1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 03:47:03 +00:00

squashfs-tools: fix CVE-2021-41072

Backport patch to fix CVE-2021-41072. And 3 more ancestor commits are
backported too, otherwise it fails to compile.

CVE: CVE-2021-41072

Ref:
* https://nvd.nist.gov/vuln/detail/CVE-2021-41072

(From OE-Core rev: 329e893a36cf651bfd73abe8e50f173382e3b015)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Kai Kang
2021-11-02 16:17:01 +08:00
committed by Richard Purdie
parent 6e02c340bf
commit fc46b14304
5 changed files with 898 additions and 0 deletions
@@ -11,6 +11,10 @@ PV = "4.5"
SRCREV = "0496d7c3de3e09da37ba492081c86159806ebb07"
SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
file://0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch \
file://CVE-2021-41072-requisite-1.patch;striplevel=2 \
file://CVE-2021-41072-requisite-2.patch;striplevel=2 \
file://CVE-2021-41072-requisite-3.patch;striplevel=2 \
file://CVE-2021-41072.patch;striplevel=2 \
"
S = "${WORKDIR}/git/squashfs-tools"