diff --git a/srcpkgs/squashfs-tools/patches/CVE-2015-4645.patch b/srcpkgs/squashfs-tools/patches/CVE-2015-4645.patch new file mode 100644 index 00000000000..bb0f85e0577 --- /dev/null +++ b/srcpkgs/squashfs-tools/patches/CVE-2015-4645.patch @@ -0,0 +1,27 @@ +--- squashfs-tools/unsquash-4.c ++++ squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) + return TRUE; + } + ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); ++ + fragment_table = malloc(bytes); + if(fragment_table == NULL) + EXIT_UNSQUASH("read_fragment_table: failed to allocate " diff --git a/srcpkgs/squashfs-tools/patches/vla-overlow.patch b/srcpkgs/squashfs-tools/patches/vla-overlow.patch new file mode 100644 index 00000000000..a9840fe01f0 --- /dev/null +++ b/srcpkgs/squashfs-tools/patches/vla-overlow.patch @@ -0,0 +1,21 @@ +--- ./squashfs-tools/unsquashfs.c.orig ++++ ./squashfs-tools/unsquashfs.c +@@ -2099,7 +2099,9 @@ + */ + void *inflator(void *arg) + { +- char tmp[block_size]; ++ char *tmp = malloc(block_size); ++ if(tmp == NULL) ++ EXIT_UNSQUASH("Out of memory allocating block buffer\n"); + + while(1) { + struct cache_entry *entry = queue_get(to_inflate); +@@ -2122,6 +2124,7 @@ + */ + cache_block_ready(entry, res == -1); + } ++ free(tmp); + } + + diff --git a/srcpkgs/squashfs-tools/template b/srcpkgs/squashfs-tools/template index 3b74b86c590..bf891e50ea2 100644 --- a/srcpkgs/squashfs-tools/template +++ b/srcpkgs/squashfs-tools/template @@ -1,10 +1,10 @@ # Template file for 'squashfs-tools' pkgname=squashfs-tools version=4.3 -revision=3 +revision=4 wrksrc="squashfs${version}" makedepends="zlib-devel lzo-devel liblzma-devel" -license="GPL" +license="GPL-2" homepage="http://squashfs.sf.net/" short_desc="Tool to create and append to squashfs filesystems" maintainer="Juan RP "