squashfs-tools: enable building unsquashfs and fix squashfs-4.2-fix-CVE-2012-4025.patch

* build unsqaushfs, useful when debuging corrupt squashfs from mksquashfs * squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we weren't building and it actually breaks building it, because someone missed squashfs_fs.h change from the original change * add git headers in all patches and fix references to new github repository (From OE-Core rev: e1a2540227250d854d5bba278634bcc9e7572cda) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2015-05-21 13:23:15 +02:00
parent 9e4aad97c3
commit b9ec9f7425
5 changed files with 101 additions and 34 deletions
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4024.patch
@@ -1,7 +1,12 @@
+From bf9776123b854ce30a21403e4df4d4f5deb6af91 Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:14:12 +0200
+Subject: [PATCH 3/4] Fix CVE-2012-4024
+
 Upstream-Status: Backport

-Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
-squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123
+Reference:
+https://github.com/plougher/squashfs-tools/commit/19c38fba0be1ce949ab44310d7f49887576cc123

 Fix potential stack overflow in get_component() where an individual
 pathname component in an extract file (specified on the command line
@@ -12,10 +17,16 @@ Fix by dynamically allocating targname rather than storing it as
 a fixed size on the stack.

 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-diff -urpN a/unsquashfs.c b/unsquashfs.c
--- a/unsquashfs.c	2012-11-29 17:04:08.000000000 +0800
-+++ b/unsquashfs.c	2012-11-29 17:04:25.000000000 +0800
-@@ -1034,15 +1034,18 @@ void squashfs_closedir(struct dir *dir)
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/unsquashfs.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/unsquashfs.c b/unsquashfs.c
+index d532486..4fc04e8 100644
+--- a/unsquashfs.c
+++ b/unsquashfs.c
+@@ -1076,15 +1076,18 @@ void squashfs_closedir(struct dir *dir)
 }
 
 
@@ -37,7 +48,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 
 	return target;
 }
-@@ -1068,12 +1071,12 @@ void free_path(struct pathname *paths)
+@@ -1110,12 +1113,12 @@ void free_path(struct pathname *paths)
 
 struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
 {
@@ -52,7 +63,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 
 	if(paths == NULL) {
 		paths = malloc(sizeof(struct pathname));
-@@ -1097,7 +1100,7 @@ struct pathname *add_path(struct pathnam
+@@ -1139,7 +1142,7 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
 			sizeof(struct path_entry));
 		if(paths->name == NULL)
 			EXIT_UNSQUASH("Out of memory in add_path\n");	
@@ -61,7 +72,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 		paths->name[i].paths = NULL;
 		if(use_regex) {
 			paths->name[i].preg = malloc(sizeof(regex_t));
-@@ -1130,6 +1133,8 @@ struct pathname *add_path(struct pathnam
+@@ -1172,6 +1175,8 @@ struct pathname *add_path(struct pathname *paths, char *target, char *alltarget)
 		/*
 		 * existing matching entry
 		 */
@@ -70,3 +81,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 		if(paths->name[i].paths == NULL) {
 			/*
 			 * No sub-directory which means this is the leaf
+-- 
+2.1.4
+
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-4.2-fix-CVE-2012-4025.patch
@@ -1,7 +1,11 @@
+From fef997df2a1d6609af55e30eb67b65c786588fcb Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:18:47 +0200
+Subject: [PATCH 4/4] Fix CVE-2012-4025
+
 Upstream-Status: Backport

-Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
-p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
+Reference: https://github.com/plougher/squashfs-tools/commit/8515b3d420f502c5c0236b86e2d6d7e3b23c190e

 Integer overflow in the queue_init function in unsquashfs.c in
 unsquashfs in Squashfs 4.2 and earlier allows remote attackers
@@ -10,10 +14,29 @@ superblock of a .sqsh file, leading to a heap-based buffer overflow.

