Mirrors/Ventoy
1
0
Fork 0
mirror of https://github.com/ventoy/Ventoy.git synced 2025-12-22 03:26:17 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added the Uzbek language я исправил потвердите (#3306)

Browse Source 
* added the Uzbek language

* Potential fix for code scanning alert no. 1: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 2: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 3: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 13: Time-of-check time-of-use filesystem race condition

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 12: Time-of-check time-of-use filesystem race condition

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 4: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 11: Time-of-check time-of-use filesystem race condition

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 5: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 7: Unsafe jQuery plugin

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 8: Unsafe jQuery plugin

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 14: DOM text reinterpreted as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 10: Time-of-check time-of-use filesystem race condition

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 15: Time-of-check time-of-use filesystem race condition

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 9: Call to `memset` may be deleted

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update bootstrap.js

* Update ci.yml

* Potential fix for code scanning alert no. 17: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 16: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update ci.yml

* Update ci.yml

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
tojik_proof_93
2025-12-21 17:23:34 +05:00
committed by GitHub
parent 5c6e1c2446
commit d3b911d249
9 changed files with 177 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/ci.yml vendored
View File

@@ -1,4 +1,6 @@
name: Ventoy CI name: Ventoy CI
permissions:
contents: read
on: on:
push: push:
@@ -12,26 +14,26 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v6
- name: Run docker compose up - name: Run docker compose up
run: docker compose up run: docker compose up
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v6
with: with:
name: ventoy-windows name: ventoy-windows
path: INSTALL/ventoy-*windows* path: INSTALL/ventoy-*windows*
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v6
with: with:
name: ventoy-linux name: ventoy-linux
path: INSTALL/ventoy-*linux* path: INSTALL/ventoy-*linux*
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v6
with: with:
name: ventoy-livecd name: ventoy-livecd
path: INSTALL/ventoy-*livecd* path: INSTALL/ventoy-*livecd*
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v6
with: with:
name: SHA256SUM name: SHA256SUM
path: INSTALL/sha256.txt path: INSTALL/sha256.txt
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v6
with: with:
name: xxx-build-log name: xxx-build-log
path: DOC/build.log path: DOC/build.log

2
.github/workflows/sync2gitee.yml vendored
View File

@@ -1,4 +1,6 @@
name: Mirror GitHub to Gitee name: Mirror GitHub to Gitee
permissions:
contents: read
on: on:
# Triggers the workflow on push or pull request events but only for the main branch # Triggers the workflow on push or pull request events but only for the main branch

65
LANGUAGES/languages.json
View File

@@ -2728,6 +2728,71 @@
"STRXXX":"" "STRXXX":""
}, },
{
"name":"Uzbek (Uzbek tili)",
"FontFamily":"Courier New",
"FontSize":16,
"Author":"Husen Djalolov, tojik_proof_93",
"STR_ERROR":"Xato",
"STR_WARNING":"Diqqat",
"STR_INFO":"Ma'lumot",
"STR_INCORRECT_DIR":"Boshqa papkada ishga tushiring!",
"STR_INCORRECT_TREE_DIR":"Ilovani bu erda ishga tushirmang, o'rnatish paketini yuklab oling va uni boshqa joyda ishga tushiring.",
"STR_DEVICE":"Qurilma",
"STR_LOCAL_VER":"Paketdagi Ventoy",
"STR_DISK_VER":"Drayvdagi Ventoy",
"STR_STATUS":"Davlat-tayyor",
"STR_INSTALL":"O'rnatish",
"STR_UPDATE":"Yangilash",
"STR_UPDATE_TIP":"Yangilash xavfsiz, ISO tasvirlari o'zgarishsiz qoladi.#@Davom etasizmi?",
"STR_INSTALL_TIP":"Ushbu amal drayverni formatlaydi va undagi barcha ma'lumotlar o'chib ketadi.#@Davom etasizmi?",
"STR_INSTALL_TIP2":"Ushbu harakat drayverni formatlaydi, undagi barcha ma'lumotlar yo'q qilinadi.#@Siz haqiqatan ham davom etishni xohlaysizmi?",
"STR_INSTALL_SUCCESS":"Tabriklaymiz!#@Ventoy-ni qurilmaga o'rnatish muvaffaqiyatli amalga oshirildi.",
"STR_INSTALL_FAILED":"O'rnatish xatosi. USB drayverini qayta ulang va qaytadan urinib ko'ring. Log fayliga qarang.tafsilotlar bilan txt. Agar xato davom etsa, rasmiy veb-saytdagi «FAQ» ga qarang.",
"STR_UPDATE_SUCCESS":"Tabriklaymiz!#@Ventoy qurilmangizda muvaffaqiyatli yangilandi.",
"STR_UPDATE_FAILED":"Ventoy-ni yangilashda xato. USB drayverini qayta ulang va qaytadan urinib ko'ring. Log fayliga qarang.tafsilotlar bilan txt. Agar xato davom etsa, rasmiy veb-saytdagi «FAQ» ga qarang.",
"STR_WAIT_PROCESS":"Harakat boshlandi, kuting...",
"STR_MENU_OPTION":"Sozlamalar",
"STR_MENU_SECURE_BOOT":"Secure Boot-Ni Qo'llab-Quvvatlash",
"STR_MENU_PART_CFG":"Qo'shimcha bo'lim",
"STR_BTN_OK":"OK",
"STR_BTN_CANCEL":"Bekor qilish",
"STR_PRESERVE_SPACE":"Disk oxirida qo'shimcha bo'lim yarating",
"STR_SPACE_VAL_INVALID":"Bo'lim o'lchamining yaroqsiz qiymati",
"STR_MENU_CLEAR":"Ventoyni Olib Tashlang",
"STR_CLEAR_SUCCESS":"Ventoy qurilmadan muvaffaqiyatli olib tashlandi.",
"STR_CLEAR_FAILED":"Ventoyni olib tashlashda xato. USB drayverini qayta ulang va qaytadan urinib ko'ring. Log fayliga qarang.tafsilotlar bilan txt.",
"STR_MENU_PART_STYLE":"Bo'limlarni belgilash uslubi",
"STR_DISK_2TB_MBR_ERROR":"2 TB dan ortiq xotira uchun GPT ni tanlang",
"STR_SHOW_ALL_DEV":"Barcha qurilmalarni ko'rsatish",
"STR_PART_ALIGN_4KB":"4 KB klasterli bo'limlarni tekislang",
"STR_WEB_COMMUNICATION_ERR":"Aloqa xatosi:",
"STR_WEB_REMOTE_ABNORMAL":"Aloqa xatosi: masofaviy ulanish haqiqiy emas",
"STR_WEB_REQUEST_TIMEOUT":"Aloqa xatosi: so'rov vaqti tugadi",
"STR_WEB_SERVICE_UNAVAILABLE":"Aloqa xatosi: xizmat mavjud emas",
"STR_WEB_TOKEN_MISMATCH":"Xizmat holati yangilandi, keyinroq qayta urinib ko'ring.",
"STR_WEB_SERVICE_BUSY":"Xizmat band, keyinroq qayta urinib ko'ring.",
"STR_MENU_VTSI_CREATE":"Fayl yarating .vtsi",
"STR_VTSI_CREATE_TIP":"Ventoy-ni haydovchiga o'rnatish o'rniga faqat vtsi fayli yaratiladi.#@Davom etasizmi?",
"STR_VTSI_CREATE_SUCCESS":"Fayl .vtsi muvaffaqiyatli yaratildi.#@Ventoy-ni o'rnatishni yakunlash uchun uni Rufus ilovasi (v3.15+) yordamida diskka yozishingiz mumkin.",
"STR_VTSI_CREATE_FAILED":"Vtsi faylini yaratishda xato.",
"STR_MENU_PART_RESIZE":"Buzilmaydigan o'rnatish",
"STR_PART_RESIZE_TIP":"Ventoy buzilmaydigan o'rnatishni amalga oshirishga harakat qiladi.#@Davom etasizmi?",
"STR_PART_RESIZE_SUCCESS":"Tabriklaymiz!#@Ventoy-ni buzilmaydigan o'rnatish muvaffaqiyatli yakunlandi.",
"STR_PART_RESIZE_FAILED":"Buzilmaydigan o'rnatishni amalga oshirib bo'lmadi, log fayliga qarang.tafsilotlar bilan txt.",
"STR_PART_RESIZE_UNSUPPORTED":"Ventoy-ning buzilmaydigan o'rnatilishi ba'zi talablarga javob bermasligi sababli to'xtatildi. Log fayliga qarang.tafsilotlar bilan txt.",
"STR_INSTALL_YES_TIP1":"DIQQAT: Barcha ma'lumotlar yo'qoladi!",
"STR_INSTALL_YES_TIP2":"Yangilashni emas, balki yangi o'rnatishni amalga oshirishni xohlayotganingizni tasdiqlash uchun quyidagi matn maydoniga «HA» yozing.",
"STR_PART_VENTOY_FS":"Ventoy bo'limi uchun fayl tizimi",
"STR_PART_FS":"Turi:",
"STR_PART_CLUSTER":"Klaster hajmi:",
"STR_PART_CLUSTER_DEFAULT":"Standart tizim qiymati",
"STR_DONATE":"Xayriya qilish",
"STR_4KN_UNSUPPORTED":"Ventoy hozirda mahalliy 4K qurilmalarini qo'llab-quvvatlamaydi.",
"STRXXX":""
},
{ {
"name":"Greek (Ελληνικά)", "name":"Greek (Ελληνικά)",
"FontFamily":"Courier New", "FontFamily":"Courier New",

40
LinuxGUI/Ventoy2Disk/Lib/libhttp/include/civetweb.c
View File

@@ -7963,28 +7963,32 @@ delete_file(struct mg_connection *conn, const char *path)
} }
/* This is an existing file (not a directory). /* This is an existing file (not a directory).
* Check if write permission is granted. */ * Try to delete it directly and handle errors. */
if (access(path, W_OK) != 0) {
/* File is read only */
send_http_error(
conn,
403,
"Error: Delete not possible\nDeleting %s is not allowed",
path);
return;
}
/* Try to delete it. */
if (mg_remove(conn, path) == 0) { if (mg_remove(conn, path) == 0) {
/* Delete was successful: Return 204 without content. */ /* Delete was successful: Return 204 without content. */
send_http_error(conn, 204, "%s", ""); send_http_error(conn, 204, "%s", "");
} else { } else {
/* Delete not successful (file locked). */ /* Check the reason for failure. */
send_http_error(conn, if (ERRNO == EACCES || ERRNO == EPERM) {
423, send_http_error(
"Error: Cannot delete file\nremove(%s): %s", conn,
path, 403,
strerror(ERRNO)); "Error: Delete not possible\nDeleting %s is not allowed",
path);
} else if (ERRNO == EBUSY || ERRNO == EAGAIN) {
send_http_error(conn,
423,
"Error: Cannot delete file\nremove(%s): %s",
path,
strerror(ERRNO));
} else {
send_http_error(conn,
500,
"Error: Could not delete %s\nremove(%s): %s",
path,
path,
strerror(ERRNO));
}
} }
} }
#endif /* !NO_FILES */ #endif /* !NO_FILES */

24
LinuxGUI/Ventoy2Disk/ventoy_gui.c
View File

@@ -1,6 +1,8 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h> #include <string.h>
#include <stdarg.h> #include <stdarg.h>
#include <unistd.h> #include <unistd.h>
@@ -1192,26 +1194,34 @@ static int detect_gui_exe_path(int argc, char **argv, const char *curpath, char
vlog("This is %s%d X environment.\n", guitype, ver); vlog("This is %s%d X environment.\n", guitype, ver);
vlog("exe = %s\n", pathbuf); vlog("exe = %s\n", pathbuf);
if (access(pathbuf, F_OK) == -1) int fd = open(pathbuf, O_RDONLY);
if (fd == -1)
{ {
vlog("%s is not exist.\n", pathbuf); vlog("%s does not exist or cannot be opened.\n", pathbuf);
return 1; return 1;
} }
if (access(pathbuf, X_OK) == -1) if (fstat(fd, &filestat) == 0)
{ {
vlog("execute permission check fail, try chmod.\n", pathbuf); if ((filestat.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)
if (stat(pathbuf, &filestat) == 0)
{ {
vlog("execute permission check fail, try chmod.\n");
mode = filestat.st_mode | S_IXUSR | S_IXGRP | S_IXOTH; mode = filestat.st_mode | S_IXUSR | S_IXGRP | S_IXOTH;
ret = chmod(pathbuf, mode); ret = fchmod(fd, mode);
vlog("old mode=%o new mode=%o ret=%d\n", filestat.st_mode, mode, ret); vlog("old mode=%o new mode=%o ret=%d\n", filestat.st_mode, mode, ret);
} }
else
{
vlog("execute permission check success.\n");
}
} }
else else
{ {
vlog("execute permission check success.\n"); vlog("fstat failed on %s\n", pathbuf);
close(fd);
return 1;
} }
close(fd);
return 0; return 0;
} }

34
Plugson/src/Lib/libhttp/include/civetweb.c
View File

@@ -7977,28 +7977,26 @@ delete_file(struct mg_connection *conn, const char *path)
} }
/* This is an existing file (not a directory). /* This is an existing file (not a directory).
* Check if write permission is granted. */ * Try to delete the file directly. */
if (access(path, W_OK) != 0) {
/* File is read only */
send_http_error(
conn,
403,
"Error: Delete not possible\nDeleting %s is not allowed",
path);
return;
}
/* Try to delete it. */
if (mg_remove(conn, path) == 0) { if (mg_remove(conn, path) == 0) {
/* Delete was successful: Return 204 without content. */ /* Delete was successful: Return 204 without content. */
send_http_error(conn, 204, "%s", ""); send_http_error(conn, 204, "%s", "");
} else { } else {
/* Delete not successful (file locked). */ /* Check if the error is a permission error. */
send_http_error(conn, if (ERRNO == EACCES || ERRNO == EPERM) {
423, send_http_error(
"Error: Cannot delete file\nremove(%s): %s", conn,
path, 403,
strerror(ERRNO)); "Error: Delete not possible\nDeleting %s is not allowed",
path);
} else {
/* Delete not successful (file locked or other error). */
send_http_error(conn,
423,
"Error: Cannot delete file\nremove(%s): %s",
path,
strerror(ERRNO));
}
} }
} }
#endif /* !NO_FILES */ #endif /* !NO_FILES */

41
Plugson/www/static/bootstrap/js/bootstrap.js vendored
View File

@@ -109,11 +109,12 @@ if (typeof jQuery === 'undefined') {
selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7 selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
} }
var $parent = $(selector) var $parent;
if (selector && selector.charAt(0) === '#' && /^[#A-Za-z0-9\-_:.]+$/.test(selector)) {
if (e) e.preventDefault() // Only allow ID selectors
var el = document.getElementById(selector.slice(1));
if (!$parent.length) { $parent = $(el);
} else {
$parent = $this.closest('.alert') $parent = $this.closest('.alert')
} }
@@ -502,7 +503,14 @@ if (typeof jQuery === 'undefined') {
var clickHandler = function (e) { var clickHandler = function (e) {
var href var href
var $this = $(this) var $this = $(this)
var $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7 var targetSelector = $this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, ''); // strip for ie7
// Only allow ID selectors (starting with # and containing valid characters)
var $target = null;
if (targetSelector && /^#[A-Za-z0-9\-_:.]+$/.test(targetSelector)) {
$target = $(document).find(targetSelector);
} else {
return;
}
if (!$target.hasClass('carousel')) return if (!$target.hasClass('carousel')) return
var options = $.extend({}, $target.data(), $this.data()) var options = $.extend({}, $target.data(), $this.data())
var slideIndex = $this.attr('data-slide-to') var slideIndex = $this.attr('data-slide-to')
@@ -691,7 +699,7 @@ if (typeof jQuery === 'undefined') {
var target = $trigger.attr('data-target') var target = $trigger.attr('data-target')
|| (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7 || (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7
return $(target) return $(document).find(target)
} }
@@ -773,7 +781,9 @@ if (typeof jQuery === 'undefined') {
selector = selector && /#[A-Za-z]/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7 selector = selector && /#[A-Za-z]/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
} }
var $parent = selector && $(selector) // Only allow selector if it is a safe CSS selector (starts with # or . and does not contain '<')
var isSafeSelector = selector && (/^#[\w-]+$/.test(selector) || (/^\.[\w-]+$/.test(selector))) && selector.indexOf('<') === -1;
var $parent = isSafeSelector ? $(document).find(selector) : $this.parent();
return $parent && $parent.length ? $parent : $this.parent() return $parent && $parent.length ? $parent : $this.parent()
} }
@@ -1230,7 +1240,8 @@ if (typeof jQuery === 'undefined') {
$(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function (e) { $(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function (e) {
var $this = $(this) var $this = $(this)
var href = $this.attr('href') var href = $this.attr('href')
var $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))) // strip for ie7 var selector = $this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, '')); // strip for ie7
var $target = $(document).find(selector);
var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data()) var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data())
if ($this.is('a')) e.preventDefault() if ($this.is('a')) e.preventDefault()
@@ -1299,7 +1310,13 @@ if (typeof jQuery === 'undefined') {
this.type = type this.type = type
this.$element = $(element) this.$element = $(element)
this.options = this.getOptions(options) this.options = this.getOptions(options)
this.$viewport = this.options.viewport && $($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport)) var viewportOption = $.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport);
if (typeof viewportOption === 'string') {
// Use find to ensure only CSS selectors are accepted, not HTML
this.$viewport = $(document).find(viewportOption);
} else {
this.$viewport = $(viewportOption);
}
this.inState = { click: false, hover: false, focus: false } this.inState = { click: false, hover: false, focus: false }
if (this.$element[0] instanceof document.constructor && !this.options.selector) { if (this.$element[0] instanceof document.constructor && !this.options.selector) {
@@ -1554,7 +1571,7 @@ if (typeof jQuery === 'undefined') {
var $tip = this.tip() var $tip = this.tip()
var title = this.getTitle() var title = this.getTitle()
$tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title) $tip.find('.tooltip-inner').text(title)
$tip.removeClass('fade in top bottom left right') $tip.removeClass('fade in top bottom left right')
} }
@@ -2217,7 +2234,7 @@ if (typeof jQuery === 'undefined') {
var Affix = function (element, options) { var Affix = function (element, options) {
this.options = $.extend({}, Affix.DEFAULTS, options) this.options = $.extend({}, Affix.DEFAULTS, options)
this.$target = $(this.options.target) this.$target = $(document).find(this.options.target)
.on('scroll.bs.affix.data-api', $.proxy(this.checkPosition, this)) .on('scroll.bs.affix.data-api', $.proxy(this.checkPosition, this))
.on('click.bs.affix.data-api', $.proxy(this.checkPositionWithEventLoop, this)) .on('click.bs.affix.data-api', $.proxy(this.checkPositionWithEventLoop, this))

15
SQUASHFS/squashfs-tools-4.4/squashfs-tools/lzma_xz_wrapper.c
View File

@@ -25,6 +25,19 @@
#include <string.h> #include <string.h>
#include <lzma.h> #include <lzma.h>
#if defined(__STDC_LIB_EXT1__)
/* Use memset_s if available */
#define secure_memset(dest, value, len) memset_s((dest), (len), (value), (len))
#else
/* Fallback secure_memset implementation */
static void secure_memset(void *v, int c, size_t n) {
volatile unsigned char *p = (volatile unsigned char *)v;
while (n--) {
*p++ = (unsigned char)c;
}
}
#endif
#include "squashfs_fs.h" #include "squashfs_fs.h"
#include "compressor.h" #include "compressor.h"
@@ -120,7 +133,7 @@ static int lzma_uncompress(void *dest, void *src, int size, int outsize,
goto failed; goto failed;
} }
memset(lzma_header + LZMA_PROPS_SIZE, 255, LZMA_UNCOMP_SIZE); secure_memset(lzma_header + LZMA_PROPS_SIZE, 255, LZMA_UNCOMP_SIZE);
strm.next_out = dest; strm.next_out = dest;
strm.avail_out = outsize; strm.avail_out = outsize;

8
SQUASHFS/squashfs-tools-4.4/squashfs-tools/mksquashfs.c
View File

@@ -4856,15 +4856,15 @@ void read_recovery_data(char *recovery_file, char *destination_file)
BAD_ERROR("Failed to open recovery file because %s\n", BAD_ERROR("Failed to open recovery file because %s\n",
strerror(errno)); strerror(errno));
if(stat(destination_file, &buf) == -1)
BAD_ERROR("Failed to stat destination file, because %s\n",
strerror(errno));
fd = open(destination_file, O_RDWR); fd = open(destination_file, O_RDWR);
if(fd == -1) if(fd == -1)
BAD_ERROR("Failed to open destination file because %s\n", BAD_ERROR("Failed to open destination file because %s\n",
strerror(errno)); strerror(errno));
if(fstat(fd, &buf) == -1)
BAD_ERROR("Failed to stat destination file, because %s\n",
strerror(errno));
res = read_bytes(recoverfd, header2, RECOVER_ID_SIZE); res = read_bytes(recoverfd, header2, RECOVER_ID_SIZE);
if(res == -1) if(res == -1)
BAD_ERROR("Failed to read recovery file, because %s\n", BAD_ERROR("Failed to read recovery file, because %s\n",