diff --git a/0006-pseudo-fix-possible-dereference-of-NULL-pointer.patch b/0006-pseudo-fix-possible-dereference-of-NULL-pointer.patch new file mode 100644 index 0000000000000000000000000000000000000000..7e2483692b3e084d7aad5e7cbaeb0ae3e3d222e5 --- /dev/null +++ b/0006-pseudo-fix-possible-dereference-of-NULL-pointer.patch @@ -0,0 +1,25 @@ +From 787faa3201b923cb91c74bc31c9f59610aca52e2 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Wed, 14 Sep 2022 21:23:24 +0100 +Subject: [PATCH] pseudo: fix possible dereference of NULL pointer + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/pseudo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/squashfs-tools/pseudo.c b/squashfs-tools/pseudo.c +index 5f18bf1..942b98b 100644 +--- a/squashfs-tools/pseudo.c ++++ b/squashfs-tools/pseudo.c +@@ -472,7 +472,7 @@ static int read_pseudo_def_pseudo_link(char *orig_def, char *filename, char *nam + else + pseudo_ent = pseudo_lookup(pseudo, link); + +- if(pseudo_ent == NULL) { ++ if(pseudo_ent == NULL || pseudo_ent->dev == NULL) { + ERROR("Pseudo LINK file %s doesn't exist\n", linkname); + goto error; + } +-- +2.37.0.windows.1 \ No newline at end of file diff --git a/squashfs-tools.spec b/squashfs-tools.spec index c6b14ff2857e6e32fc39288be17023400dd83ced..a453cd82a03f99f46b28835fa71f4e56375144d4 100644 --- a/squashfs-tools.spec +++ b/squashfs-tools.spec @@ -1,6 +1,6 @@ Name: squashfs-tools Version: 4.5 -Release: 1 +Release: 2 Summary: Utility for the squashfs filesystems License: GPLv2+ URL: http://squashfs.sourceforge.net/ @@ -12,6 +12,7 @@ Patch2: 0002-CVE-2021-41072.patch Patch3: 0003-CVE-2021-41072.patch Patch4: 0004-CVE-2021-41072.patch Patch5: 0005-CVE-2021-41072.patch +Patch6: 0006-pseudo-fix-possible-dereference-of-NULL-pointer.patch BuildRequires: zlib-devel xz-devel libzstd-devel BuildRequires: lzo-devel libattr-devel lz4-devel gcc @@ -42,6 +43,9 @@ install -D -m 755 squashfs-tools/unsquashfs %{buildroot}%{_sbindir}/unsquashfs %changelog +* Thu Oct 20 2022 lihaoxiang - 4.5-2 +- fix dereference of null pointer + * Thu Nov 25 2021 yanglongkang - 4.5-1 - update to 4.5