diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-06-01 00:36:01 +0200 |
commit | 39366733c3fe943363566756e2e152c45a1b3cb2 (patch) | |
tree | 228b0735896af90ca78151c9a69aa3efd12c8cae /patches/source/squashfs-tools | |
parent | d31c50870d0bee042ce660e445c9294a59a3a65b (diff) | |
download | current-39366733c3fe943363566756e2e152c45a1b3cb2.tar.gz |
Fri May 25 23:29:36 UTC 201814.2
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/squashfs-tools')
8 files changed, 682 insertions, 0 deletions
diff --git a/patches/source/squashfs-tools/0001-kfreebsd.patch b/patches/source/squashfs-tools/0001-kfreebsd.patch new file mode 100644 index 00000000..7ce6cd5b --- /dev/null +++ b/patches/source/squashfs-tools/0001-kfreebsd.patch @@ -0,0 +1,123 @@ +Author: Cyril Brulebois <kibi@debian.org> +Description: Fixes FTBFS on kfreebsd (Closes: #557174). +Last-Update: 2015-09-06 + +--- squashfs-tools-4.3.orig/squashfs-tools/mksquashfs.c ++++ squashfs-tools-4.3/squashfs-tools/mksquashfs.c +@@ -51,7 +51,7 @@ + #include <limits.h> + #include <ctype.h> + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +@@ -4105,7 +4105,7 @@ void initialise_threads(int readq, int f + BAD_ERROR("Failed to set signal mask in intialise_threads\n"); + + if(processors == -1) { +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + int mib[2]; + size_t len = sizeof(processors); + +--- squashfs-tools-4.3.orig/squashfs-tools/read_fs.c ++++ squashfs-tools-4.3/squashfs-tools/read_fs.c +@@ -35,7 +35,7 @@ + #include <limits.h> + #include <dirent.h> + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/read_xattrs.c ++++ squashfs-tools-4.3/squashfs-tools/read_xattrs.c +@@ -31,7 +31,7 @@ + #include <stdio.h> + #include <string.h> + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/swap.c ++++ squashfs-tools-4.3/squashfs-tools/swap.c +@@ -19,7 +19,7 @@ + * swap.c + */ + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/unsquashfs.c ++++ squashfs-tools-4.3/squashfs-tools/unsquashfs.c +@@ -2190,7 +2190,7 @@ void initialise_threads(int fragment_buf + "\n"); + + if(processors == -1) { +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + int mib[2]; + size_t len = sizeof(processors); + +--- squashfs-tools-4.3.orig/squashfs-tools/unsquashfs.h ++++ squashfs-tools-4.3/squashfs-tools/unsquashfs.h +@@ -47,7 +47,7 @@ + #include <sys/ioctl.h> + #include <sys/time.h> + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/xz_wrapper.h ++++ squashfs-tools-4.3/squashfs-tools/xz_wrapper.h +@@ -24,7 +24,7 @@ + * + */ + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/gzip_wrapper.h ++++ squashfs-tools-4.3/squashfs-tools/gzip_wrapper.h +@@ -24,7 +24,7 @@ + * + */ + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/lz4_wrapper.h ++++ squashfs-tools-4.3/squashfs-tools/lz4_wrapper.h +@@ -24,7 +24,7 @@ + * + */ + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN +--- squashfs-tools-4.3.orig/squashfs-tools/lzo_wrapper.h ++++ squashfs-tools-4.3/squashfs-tools/lzo_wrapper.h +@@ -24,7 +24,7 @@ + * + */ + +-#ifndef linux ++#if !defined(linux) && !defined(__GLIBC__) + #define __BYTE_ORDER BYTE_ORDER + #define __BIG_ENDIAN BIG_ENDIAN + #define __LITTLE_ENDIAN LITTLE_ENDIAN diff --git a/patches/source/squashfs-tools/0002-fix_phys_mem_calculation.patch b/patches/source/squashfs-tools/0002-fix_phys_mem_calculation.patch new file mode 100644 index 00000000..20f9005b --- /dev/null +++ b/patches/source/squashfs-tools/0002-fix_phys_mem_calculation.patch @@ -0,0 +1,159 @@ +From 55f7ba830d40d438f0b0663a505e0c227fc68b6b Mon Sep 17 00:00:00 2001 +From: Phillip Lougher <phillip@squashfs.org.uk> +Date: Tue, 10 Jun 2014 21:51:52 +0100 +Subject: [PATCH] mksquashfs: fix phys mem calculation for 32-bit processes on + PAE/64-bit kernels + +When adding the code to base default memory usage on physical