main/squashfs-tools: security fix for CVE-2015-4645/4646

ref #4416 fixes #4420 (cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
author: Natanael Copa <ncopa@alpinelinux.org> 2015-07-07 19:52:10 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-07-07 19:54:55 +0000
commit: eda97ba58d739a78737006295c03cbe3d77ebceb (patch)
tree: 8b47f2a2493bbc27213c00e9f2d7380b5ab3cc8f
parent: b892cb972e14e5d9abb90a9126123ab0d3fb5d96 (diff)
download: alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.tar.bz2
alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.tar.xz
alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.zip
2 files changed, 37 insertions, 4 deletions
diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD
index 90e5e9f0d1..366c4eace7 100644
--- a/main/squashfs-tools/APKBUILD
+++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=squashfs-tools
 pkgver=4.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
 url="http://squashfs.sourceforge.net"
 arch="all"
@@ -11,6 +11,7 @@ makedepends="zlib-dev xz-dev lzo-dev attr-dev"
 source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
        fix-compat.patch
        vla-overlow.patch
+        CVE-2015-4645.patch
 "
 _builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -36,10 +37,13 @@ package() {
 }
 md5sums="d92ab59aabf5173f2a59089531e30dbf  squashfs4.3.tar.gz
 1bb2bed6830d32b76f1ca1b6c0349fcd  fix-compat.patch
-d34cb53db691f0fb58425bb5ab30f6d4  vla-overlow.patch"
+d34cb53db691f0fb58425bb5ab30f6d4  vla-overlow.patch
+c475b848e0c2e2b2eef3ddf2e3c23803  CVE-2015-4645.patch"
 sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6  squashfs4.3.tar.gz
 249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6  fix-compat.patch
-213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5  vla-overlow.patch"
+213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5  vla-overlow.patch
+ff71a62a435a9089b0fc95280aa3a8310b131653d37e55eed10a0f7d0100359b  CVE-2015-4645.patch"
 sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79  squashfs4.3.tar.gz
 868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140  fix-compat.patch
-975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360  vla-overlow.patch"
+975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360  vla-overlow.patch
+77431a0a4a529ce63f1613a65a23af2fb8683a16d14ad1a5cfed3a9fac4df6a1212f081d1879ede188a25b77e860445058012131423c546657fb562069865d2c  CVE-2015-4645.patch"
diff --git a/main/squashfs-tools/CVE-2015-4645.patch b/main/squashfs-tools/CVE-2015-4645.patch
new file mode 100644
index 0000000000..f69025f180
--- /dev/null
+++ b/main/squashfs-tools/CVE-2015-4645.patch
@@ -0,0 +1,29 @@
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index ecdaac796f09..2c0cf63daf67 100644
+--- a/squashfs-tools/unsquash-4.c
+++ b/squashfs-tools/unsquash-4.c
+@@ -31,9 +31,9 @@ static unsigned int *id_table;
+ int read_fragment_table_4(long long *directory_table_end)
+ {
+        int res, i;
+-       int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+-       int  indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+-       long long fragment_table_index[indexes];
+       size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+       size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+       long long *fragment_table_index;
+ 
+        TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
+                "from 0x%llx\n", sBlk.s.fragments, indexes,
+@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
+                return TRUE;
+        }
+ 
+       fragment_table_index = malloc(indexes*sizeof(long long));
+       if(fragment_table_index == NULL)
+               EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+                       "fragment table index\n");
+
+        fragment_table = malloc(bytes);
+        if(fragment_table == NULL)
+                EXIT_UNSQUASH("read_fragment_table: failed to allocate "
author	Natanael Copa <ncopa@alpinelinux.org>	2015-07-07 19:52:10 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-07-07 19:54:55 +0000
commit	eda97ba58d739a78737006295c03cbe3d77ebceb (patch)
tree	8b47f2a2493bbc27213c00e9f2d7380b5ab3cc8f
parent	b892cb972e14e5d9abb90a9126123ab0d3fb5d96 (diff)
download	alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.tar.bz2 alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.tar.xz alpine_aports-eda97ba58d739a78737006295c03cbe3d77ebceb.zip

diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD index 90e5e9f0d1..366c4eace7 100644 --- a/main/squashfs-tools/APKBUILD +++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=squashfs-tools	2	pkgname=squashfs-tools
3	pkgver=4.3	3	pkgver=4.3
4	pkgrel=1	4	pkgrel=2
5	pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."	5	pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
6	url="http://squashfs.sourceforge.net"	6	url="http://squashfs.sourceforge.net"
7	arch="all"	7	arch="all"
@@ -11,6 +11,7 @@ makedepends="zlib-dev xz-dev lzo-dev attr-dev"
11	source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz	11	source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
12	fix-compat.patch	12	fix-compat.patch
13	vla-overlow.patch	13	vla-overlow.patch
		14	CVE-2015-4645.patch
14	"	15	"
15		16
16	_builddir="$srcdir/squashfs$pkgver/$pkgname"	17	_builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -36,10 +37,13 @@ package() {
36	}	37	}
37	md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz	38	md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz
38	1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch	39	1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch
39	d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch"	40	d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch
		41	c475b848e0c2e2b2eef3ddf2e3c23803 CVE-2015-4645.patch"
40	sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz	42	sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz
41	249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch	43	249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch
42	213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch"	44	213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch
		45	ff71a62a435a9089b0fc95280aa3a8310b131653d37e55eed10a0f7d0100359b CVE-2015-4645.patch"
43	sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz	46	sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz
44	868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch	47	868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch
45	975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch"	48	975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch
		49	77431a0a4a529ce63f1613a65a23af2fb8683a16d14ad1a5cfed3a9fac4df6a1212f081d1879ede188a25b77e860445058012131423c546657fb562069865d2c CVE-2015-4645.patch"


diff --git a/main/squashfs-tools/CVE-2015-4645.patch b/main/squashfs-tools/CVE-2015-4645.patch new file mode 100644 index 0000000000..f69025f180 --- /dev/null +++ b/main/squashfs-tools/CVE-2015-4645.patch
@@ -0,0 +1,29 @@
		1	diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
		2	index ecdaac796f09..2c0cf63daf67 100644
		3	--- a/squashfs-tools/unsquash-4.c
		4	+++ b/squashfs-tools/unsquash-4.c
		5	@@ -31,9 +31,9 @@ static unsigned int *id_table;
		6	int read_fragment_table_4(long long *directory_table_end)
		7	{
		8	int res, i;
		9	- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
		10	- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
		11	- long long fragment_table_index[indexes];
		12	+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
		13	+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
		14	+ long long *fragment_table_index;
		15
		16	TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
		17	"from 0x%llx\n", sBlk.s.fragments, indexes,
		18	@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
		19	return TRUE;
		20	}
		21
		22	+ fragment_table_index = malloc(indexes*sizeof(long long));
		23	+ if(fragment_table_index == NULL)
		24	+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
		25	+ "fragment table index\n");
		26	+
		27	fragment_table = malloc(bytes);
		28	if(fragment_table == NULL)
		29	EXIT_UNSQUASH("read_fragment_table: failed to allocate "