aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/squashfs-tools
AgeCommit message (Collapse)Author
2013-01-03squashfs: fix CVE-2012-4025yanjun.zhu
CQID:WIND00366813 Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 (From OE-Core rev: e6fddd1961061895e9335fa94b636163efdc9caa) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> [YOCTO #3564] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-12-07squashfs: fix for CVE-2012-4024yanjun.zhu
Reference:http://squashfs.git.sourceforge.net/git/gitweb.cgi?p= squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 Fix potential stack overflow in get_component() where an individual pathname component in an extract file (specified on the command line or in an extract file) could exceed the 1024 byte sized targname allocated on the stack. Fix by dynamically allocating targname rather than storing it as a fixed size on the stack. [YOCTO #3513] Fixes denzil [YOCTO #3520] (From OE-Core rev: d35560f33f257bd12a07c7c0be770319086d6ad9) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-12-08OECore license fixes: meta/*Elizabeth Flanagan
This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. (From OE-Core rev: 3083dd70b3a9fa01fcc3cf00373b05502505996e) Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-11-30squashfs-tools: fix PR, those should start with 'r'Martin Jansa
(From OE-Core rev: f4efaa0f472b4bf0ba0a0297cc9ecc8b5a671f72) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-10-24squashfs-tools: add recipeCliff Brake
added xz compression option, general cleanup Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>