aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-07-07 19:52:10 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-07-07 19:52:10 +0000
commit10422f18285619f8f57b8b4ab5ca829eb21c115f (patch)
tree59c1ac9f33f56838bbb37150ce2a7e1a5cf5dc59
parent5dde2329f8145b8629b4c808b2967976d53e8d27 (diff)
downloadaports-10422f18285619f8f57b8b4ab5ca829eb21c115f.tar.gz
aports-10422f18285619f8f57b8b4ab5ca829eb21c115f.tar.bz2
aports-10422f18285619f8f57b8b4ab5ca829eb21c115f.tar.xz
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
-rw-r--r--main/squashfs-tools/APKBUILD12
-rw-r--r--main/squashfs-tools/CVE-2015-4645.patch29
2 files changed, 37 insertions, 4 deletions
diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD
index 90e5e9f0d1..366c4eace7 100644
--- a/main/squashfs-tools/APKBUILD
+++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squashfs-tools
pkgver=4.3
-pkgrel=1
+pkgrel=2
pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
url="http://squashfs.sourceforge.net"
arch="all"
@@ -11,6 +11,7 @@ makedepends="zlib-dev xz-dev lzo-dev attr-dev"
source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
fix-compat.patch
vla-overlow.patch
+ CVE-2015-4645.patch
"
_builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -36,10 +37,13 @@ package() {
}
md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz
1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch
-d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch"
+d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch
+c475b848e0c2e2b2eef3ddf2e3c23803 CVE-2015-4645.patch"
sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz
249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch
-213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch"
+213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch
+ff71a62a435a9089b0fc95280aa3a8310b131653d37e55eed10a0f7d0100359b CVE-2015-4645.patch"
sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz
868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch
-975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch"
+975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch
+77431a0a4a529ce63f1613a65a23af2fb8683a16d14ad1a5cfed3a9fac4df6a1212f081d1879ede188a25b77e860445058012131423c546657fb562069865d2c CVE-2015-4645.patch"
diff --git a/main/squashfs-tools/CVE-2015-4645.patch b/main/squashfs-tools/CVE-2015-4645.patch
new file mode 100644
index 0000000000..f69025f180
--- /dev/null
+++ b/main/squashfs-tools/CVE-2015-4645.patch
@@ -0,0 +1,29 @@
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index ecdaac796f09..2c0cf63daf67 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -31,9 +31,9 @@ static unsigned int *id_table;
+ int read_fragment_table_4(long long *directory_table_end)
+ {
+ int res, i;
+- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+- long long fragment_table_index[indexes];
++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
++ long long *fragment_table_index;
+
+ TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
+ "from 0x%llx\n", sBlk.s.fragments, indexes,
+@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
+ return TRUE;
+ }
+
++ fragment_table_index = malloc(indexes*sizeof(long long));
++ if(fragment_table_index == NULL)
++ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
++ "fragment table index\n");
++
+ fragment_table = malloc(bytes);
+ if(fragment_table == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "