsquash-4.c
-@@ -31,9 +31,9 @@ static unsigned int *id_table;
- int read_fragment_table_4(long long *directory_table_end)
- {
- 	int res, i;
--	int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
--	int  indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
--	long long fragment_table_index[indexes];
-+	size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
-+	size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
-+	long long *fragment_table_index;
- 
- 	TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
- 		"from 0x%llx\n", sBlk.s.fragments, indexes,
-@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
- 		return TRUE;
- 	}
- 
-+	fragment_table_index = malloc(indexes*sizeof(long long));
-+	if(fragment_table_index == NULL)
-+		EXIT_UNSQUASH("read_fragment_table: failed to allocate "
-+			"fragment table index\n");
-+
- 	fragment_table = malloc(bytes);
- 	if(fragment_table == NULL)
- 		EXIT_UNSQUASH("read_fragment_table: failed to allocate "
diff --git a/user/squashfs-tools/fix-compat.patch b/user/squashfs-tools/fix-compat.patch
index 2a3b33ca9..e93b6b827 100644
--- a/user/squashfs-tools/fix-compat.patch
+++ b/user/squashfs-tools/fix-compat.patch
@@ -1,6 +1,6 @@
---- squashfs4.3.orig/squashfs-tools/action.c
-+++ squashfs4.3/squashfs-tools/action.c
-@@ -1905,6 +1905,9 @@
+--- squashfs-tools/action.c
++++ squashfs-tools/action.c
+@@ -2236,6 +2236,9 @@
  	return 1;
  }
  
@@ -10,9 +10,9 @@
  
  TEST_FN(name, ACTION_ALL_LNK, \
  	return fnmatch(atom->argv[0], action_data->name,
---- squashfs4.3.orig/squashfs-tools/mksquashfs.c
-+++ squashfs4.3/squashfs-tools/mksquashfs.c
-@@ -4391,6 +4391,9 @@
+--- squashfs-tools/mksquashfs.c
++++ squashfs-tools/mksquashfs.c
+@@ -4665,6 +4665,9 @@
  	return paths;
  }
  
@@ -22,19 +22,9 @@
  
  int excluded_match(char *name, struct pathname *path, struct pathnames **new)
  {
---- squashfs4.3.orig/squashfs-tools/pseudo.c
-+++ squashfs4.3/squashfs-tools/pseudo.c
-@@ -32,6 +32,7 @@
- #include <stdlib.h>
- #include <sys/types.h>
- #include <sys/wait.h>
-+#include <sys/stat.h>
- #include <ctype.h>
- 
- #include "pseudo.h"
---- squashfs4.3.orig/squashfs-tools/unsquashfs.c
-+++ squashfs4.3/squashfs-tools/unsquashfs.c
-@@ -1410,6 +1410,9 @@
+--- squashfs-tools/unsquashfs.c
++++ squashfs-tools/unsquashfs.c
+@@ -1457,6 +1457,9 @@
  	free(paths);
  }
  
diff --git a/user/squashfs-tools/vla-overlow.patch b/user/squashfs-tools/vla-overlow.patch
deleted file mode 100644
index a9840fe01..000000000
--- a/user/squashfs-tools/vla-overlow.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- ./squashfs-tools/unsquashfs.c.orig
-+++ ./squashfs-tools/unsquashfs.c
-@@ -2099,7 +2099,9 @@
-  */
- void *inflator(void *arg)
- {
--	char tmp[block_size];
-+	char *tmp = malloc(block_size);
-+	if(tmp == NULL)
-+		EXIT_UNSQUASH("Out of memory allocating block buffer\n");
- 
- 	while(1) {
- 		struct cache_entry *entry = queue_get(to_inflate);
-@@ -2122,6 +2124,7 @@
-  		 */ 
- 		cache_block_ready(entry, res == -1);
- 	}
-+	free(tmp);
- }
- 
- 
-- 
cgit v1.2.3-60-g2f50