memory +(by default use 25% of physical memory), I made an oversight. I assumed +the process would be able to address 25% of physical memory. + +However, for 32-bit processes running on a PAE kernel or 64-bit kernel, +25% of physical memory can easily exceed the addressible memory for a +32-bit process, e.g. if a machine has 24 GB of physical memory, the +code would asume the process could easily use 6 GB. + +A 32-bit process by definition can only address 4 GB (32-bit pointers). +But, due to the typical kernel/user-space split (1GB/3GB, or 2GB/2GB) +on PAE kernels, a 32-bit process may only be able to address 2 GB. + +So, if Mksquashfs is a 32-bit application running on a PAE/64-bit kernel, +the code assumes it can address much more memory than it really can, which +means it runs out of memory. + +The fix is to impose a maximum default limit on 32-bit kernels, or +otherwise to never use a value more than 25% of the address space. If +we assume the maximum address space is 2 GB, then the maximum becomes +512 MB. But, given most kernels used the 1GB/3GB split, that may be +unduely conservative, and 25% of 3 GB (756 MB) may be better. This +patch compromises on 640 MB, which is mid-way between the 512 MB and 756 MB +values. It is also the fixed default value previously used by Mksquashfs. + +This patch also alters the code which imposes a maximum size. Previously +it was believed limiting to the physical memory size was adequate. But +obviously this needs to be updated to take into account a 32-bit process +may only be able to address 2 GB. In the process I've also taken the +opportunity to limit all requests to no more than 75% of physical memory. + +Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> +--- + squashfs-tools/mksquashfs.c | 78 ++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 70 insertions(+), 8 deletions(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index 86f82bb..5370ecf 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -304,7 +304,7 @@ void restorefs(); + struct dir_info *scan1_opendir(char *pathname, char *subpath, int depth); + void write_filesystem_tables(struct squashfs_super_block *sBlk, int nopad); + unsigned short get_checksum_mem(char *buff, int bytes); +-int get_physical_memory(); ++void check_usable_phys_mem(int total_mem); + + + void prep_exit() +@@ -4053,11 +4053,7 @@ void initialise_threads(int readq, int fragq, int bwriteq, int fwriteq, + BAD_ERROR("Queue sizes rediculously too large\n"); + total_mem += fwriteq; + +- if(total_mem > get_physical_memory()) { +- ERROR("Total queue sizes larger than physical memory.\n"); +- ERROR("Mksquashfs will exhaust physical memory and thrash.\n"); +- BAD_ERROR("Queues too large\n"); +- } ++ check_usable_phys_mem(total_mem); + + /* + * convert from queue size in Mbytes to queue size in +@@ -4879,6 +4875,72 @@ int get_physical_memory() + } + + ++void check_usable_phys_mem(int total_mem) ++{ ++ /* ++ * We want to allow users to use as much of their physical ++ * memory as they wish. However, for practical reasons there are ++ * limits which need to be imposed, to protect users from themselves ++ * and to prevent people from using Mksquashfs as a DOS attack by using ++ * all physical memory. Mksquashfs uses memory to cache data from disk ++ * to optimise performance. It is pointless to ask it to use more ++ * than 75% of physical memory, as this causes thrashing and it is thus ++ * self-defeating. ++ */ ++ int mem = get_physical_memory(); ++ ++ mem = (mem >> 1) + (mem >> 2); /* 75% */ ++ ++ if(total_mem > mem) { ++ ERROR("Total memory requested is more than 75%% of physical " ++ "memory.\n"); ++ ERROR("Mksquashfs uses memory to cache data from disk to " ++ "optimise performance.