mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-23 18:09:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4103bcf2e0e66dc41e8a8a1d62f591233e54921
poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb
yanjun.zhu 5b3ffcea5e squashfs: fix CVE-2012-4025 
CQID:WIND00366813

Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e

Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

(From OE-Core rev: bb1611d4830bb7aff2371afdb2a77a4ca7298c7d)

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>

[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-12-17 17:24:54 +00:00

47 lines
1.8 KiB
BlitzBasic
Raw Blame History

# Note, we can probably remove the lzma option as it has be replaced with xz,
# and I don't think the kernel supports it any more.
DESCRIPTION = "Tools to manipulate Squashfs filesystems."
SECTION = "base"
LICENSE = "GPL-2 & PD"
FILESEXTRAPATHS_prepend := "${THISDIR}/patches:"
LIC_FILES_CHKSUM = "file://../COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \
"
DEPENDS = "attr zlib xz"
PR = "r2"
SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \
http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \
"
SRC_URI += "file://squashfs-4.2-fix-CVE-2012-4024.patch \
file://squashfs-add-a-commment-and-fix-some-other-comments.patch \
file://squashfs-fix-open-file-limit.patch \
file://squashfs-4.2-fix-CVE-2012-4025.patch \
"
SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852"
SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96"
SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759"
SRC_URI[lzma.sha256sum] = "c935fd04dd8e0e8c688a3078f3675d699679a90be81c12686837e0880aa0fa1e"
S = "${WORKDIR}/squashfs${PV}/squashfs-tools"
# EXTRA_OEMAKE is typically: -e MAKEFLAGS=
# the -e causes problems as CFLAGS is modified in the Makefile, so
# we redefine EXTRA_OEMAKE here
EXTRA_OEMAKE = "MAKEFLAGS= LZMA_SUPPORT=1 LZMA_DIR=../.. XZ_SUPPORT=1"
do_compile() {
oe_runmake mksquashfs
}
do_install () {
install -d ${D}${sbindir}
install -m 0755 mksquashfs ${D}${sbindir}/
}
# required to share same place with -lzma specific packages
FILESPATHPKG =. "squashfs-tools-${PV}:"
ARM_INSTRUCTION_SET = "arm"
BBCLASSEXTEND = "native"
Reference in New Issue View Git Blame Copy Permalink