From d2dd3b2088cb9cb4d04b24f4609648f46877a168 Mon Sep 17 00:00:00 2001 From: zhouwenpei Date: Thu, 28 Jul 2022 09:10:09 +0800 Subject: [PATCH] sync mainline branch (cherry picked from commit 34a932dd91d869319082bc2bbf4f2aa902ca96df) --- backport-CVE-2022-33967.patch | 23 +++++++++-------------- uboot-tools.spec | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/backport-CVE-2022-33967.patch b/backport-CVE-2022-33967.patch index 6994cfb..ea30f9b 100644 --- a/backport-CVE-2022-33967.patch +++ b/backport-CVE-2022-33967.patch @@ -1,8 +1,7 @@ -From 7f7fb9937c6cb49dd35153bd6708872b390b0a44 Mon Sep 17 00:00:00 2001 +From e40e9a32dd411f444d6e2ed73c517ee584a386ae Mon Sep 17 00:00:00 2001 From: Miquel Raynal -Date: Mon, 27 Jun 2022 12:20:03 +0200 -Subject: [PATCH] fs/squashfs: Use kcalloc when relevant - +Date: Wed, 20 Jul 2022 09:18:20 +0000 +Subject: [PATCH] fs/squashfs: Use kcalloc when relevant A crafted squashfs image could embed a huge number of empty metadata blocks in order to make the amount of malloc()'d memory overflow and be much smaller than expected. Because of this flaw, any random code @@ -21,19 +20,13 @@ The right way to do it would be to enhance the calloc() implementation but this is quite an impacting change for such a small fix. Another solution would be to add the check before the malloc call in the squashfs implementation, but this does not look right. So for now, let's -use the kcalloc() compatibility function from Linux, which has this -check. - -Fixes: c5100613037 ("fs/squashfs: new filesystem") -Reported-by: Tatsuhiko Yasumatsu -Signed-off-by: Miquel Raynal -Tested-by: Tatsuhiko Yasumatsu +use the kcalloc() compatibility function fro... --- fs/squashfs/sqfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c -index 92ab8ac6..60557f4a 100644 +index 92ab8ac6..ef4b5836 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -13,6 +13,7 @@ @@ -50,8 +43,10 @@ index 92ab8ac6..60557f4a 100644 - *inode_table = malloc(metablks_count * SQFS_METADATA_BLOCK_SIZE); + *inode_table = kcalloc(metablks_count, SQFS_METADATA_BLOCK_SIZE, -+ GFP_KERNEL); ++ GFP_KERNEL); if (!*inode_table) { ret = -ENOMEM; goto free_itb; --- \ No newline at end of file +-- +2.33.0 + diff --git a/uboot-tools.spec b/uboot-tools.spec index 9b27e9c..aa26eb8 100644 --- a/uboot-tools.spec +++ b/uboot-tools.spec @@ -3,7 +3,7 @@ Name: uboot-tools Version: 2021.10 -Release: 4 +Release: 6 Summary: tools for U-Boot License: GPL-2.0-or-later and Public Domain and GPL-2.0-only URL: http://www.denx.de/wiki/U-Boot @@ -20,11 +20,12 @@ Patch6001: backport-AllWinner-PineTab.patch # RPI4 Patch6002: backport-rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch Patch6003: backport-CVE-2022-34835.patch -Patch6004: backport-CVE-2022-33967.patch +Patch6004: backport-CVE-2022-33967.patch BuildRequires: bc dtc gcc make flex bison git-core openssl-devel BuildRequires: python3-unversioned-command python3-devel python3-setuptools BuildRequires: python3-libfdt python3-pyelftools SDL-devel swig +BuildRequires: perl # this required when /usr/bin/python link to python3 BuildRequires: python3-devel %if %{with_armv8} @@ -243,15 +244,21 @@ cp -p board/warp7/README builds/docs/README.warp7 %{_mandir}/man1/mkimage.1* %changelog -* Tue Jul 26 2022 zhouwenpei - 2021-10-4 +* Wed Jul 20 2022 cenhuilin - 2021.10-6 - fix CVE-2022-33967 -* Tue Jul 12 2022 zhouwenpei - 2021-10-3 +* Tue Jul 12 2022 zhouwenpei - 2021.10-5 - fix CVE-2022-34835 -* Wed May 11 2022 liuyumeng - 2021-10-2 +* Wed May 11 2022 liuyumeng - 2021.10-4 - fix license error +* Sat May 07 2022 liuyumeng - 2021.10-3 +- fix license error + +* Wed Apr 13 2022 yangcheng - 2021.10-2 +- Add perl buildrequires to resolve compilation error + * Mon Dec 6 2021 yangcheng - 2021.10-1 - Upgrade to 2021.10 -- Gitee