\n"); ++ ERROR("It is pointless to ask it to use more than this amount " ++ "of memory, as this\n"); ++ ERROR("causes thrashing and it is thus self-defeating.\n"); ++ BAD_ERROR("Requested memory size too large\n"); ++ } ++ ++ if(sizeof(void *) == 4 && total_mem > 2048) { ++ /* ++ * If we're running on a kernel with PAE or on a 64-bit kernel, ++ * then the 75% physical memory limit can still easily exceed ++ * the addressable memory by this process. ++ * ++ * Due to the typical kernel/user-space split (1GB/3GB, or ++ * 2GB/2GB), we have to conservatively assume the 32-bit ++ * processes can only address 2-3GB. So refuse if the user ++ * tries to allocate more than 2GB. ++ */ ++ ERROR("Total memory requested may exceed maximum " ++ "addressable memory by this process\n"); ++ BAD_ERROR("Requested memory size too large\n"); ++ } ++} ++ ++ ++int get_default_phys_mem() ++{ ++ int mem = get_physical_memory() / SQUASHFS_TAKE; ++ ++ if(sizeof(void *) == 4 && mem > 640) { ++ /* ++ * If we're running on a kernel with PAE or on a 64-bit kernel, ++ * the default memory usage can exceed the addressable ++ * memory by this process. ++ * Due to the typical kernel/user-space split (1GB/3GB, or ++ * 2GB/2GB), we have to conservatively assume the 32-bit ++ * processes can only address 2-3GB. So limit the default ++ * usage to 640M, which gives room for other data. ++ */ ++ mem = 640; ++ } ++ ++ return mem; ++} ++ ++ + void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq, + int *fwriteq) + { +@@ -4890,7 +4952,7 @@ void calculate_queue_sizes(int mem, int *readq, int *fragq, int *bwriteq, + + + #define VERSION() \ +- printf("mksquashfs version 4.3 (2014/05/12)\n");\ ++ printf("mksquashfs version 4.3-git (2014/06/09)\n");\ + printf("copyright (C) 2014 Phillip Lougher "\ + "<phillip@squashfs.org.uk>\n\n"); \ + printf("This program is free software; you can redistribute it and/or"\ +@@ -4918,7 +4980,7 @@ int main(int argc, char *argv[]) + int fragq; + int bwriteq; + int fwriteq; +- int total_mem = get_physical_memory() / SQUASHFS_TAKE; ++ int total_mem = get_default_phys_mem(); + int progress = TRUE; + int force_progress = FALSE; + struct file_buffer **fragment = NULL; diff --git a/patches/source/squashfs-tools/0003-CVE-2015-4645_and_CVE-2015-4646.patch b/patches/source/squashfs-tools/0003-CVE-2015-4645_and_CVE-2015-4646.patch new file mode 100644 index 00000000..d81639f6 --- /dev/null +++ b/patches/source/squashfs-tools/0003-CVE-2015-4645_and_CVE-2015-4646.patch @@ -0,0 +1,76 @@ +From 6777e08cc38bc780d27c69c1d8c272867b74524f Mon Sep 17 00:00:00 2001 +From: Giancarlo Canales Barreto <gcanalesb@me.com> +Date: Wed, 17 Jun 2015 00:22:19 -0400 +Subject: [PATCH] Update unsquash-4.c + +There seems to be a stack overflow in read_fragment_table_4 at via what seems to be an integer overflow. Still looking into this problem, it seems like two or three different problems combined. + +The first problem overflows the bytes variable, so that the allocation is enormous. +```c +int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +``` + +If we fix this by making the variable size_t, we run into an unrelated problem in which the stack VLA allocation of fragment_table_index can easily exceed RLIMIT_STACK. +```c +long long fragment_table_index[indexes]; +``` + +In the case of my system, the RLIMIT_STACK is 8388608, and VLA is asking for 15728648. Plus the stack probably already has a bunch of other things. This is what I believe ultimately leads to the stack overflow. + +Afterwards, the heap allocation seems to succeed, and the disastrous call to read_fs_bytes is made, which initiates transfer from the squashfs image to the stack. At this stage, a stack overflow appears to be in full effect. + +```c + res = read_fs_bytes(fd, sBlk.s.fragment_table_start, + SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk.s.fragments), + fragment_table_index); +``` +This problem is also present in other read_fragment_table_N functions, and in in the original squashfs-tools. + +``` +Parallel unsquashfs: Using 8 processors +ASAN:SIGSEGV +================================================================= +==8221==ERROR: AddressSanitizer: stack-overflow on address 0x7ffef3ae9608 (pc 0x000000559011 bp 0x7ffef49e9670 sp 0x7ffef3ae9610 T0) + #0 0x559010 in read_fragment_table_4 /home/septimus/vr/squashfs-vr/squashfs-tools/unsquash-4.c:40:9 + #1 0x525073 in main /home/septimus/vr/squashfs-vr/squashfs-tools/unsquashfs.c:2763:5 + #2 0x7fb56c533a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) + #3 0x418468 in _start (/home/septimus/vr/squashfs-vr/squashfs-tools/unsquashfs+0x418468) +SUMMARY: AddressSanitizer: stack-overflow /home/septimus/vr/squashfs-vr/squashfs-tools/unsquash-4.c:40:9 in read_fragment_table_4 +==8221==ABORTING +``` + +Perhaps we should avoid using VLA altogether, and allocate fragment_table_index to the heap? +This pull request is an example implementation of the fix for unsquash-4, but I don't have enough test vectors to verify it will not break anything. +--- + unsquash-4.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ecdaac7..2c0cf63 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) + return TRUE; + } + ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); ++ + fragment_table = malloc(bytes); + if(fragment_table == NULL) + EXIT_UNSQUASH("read_fragment_table: failed to allocate " diff --git a/patches/source/squashfs-tools/0004-unsquashfs-add-support-for-LZMA-magics.patch b/patches/source/squashfs-tools/0004-unsquashfs-add-support-for-LZMA-magics.patch new file mode 100644 index 00000000..258416bf --- /dev/null +++ b/patches/source/squashfs-tools/0004-unsquashfs-add-support-for-LZMA-magics.patch @@ -0,0 +1,102 @@ +From c2dc60a94b01a1fff4a22db1c0569651afa6c959 Mon Sep 17 00:00:00 2001 +From: Jonas Gorski <jonas.gorski@gmail.com> +Date: Wed, 19 Oct 2011 11:44:57 +0200 +Subject: [PATCH] unsquashfs: add support for LZMA magics +X-Face: z*RaLf`X<@C75u6Ig9}{oW$H;1_\2t5)({*|jhM<pyWR#k60!#=#>/Vb;]yA5<GWI5`6u&+ + ;6b'@y|8w"wB;4/e!7wYYrcqdJFY,~%Gk_4]cq$Ei/7<j&N3ah(m`ku?pX.&+~:_/wC~dwn^)MizBG + !pE^+iDQQ1yC6^,)YDKkxDd!T>\I~93>J<_`<4)A{':UrE + +Some vendor (e.g. Thomson/Technicolor) use a different super block magic +to indicate LZMA compression: + + qshs (0x71736873) - LZMA compression + shsq (0x73687371) - LZMA compression, SWAPPED fields + +Add support for detecting this and enable extraction for filesystems +from those firmwares. + +Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> +Tested-by: Antonio Ospite <ospite@studenti.unina.it> +--- + squashfs-tools/squashfs_fs.h | 6 ++++++ + squashfs-tools/unsquashfs.c | 24 ++++++++++++++++++------ + 2 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/squashfs-tools/squashfs_fs.h b/squashfs-tools/squashfs_fs.h +index d4fba1b..8462a6b 100644 +--- a/squashfs-tools/squashfs_fs.h ++++ b/squashfs-tools/squashfs_fs.h +@@ -30,6 +30,12 @@ + #define SQUASHFS_MAGIC_SWAP 0x68737173 + #define SQUASHFS_START 0 + ++/* ++ * Squashfs + LZMA ++ */ ++#define SQUASHFS_MAGIC_LZMA 0x71736873 ++#define SQUASHFS_MAGIC_LZMA_SWAP 0x73687371 ++ + /* size of metadata (inode and directory) blocks */ + #define SQUASHFS_METADATA_SIZE 8192 + #define SQUASHFS_METADATA_LOG 13 +diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c +index 320bead..7869a38 100644 +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1516,10 +1516,12 @@ int read_super(char *source) + */ + read_fs_bytes(fd, SQUASHFS_START, sizeof(struct squashfs_super_block), + &sBlk_4); +- swap = sBlk_4.s_magic != SQUASHFS_MAGIC; ++ swap = (sBlk_4.s_magic != SQUASHFS_MAGIC && ++ sBlk_4.s_magic != SQUASHFS_MAGIC_LZMA); + SQUASHFS_INSWAP_SUPER_BLOCK(&sBlk_4); + +- if(sBlk_4.s_magic == SQUASHFS_MAGIC && sBlk_4.s_major == 4 && ++ if((sBlk_4.s_magic == SQUASHFS_MAGIC || ++ sBlk_4.s_magic == SQUASHFS_MAGIC_LZMA) && sBlk_4.s_major == 4 && + sBlk_4.s_minor == 0) { + s_ops.squashfs_opendir = squashfs_opendir_4; + s_ops.read_fragment = read_fragment_4; +@@ -1532,7 +1534,11 @@ int read_super(char *source) + /* + * Check the compression type + */ +- comp = lookup_compressor_id(sBlk.s.compression); ++ if (sBlk_4.s_magic == SQUASHFS_MAGIC_LZMA) ++ comp = lookup_compressor("lzma"); ++ else ++ comp = lookup_compressor_id(sBlk.s.compression); ++ + return TRUE; + } + +@@ -1547,8 +1553,10 @@ int read_super(char *source) + * Check it is a SQUASHFS superblock + */ + swap = 0; +- if(sBlk_3.s_magic != SQUASHFS_MAGIC) { +- if(sBlk_3.s_magic == SQUASHFS_MAGIC_SWAP) { ++ if(sBlk_3.s_magic != SQUASHFS_MAGIC && ++ sBlk_3.s_magic != SQUASHFS_MAGIC_LZMA) { ++ if(sBlk_3.s_magic == SQUASHFS_MAGIC_SWAP || ++ sBlk_3.s_magic == SQUASHFS_MAGIC_LZMA_SWAP) { + squashfs_super_block_3 sblk; + ERROR("Reading a different endian SQUASHFS filesystem " + "on %s\n", source); +@@ -1626,7 +1634,11 @@ int read_super(char *source) + /* + * 1.x, 2.x and 3.x filesystems use gzip compression. + */ +- comp = lookup_compressor("gzip"); ++ if (sBlk.s.s_magic == SQUASHFS_MAGIC_LZMA) ++ comp = lookup_compressor("lzma"); ++ else ++ comp = lookup_compressor("gzip"); ++ + return TRUE; + + failed_mount: +-- +1.7.10.4 + diff --git a/patches/source/squashfs-tools/0006-uptream-fix-race.patch b/patches/source/squashfs-tools/0006-uptream-fix-race.patch new file mode 100644 index 00000000..3cefbe5b --- /dev/null +++ b/patches/source/squashfs-tools/0006-uptream-fix-race.patch @@ -0,0 +1,54 @@ +commit de03266983ceb62e5365aac84fcd3b2fd4d16e6f +Author: Phillip Lougher <phillip@squashfs.org.uk> +Date: Thu Sep 18 01:28:11 2014 +0100 + + mksquashfs: fix rare race in fragment waiting in filesystem finalisation + + Fix a rare race condition in fragment waiting when finalising the + filesystem. This is a race condition that was initially fixed in 2009, + but inadvertantly re-introduced in the latest release when the code + was rewritten. + + Background: + + When finalising the filesystem, the main control thread needs to ensure + all the in-flight fragments have been queued to the writer thread before + asking the writer thread to finish, and then writing the metadata. + + It does this by waiting on the fragments_outstanding counter. Once this + counter reaches 0, it synchronises with the writer thread, waiting until + the writer thread reports no outstanding data to be written. + + However, the main thread can race with the fragment deflator thread(s) + because the fragment deflator thread(s) decrement the fragments_outstanding + counter and release the mutex before queueing the compressed fragment + to the writer thread, i.e. the offending code is: + + fragments_outstanding --; + pthread_mutex_unlock(&fragment_mutex); + queue_put(to_writer, write_buffer); + + In extremely rare circumstances, the main thread may see the + fragments_outstanding counter is zero before the fragment + deflator sends the fragment buffer to the writer thread, and synchronise + with the writer thread, and finalise before the fragment has been written. + + The fix is to ensure the fragment is queued to the writer thread + before releasing the mutex. + + Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index 87b7d86..f1fcff1 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -2445,8 +2445,8 @@ void *frag_deflator(void *arg) + write_buffer->block = bytes; + bytes += compressed_size; + fragments_outstanding --; +- pthread_mutex_unlock(&fragment_mutex); + queue_put(to_writer, write_buffer); ++ pthread_mutex_unlock(&fragment_mutex); + TRACE("Writing fragment %lld, uncompressed size %d, " + "compressed