!61 sync mainline branch

From: @zhouwenpei Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-07-28 03:01:00 +00:00 · 2022-07-28 03:01:00 +00:00 · 185045844b
commit 185045844b
parent abb42317e6 34a932dd91
2 changed files with 21 additions and 19 deletions
--- a/backport-CVE-2022-33967.patch
+++ b/backport-CVE-2022-33967.patch
@ -1,8 +1,7 @@
-From 7f7fb9937c6cb49dd35153bd6708872b390b0a44 Mon Sep 17 00:00:00 2001
+From e40e9a32dd411f444d6e2ed73c517ee584a386ae Mon Sep 17 00:00:00 2001
 From: Miquel Raynal <miquel.raynal@bootlin.com>
-Date: Mon, 27 Jun 2022 12:20:03 +0200
+Date: Wed, 20 Jul 2022 09:18:20 +0000
 Subject: [PATCH] fs/squashfs: Use kcalloc when relevant 
 A crafted squashfs image could embed a huge number of empty metadata
 blocks in order to make the amount of malloc()'d memory overflow and be
 much smaller than expected. Because of this flaw, any random code
@ -21,19 +20,13 @@ The right way to do it would be to enhance the calloc() implementation
 but this is quite an impacting change for such a small fix. Another
 solution would be to add the check before the malloc call in the
 squashfs implementation, but this does not look right. So for now, let's
-use the kcalloc() compatibility function from Linux, which has this
+use the kcalloc() compatibility function fro...
 check.
 Fixes: c5100613037 ("fs/squashfs: new filesystem")
 Reported-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com>
 Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
 Tested-by: Tatsuhiko Yasumatsu <Tatsuhiko.Yasumatsu@sony.com>
 ---
 fs/squashfs/sqfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c
-index 92ab8ac6..60557f4a 100644
+index 92ab8ac6..ef4b5836 100644
 --- a/fs/squashfs/sqfs.c
 +++ b/fs/squashfs/sqfs.c
@@ -13,6 +13,7 @@
@ -55,3 +48,5 @@ index 92ab8ac6..60557f4a 100644
 		ret = -ENOMEM;
 		goto free_itb;
 -- 
 2.33.0
--- a/uboot-tools.spec
+++ b/uboot-tools.spec
@ -3,7 +3,7 @@
 Name:           uboot-tools
 Version:        2021.10
-Release:        4
+Release:        6
 Summary:        tools for U-Boot
 License:        GPL-2.0-or-later and Public Domain and GPL-2.0-only
 URL:            http://www.denx.de/wiki/U-Boot
@ -25,6 +25,7 @@ Patch6004:	backport-CVE-2022-33967.patch
 BuildRequires:  bc dtc gcc make flex bison git-core openssl-devel
 BuildRequires:  python3-unversioned-command python3-devel python3-setuptools
 BuildRequires:  python3-libfdt python3-pyelftools SDL-devel swig
 BuildRequires:  perl
 # this required when /usr/bin/python link to python3
 BuildRequires:  python3-devel
 %if %{with_armv8}
@ -243,15 +244,21 @@ cp -p board/warp7/README builds/docs/README.warp7
 %{_mandir}/man1/mkimage.1*
 %changelog
-* Tue Jul 26 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2021-10-4
+* Wed Jul 20 2022 cenhuilin <cenhuilin@kylinos.cn> - 2021.10-6
 - fix CVE-2022-33967
-* Tue Jul 12 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2021-10-3
+* Tue Jul 12 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2021.10-5
 - fix CVE-2022-34835
-* Wed May 11 2022 liuyumeng <liuyumeng5@h-partners.com> - 2021-10-2
+* Wed May 11 2022 liuyumeng <liuyumeng5@h-partners.com> - 2021.10-4
 - fix license error
 * Sat May 07 2022 liuyumeng <liuyumeng5@h-partners.com> - 2021.10-3
 - fix license error
 * Wed Apr 13 2022 yangcheng <yangcheng87@h-partners.com> - 2021.10-2
 - Add perl buildrequires to resolve compilation error
 * Mon Dec 6 2021 yangcheng <yangcheng87@huawei.com> - 2021.10-1
 - Upgrade to 2021.10