 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/squashfs_fs.h |   1 +
+ squashfs-tools/unsquashfs.c  | 110 +++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 103 insertions(+), 8 deletions(-)

--- a/unsquashfs.c	2012-11-30 17:57:57.000000000 +0800
-+++ b/unsquashfs.c	2012-11-30 17:58:09.000000000 +0800
+diff --git a/squashfs_fs.h b/squashfs_fs.h
+index d4fba1b..6227be2 100644
+--- a/squashfs_fs.h
+++ b/squashfs_fs.h
+@@ -39,6 +39,7 @@
+ #define SQUASHFS_FILE_LOG		17
+ 
+ #define SQUASHFS_FILE_MAX_SIZE		1048576
+#define SQUASHFS_FILE_MAX_LOG		20
+ 
+ /* Max number of uids and gids */
+ #define SQUASHFS_IDS			65536
+diff --git a/unsquashfs.c b/unsquashfs.c
+index 4fc04e8..078d6ca 100644
+--- a/unsquashfs.c
+++ b/unsquashfs.c
@@ -33,6 +33,7 @@
 #include <sys/types.h>
 #include <sys/time.h>
@@ -58,7 +81,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
 	queue->data = malloc(sizeof(void *) * (size + 1));
 	if(queue->data == NULL)
 		EXIT_UNSQUASH("Out of memory in queue_init\n");
-@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buf
+@@ -1948,13 +1971,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
 	 * allocate to_reader, to_deflate and to_writer queues.  Set based on
 	 * open file limit and cache size, unless open file limit is unlimited,
 	 * in which case set purely based on cache limits
@@ -90,7 +113,7 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
 
 		to_reader = queue_init(all_buffers_size);
 		to_deflate = queue_init(all_buffers_size);
-@@ -2059,6 +2099,32 @@ void progress_bar(long long current, lon
+@@ -2059,6 +2099,32 @@ void progress_bar(long long current, long long max, int columns)
 }
 
 
@@ -188,3 +211,6 @@ Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
 	initialise_threads(fragment_buffer_size, data_buffer_size);
 
 	fragment_data = malloc(block_size);
+-- 
+2.1.4
+
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-add-a-commment-and-fix-some-other-comments.patch
@@ -1,13 +1,23 @@
+From 376dcb8ce2c9a6dab59e0a62a86549a490dee014 Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:16:53 +0200
+Subject: [PATCH 1/4] Add a comment and fix some other comments
+
 Upstream-Status: Backport

 unsquashfs: add a commment and fix some other comments

-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/unsquashfs.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)

-diff -urpN a/unsquashfs.c b/unsquashfs.c
--- a/unsquashfs.c	2012-11-30 15:27:14.000000000 +0800
-+++ b/unsquashfs.c	2012-11-30 15:27:56.000000000 +0800
-@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char
+diff --git a/unsquashfs.c b/unsquashfs.c
+index 529dfac..4f26e18 100644
+--- a/unsquashfs.c
+++ b/unsquashfs.c
+@@ -814,7 +814,7 @@ int write_file(struct inode *inode, char *pathname)
 
 	/*
 	 * the writer thread is queued a squashfs_file structure describing the
@@ -16,7 +26,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
  	 * queued separately (references to blocks in the cache).
  	 */
 	file->fd = file_fd;
-@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char
+@@ -838,7 +838,7 @@ int write_file(struct inode *inode, char *pathname)
 		block->offset = 0;
 		block->size = i == file_end ? inode->data & (block_size - 1) :
 			block_size;
@@ -25,7 +35,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 			block->buffer = NULL;
 		else {
 			block->buffer = cache_get(data_cache, start,
-@@ -2161,6 +2161,10 @@ options:
+@@ -2156,6 +2156,10 @@ options:
 	block_size = sBlk.s.block_size;
 	block_log = sBlk.s.block_log;
 
