Fix for CVE-2015-4645/4646
This commit is contained in:
parent
12f3ad490e
commit
e68da29cac
29
cve-2015-4645.patch
Normal file
29
cve-2015-4645.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
diff --git a/unsquash-4.c b/unsquash-4.c
|
||||||
|
index ecdaac796f09..2c0cf63daf67 100644
|
||||||
|
--- a/unsquash-4.c
|
||||||
|
+++ b/unsquash-4.c
|
||||||
|
@@ -31,9 +31,9 @@ static unsigned int *id_table;
|
||||||
|
int read_fragment_table_4(long long *directory_table_end)
|
||||||
|
{
|
||||||
|
int res, i;
|
||||||
|
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
|
||||||
|
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
|
||||||
|
- long long fragment_table_index[indexes];
|
||||||
|
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
|
||||||
|
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
|
||||||
|
+ long long *fragment_table_index;
|
||||||
|
|
||||||
|
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
|
||||||
|
"from 0x%llx\n", sBlk.s.fragments, indexes,
|
||||||
|
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ fragment_table_index = malloc(indexes*sizeof(long long));
|
||||||
|
+ if(fragment_table_index == NULL)
|
||||||
|
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
|
||||||
|
+ "fragment table index\n");
|
||||||
|
+
|
||||||
|
fragment_table = malloc(bytes);
|
||||||
|
if(fragment_table == NULL)
|
||||||
|
EXIT_UNSQUASH("read_fragment_table: failed to allocate "
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Utility for the creation of squashfs filesystems
|
Summary: Utility for the creation of squashfs filesystems
|
||||||
Name: squashfs-tools
|
Name: squashfs-tools
|
||||||
Version: 4.3
|
Version: 4.3
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://squashfs.sourceforge.net/
|
URL: http://squashfs.sourceforge.net/
|
||||||
@ -18,7 +18,11 @@ Patch0: PAE.patch
|
|||||||
Patch1: mem-overflow.patch
|
Patch1: mem-overflow.patch
|
||||||
# From squashfs-devel@lists.sourceforge.net by Guan Xin <guanx.bac@gmail.com>
|
# From squashfs-devel@lists.sourceforge.net by Guan Xin <guanx.bac@gmail.com>
|
||||||
# For https://bugzilla.redhat.com/show_bug.cgi?id=1141206
|
# For https://bugzilla.redhat.com/show_bug.cgi?id=1141206
|
||||||
PAtch2: 2gb.patch
|
Patch2: 2gb.patch
|
||||||
|
# From https://github.com/gcanalesb/sasquatch/commit/6777e08cc38bc780d27c69c1d8c272867b74524f
|
||||||
|
# Which is forked from Phillip's squashfs-tools, though it looks like
|
||||||
|
# the issue applies to us.
|
||||||
|
Patch3: cve-2015-4645.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
BuildRequires: xz-devel
|
BuildRequires: xz-devel
|
||||||
@ -35,6 +39,7 @@ contains the utilities for manipulating squashfs filesystems.
|
|||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p0
|
%patch2 -p0
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
pushd squashfs-tools
|
pushd squashfs-tools
|
||||||
@ -61,6 +66,9 @@ rm -rf %{buildroot}
|
|||||||
%{_sbindir}/unsquashfs
|
%{_sbindir}/unsquashfs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 23 2015 Bruno Wolff III <bruno@wolff.to> - 4.3-10
|
||||||
|
- Fix for CVE 2015-4645/4646
|
||||||
|
|
||||||
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-9
|
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-9
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user