openembedded-core.git/meta/recipes-devtools/squashfs-tools, branch daisy Mirror of openembedded-core squashfs-tools: enable building unsquashfs and fix squashfs-4.2-fix-CVE-2012-4025.patch 2015-07-16T19:45:07+00:00 Martin Jansa martin.jansa@gmail.com 2015-05-21T11:23:15+00:00 e1a2540227250d854d5bba278634bcc9e7572cda * build unsqaushfs, useful when debuging corrupt squashfs from mksquashfs * squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we weren't building and it actually breaks building it, because someone missed squashfs_fs.h change from the original change * add git headers in all patches and fix references to new github repository Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* build unsqaushfs, useful when debuging corrupt squashfs from
  mksquashfs
* squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we
  weren't building and it actually breaks building it, because someone
  missed squashfs_fs.h change from the original change
* add git headers in all patches and fix references to new github
  repository

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
squashfs-tools: set SUMMARY instead of DESCRIPTION 2013-12-03T17:08:46+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2013-11-25T18:22:23+00:00 a8e7efe23a5962610fb5818a9a802e737fca918f Also tidy up value a little bit. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Also tidy up value a little bit.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
squashfs-tools: drop FILESPATHPKG 2013-12-03T17:08:33+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2013-05-24T14:34:52+00:00 694d95c94d03fb1e63d6c52840a5149c3b166c2a Drop FILESPATHPKG setting since it seems to be superfluous. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Drop FILESPATHPKG setting since it seems to be superfluous.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
squashfs-tools: remove FILESEXTRAPATH and move patches directory 2013-11-20T14:02:54+00:00 Saul Wold sgw@linux.intel.com 2013-11-14T17:43:53+00:00 60375dd8d0a849a7a23badb0f195a662c93a4922 Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Signed-off-by: Saul Wold <sgw@linux.intel.com>
squashfs: fix CVE-2012-4025 2012-12-14T23:17:20+00:00 yanjun.zhu yanjun.zhu@windriver.com 2012-12-11T10:00:32+00:00 bb1611d4830bb7aff2371afdb2a77a4ca7298c7d CQID:WIND00366813 Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> [YOCTO #3564] Signed-off-by: Saul Wold <sgw@linux.intel.com> 
CQID:WIND00366813

Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e

Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>

[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
squashfs: fix for CVE-2012-4024 2012-12-03T15:20:34+00:00 yanjun.zhu yanjun.zhu@windriver.com 2012-11-30T11:41:23+00:00 972ea6c674e10cf23bedbbc581b78baa3f7c7b9b Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line or in an extract file) could exceed the 1024 byte sized targname allocated on the stack. Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. [YOCTO #3513] Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=
squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123

Fix potential stack overflow in get_component() where an individual
pathname component in an extract file (specified on the command line
or in an extract file) could exceed the 1024 byte sized targname
allocated on the stack.

Fix by dynamically allocating targname rather than storing it as
a fixed size on the stack.

[YOCTO #3513]

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OECore license fixes: meta/* 2011-12-08T15:23:49+00:00 Elizabeth Flanagan elizabeth.flanagan@intel.com 2011-12-03T23:48:29+00:00 3083dd70b3a9fa01fcc3cf00373b05502505996e This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> 
This is a quick audit of only the most obviously wrong licenses
found within OECore. These fixes fall into four areas:

- LICENSE field had incorrect format so that the parser choked
- LICENSE field has a license with no version
- LICENSE field was actually incorrect
- LICENSE field has an imaginary license that didn't exist

This fixes most of the LICENSE warnings thrown, along with my prior
commit adding additional licenses to common-licenses and additional
SPDXLICENSEMAP entries.

HOWEVER..... there is much to be done on the license front.
For a list of recipes with licenses that need obvious fixing see:

https://wiki.yoctoproject.org/wiki/License_Audit

That said, I would suggest another license audit as I've found
enough inconsistencies. A good suggestion is when in doubt, look at
how openSuse or Gentoo or Debian license the package.

Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
squashfs-tools: fix PR, those should start with 'r' 2011-11-30T23:37:40+00:00 Martin Jansa martin.jansa@gmail.com 2011-11-30T22:57:00+00:00 f4efaa0f472b4bf0ba0a0297cc9ecc8b5a671f72 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
squashfs-tools: add recipe 2011-10-24T13:28:18+00:00 Cliff Brake cbrake@bec-systems.com 2011-10-21T16:39:47+00:00 0de2d328075587b04fd0db01a98e6e720d792b1b added xz compression option, general cleanup 
added xz compression option, general cleanup