@@ -36,3 +46,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 	fragment_buffer_size <<= 20 - block_log;
 	data_buffer_size <<= 20 - block_log;
 	initialise_threads(fragment_buffer_size, data_buffer_size);
+-- 
+2.1.4
+
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-fix-open-file-limit.patch
@@ -1,3 +1,8 @@
+From b8047131516fb39adce68f4734ff5fc178be275b Mon Sep 17 00:00:00 2001
+From: "yanjun.zhu" <yanjun.zhu@windriver.com>
+Date: Wed, 20 May 2015 18:17:45 +0200
+Subject: [PATCH 2/4] Fix open file limit
+
 Upstream-Status: Backport

 unsquashfs: fix open file limit
@@ -30,11 +35,16 @@ track the amount of open files.

 Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>

-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+Signed-off-by: Martin Jansa <martin.jansa@lge.com>
+---
+ squashfs-tools/unsquashfs.c | 134 +++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 126 insertions(+), 8 deletions(-)

-diff -urpN a/unsquashfs.c b/unsquashfs.c
--- a/unsquashfs.c	2012-11-30 15:31:29.000000000 +0800
-+++ b/unsquashfs.c	2012-11-30 15:32:03.000000000 +0800
+diff --git a/unsquashfs.c b/unsquashfs.c
+index 4f26e18..d532486 100644
+--- a/unsquashfs.c
+++ b/unsquashfs.c
@@ -31,6 +31,8 @@
 
 #include <sys/sysinfo.h>
@@ -91,7 +101,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 int write_file(struct inode *inode, char *pathname)
 {
 	unsigned int file_fd, i;
-@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char
+@@ -794,8 +836,8 @@ int write_file(struct inode *inode, char *pathname)
 
 	TRACE("write_file: regular file, blocks %d\n", inode->blocks);
 
@@ -102,7 +112,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 	if(file_fd == -1) {
 		ERROR("write_file: failed to create file %s, because %s\n",
 			pathname, strerror(errno));
-@@ -1712,7 +1754,7 @@ void *writer(void *arg)
+@@ -1707,7 +1749,7 @@ void *writer(void *arg)
 			}
 		}
 
@@ -111,7 +121,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 		if(failed == FALSE)
 			set_attributes(file->pathname, file->mode, file->uid,
 				file->gid, file->time, file->xattr, force);
-@@ -1803,9 +1845,9 @@ void *progress_thread(void *arg)
+@@ -1798,9 +1840,9 @@ void *progress_thread(void *arg)
 
 void initialise_threads(int fragment_buffer_size, int data_buffer_size)
 {
@@ -123,7 +133,7 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 
 	sigemptyset(&sigmask);
 	sigaddset(&sigmask, SIGINT);
-@@ -1841,10 +1883,86 @@ void initialise_threads(int fragment_buf
+@@ -1836,10 +1878,86 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size)
 		EXIT_UNSQUASH("Out of memory allocating thread descriptors\n");
 	deflator_thread = &thread[3];
 
@@ -213,3 +223,6 @@ diff -urpN a/unsquashfs.c b/unsquashfs.c
 	fragment_cache = cache_init(block_size, fragment_buffer_size);
 	data_cache = cache_init(block_size, data_buffer_size);
 	pthread_create(&thread[0], NULL, reader, NULL);
+-- 
+2.1.4
+
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
@@ -30,11 +30,12 @@ S = "${WORKDIR}/squashfs${PV}/squashfs-tools"
 EXTRA_OEMAKE = "MAKEFLAGS= LZMA_SUPPORT=1 LZMA_DIR=../.. XZ_SUPPORT=1"

 do_compile() {
-        oe_runmake mksquashfs
+	oe_runmake mksquashfs unsquashfs
 }
 do_install () {
-        install -d ${D}${sbindir}
-        install -m 0755 mksquashfs ${D}${sbindir}/
+	install -d ${D}${sbindir}
+	install -m 0755 mksquashfs ${D}${sbindir}/
+	install -m 0755 unsquashfs ${D}${sbindir}/
 }

 ARM_INSTRUCTION_SET = "arm"