size %d\n", file_buffer->block, + file_buffer->size, compressed_size); diff --git a/patches/source/squashfs-tools/0007-fix-2GB-limit-in-mksquashfs.patch b/patches/source/squashfs-tools/0007-fix-2GB-limit-in-mksquashfs.patch new file mode 100644 index 00000000..c689a3a9 --- /dev/null +++ b/patches/source/squashfs-tools/0007-fix-2GB-limit-in-mksquashfs.patch @@ -0,0 +1,27 @@ +From 9c1db6d13a51a2e009f0027ef336ce03624eac0d Mon Sep 17 00:00:00 2001 +From: "Guan, Xin" <guanx.bac@gmail.com> +Date: Sat, 13 Sep 2014 13:15:26 +0200 +Subject: [PATCH] Fix 2GB-limit of the is_fragment(...) function. + +Applies to squashfs-tools 4.3. + +Reported-by: Bruno Wolff III <bruno@wolff.to> +Signed-off-by: Guan, Xin <guanx.bac@gmail.com> +Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> +--- + squashfs-tools/mksquashfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index f1fcff1..d221c35 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -2055,7 +2055,7 @@ struct file_info *duplicate(long long file_size, long long bytes, + + inline int is_fragment(struct inode_info *inode) + { +- int file_size = inode->buf.st_size; ++ off_t file_size = inode->buf.st_size; + + /* + * If this block is to be compressed differently to the diff --git a/patches/source/squashfs-tools/slack-desc b/patches/source/squashfs-tools/slack-desc new file mode 100644 index 00000000..681a6630 --- /dev/null +++ b/patches/source/squashfs-tools/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +squashfs-tools: squashfs-tools (squashed read-only filesystem for Linux) +squashfs-tools: +squashfs-tools: Squashfs is a highly compressed read-only filesystem for Linux. +squashfs-tools: Squashfs compresses both files, inodes and directories, and +squashfs-tools: supports block sizes up to 1Mbytes for greater compression. +squashfs-tools: It is implemented as a kernel module under VFS. +squashfs-tools: The package contains tools for manipulation of squashfs bundles. +squashfs-tools: +squashfs-tools: +squashfs-tools: squashfs-tools home: http://squashfs.sourceforge.net/ +squashfs-tools: diff --git a/patches/source/squashfs-tools/squashfs-tools.SlackBuild b/patches/source/squashfs-tools/squashfs-tools.SlackBuild new file mode 100755 index 00000000..1b010d0e --- /dev/null +++ b/patches/source/squashfs-tools/squashfs-tools.SlackBuild @@ -0,0 +1,122 @@ +#!/bin/sh + +# Copyright 2015 Eric Hameleers, Eindhoven, NL +# Copyright 2017 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +PKGNAM=squashfs-tools +VERSION=${VERSION:-$(echo squashfs*.tar.xz | cut -b9- | rev | cut -f3- -d . | rev)} +BUILD=${BUILD:-2_slack14.2} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf squashfs${VERSION} +tar xvf $CWD/squashfs${VERSION}.tar.xz || exit 1 +cd squashfs${VERSION} || exit 1 + +zcat $CWD/0001-kfreebsd.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0002-fix_phys_mem_calculation.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0003-CVE-2015-4645_and_CVE-2015-4646.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0004-unsquashfs-add-support-for-LZMA-magics.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0006-uptream-fix-race.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/0007-fix-2GB-limit-in-mksquashfs.patch.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +cd squashfs-tools || exit 1 + +# Build: +CFLAGS="$SLKCFLAGS" \ +make $NUMJOBS \ + GZIP_SUPPORT="1" \ + XZ_SUPPORT="1" \ + LZO_SUPPORT="1" \ + LZMA_XZ_SUPPORT="1" \ + COMP_DEFAULT="xz" || exit 1 + +# Install: +make install INSTALL_DIR=$PKG/usr/bin || exit 1 + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +( cd .. + cp -a \ + ACKNOWLEDGEMENTS CHANGES COPYING DONATIONS INSTALL \ + README* PERFORMANCE.README *.example \ + $PKG/usr/doc/${PKGNAM}-$VERSION +) + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + |