diff mbox series

[1/1] package/squashfs: security bump to version 4.5.1

Message ID 20221020170233.230696-1-fontaine.fabrice@gmail.com
State Accepted
Headers show
Series [1/1] package/squashfs: security bump to version 4.5.1 | expand

Commit Message

Fabrice Fontaine Oct. 20, 2022, 5:02 p.m. UTC 
- Fix CVE-2021-40153
- CVE-2021-41072 which is a writing outside of destination exploit, has
  been fixed.
- Drop patch (already in version)
- Set INSTALL_MANPAGES_DIR to an empty value to disable build and
  install of man pages which were added with
  https://github.com/plougher/squashfs-tools/commit/25bce9a64cc3f88f0afed9ce2f3d27beabc44d7b

https://github.com/plougher/squashfs-tools/releases/tag/4.5.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...e-of-INSTALL_DIR-for-symlink-targets.patch | 37 -------------------
 package/squashfs/squashfs.hash                |  2 +-
 package/squashfs/squashfs.mk                  |  8 ++--
 3 files changed, 6 insertions(+), 41 deletions(-)
 delete mode 100644 package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch

Comments

Peter Korsgaard Oct. 21, 2022, 6:47 p.m. UTC | #1 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2021-40153
 > - CVE-2021-41072 which is a writing outside of destination exploit, has
 >   been fixed.
 > - Drop patch (already in version)
 > - Set INSTALL_MANPAGES_DIR to an empty value to disable build and
 >   install of man pages which were added with
 >   https://github.com/plougher/squashfs-tools/commit/25bce9a64cc3f88f0afed9ce2f3d27beabc44d7b

 > https://github.com/plougher/squashfs-tools/releases/tag/4.5.1

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.
Peter Korsgaard Nov. 2, 2022, 11 p.m. UTC | #2 
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2021-40153
 > - CVE-2021-41072 which is a writing outside of destination exploit, has
 >   been fixed.
 > - Drop patch (already in version)
 > - Set INSTALL_MANPAGES_DIR to an empty value to disable build and
 >   install of man pages which were added with
 >   https://github.com/plougher/squashfs-tools/commit/25bce9a64cc3f88f0afed9ce2f3d27beabc44d7b

 > https://github.com/plougher/squashfs-tools/releases/tag/4.5.1

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.08.x and 2022.02.x, thanks.
diff mbox series

Patch

diff --git a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch b/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
deleted file mode 100644
index 997719e63a..0000000000
--- a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
+++ /dev/null
@@ -1,37 +0,0 @@ 
-From f5c908e92d4c055859be2fddbda266d9e3bfd415 Mon Sep 17 00:00:00 2001
-From: Patrick McCarty <patrick.mccarty@intel.com>
-Date: Mon, 26 Jul 2021 11:38:43 -0700
-Subject: [PATCH] Avoid use of INSTALL_DIR for symlink targets
-
-In case INSTALL_DIR is overridden with a staged install location, using
-INSTALL_DIR for the symlink target path prefix will yield an incorrect location
-for the final installation.
-
-Because the symlink itself is already installed to INSTALL_DIR, simply removing
-the INSTALL_DIR prefix suffices as a fix.
-
-Note that using $DESTDIR/$INSTALL_DIR where appropriate can avoid this type of
-issue, but that can be considered a future enhancement.
-
-Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
-Upstream: f5c908e92d4c055859be2fddbda266d9e3bfd415
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- squashfs-tools/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
-index f5a55f1..7262a2e 100755
---- a/squashfs-tools/Makefile
-+++ b/squashfs-tools/Makefile
-@@ -406,5 +406,5 @@ install: mksquashfs unsquashfs
- 	mkdir -p $(INSTALL_DIR)
- 	cp mksquashfs $(INSTALL_DIR)
- 	cp unsquashfs $(INSTALL_DIR)
--	ln -fs $(INSTALL_DIR)/unsquashfs $(INSTALL_DIR)/sqfscat
--	ln -fs $(INSTALL_DIR)/mksquashfs $(INSTALL_DIR)/sqfstar
-+	ln -fs unsquashfs $(INSTALL_DIR)/sqfscat
-+	ln -fs mksquashfs $(INSTALL_DIR)/sqfstar
--- 
-2.31.1
-
diff --git a/package/squashfs/squashfs.hash b/package/squashfs/squashfs.hash
index 09a2bae364..13d5aed71f 100644
--- a/package/squashfs/squashfs.hash
+++ b/package/squashfs/squashfs.hash
@@ -1,5 +1,5 @@ 
 # Locally computed
-sha256  b9e16188e6dc1857fe312633920f7d71cc36b0162eb50f3ecb1f0040f02edddd  squashfs-4.5.tar.gz
+sha256  277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7  squashfs-4.5.1.tar.gz
 
 # License files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/squashfs/squashfs.mk b/package/squashfs/squashfs.mk
index f64d441c9b..323908d94e 100644
--- a/package/squashfs/squashfs.mk
+++ b/package/squashfs/squashfs.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-SQUASHFS_VERSION = 4.5
+SQUASHFS_VERSION = 4.5.1
 SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION))
 SQUASHFS_LICENSE = GPL-2.0+
 SQUASHFS_LICENSE_FILES = COPYING
@@ -75,7 +75,8 @@  endef
 
 define SQUASHFS_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) $(SQUASHFS_MAKE_ARGS) \
-		-C $(@D)/squashfs-tools/ INSTALL_DIR=$(TARGET_DIR)/usr/bin install
+		-C $(@D)/squashfs-tools/ INSTALL_DIR=$(TARGET_DIR)/usr/bin \
+		INSTALL_MANPAGES_DIR="" install
 endef
 
 define HOST_SQUASHFS_BUILD_CMDS
@@ -89,7 +90,8 @@  endef
 
 define HOST_SQUASHFS_INSTALL_CMDS
 	$(HOST_MAKE_ENV) $(MAKE) $(HOST_SQUASHFS_MAKE_ARGS) \
-		-C $(@D)/squashfs-tools/ INSTALL_DIR=$(HOST_DIR)/bin install
+		-C $(@D)/squashfs-tools/ INSTALL_DIR=$(HOST_DIR)/bin \
+		INSTALL_MANPAGES_DIR="" install
 endef
 
 $(eval $(generic-package))