| Message ID | 20220920190354.3688773-1-francois.perrad@gadz.org |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | package/squashfs: security bump to version 4.5.1 | expand |
François, All, On 2022-09-20 21:03 +0200, Francois Perrad spake thusly: > fix CVE-2021-41072 > > remove upstream patch > add a new patch OK, so looking at the diffstat, it is obvious that a patch is added. What the cmmit log should state, is why it is added: squashfs-tools will try by default to build manpages, but that fails in our case because [reason]. So, we disable building manpages by setting USE_PREBUILT_MANPAGES=n. And thus you can see that probably we do not need the patch. Or if we do, then tweak the explanations above to explain why we can't use USE_PREBUILT_MANPAGES=n and thus need a patch to remove the call to ../generate-manpages/install-manpages.sh Regards, Yann E. MORIN. > Signed-off-by: Francois Perrad <francois.perrad@gadz.org> > --- > ...e-of-INSTALL_DIR-for-symlink-targets.patch | 37 ------------------- > package/squashfs/0001-remove-manpages.patch | 22 +++++++++++ > package/squashfs/squashfs.hash | 2 +- > package/squashfs/squashfs.mk | 2 +- > 4 files changed, 24 insertions(+), 39 deletions(-) > delete mode 100644 package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch > create mode 100644 package/squashfs/0001-remove-manpages.patch > > diff --git a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch b/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch > deleted file mode 100644 > index 997719e63..000000000 > --- a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch > +++ /dev/null > @@ -1,37 +0,0 @@ > -From f5c908e92d4c055859be2fddbda266d9e3bfd415 Mon Sep 17 00:00:00 2001 > -From: Patrick McCarty <patrick.mccarty@intel.com> > -Date: Mon, 26 Jul 2021 11:38:43 -0700 > -Subject: [PATCH] Avoid use of INSTALL_DIR for symlink targets > - > -In case INSTALL_DIR is overridden with a staged install location, using > -INSTALL_DIR for the symlink target path prefix will yield an incorrect location > -for the final installation. > - > -Because the symlink itself is already installed to INSTALL_DIR, simply removing > -the INSTALL_DIR prefix suffices as a fix. > - > -Note that using $DESTDIR/$INSTALL_DIR where appropriate can avoid this type of > -issue, but that can be considered a future enhancement. > - > -Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com> > -Upstream: f5c908e92d4c055859be2fddbda266d9e3bfd415 > -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > ---- > - squashfs-tools/Makefile | 4 ++-- > - 1 file changed, 2 insertions(+), 2 deletions(-) > - > -diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile > -index f5a55f1..7262a2e 100755 > ---- a/squashfs-tools/Makefile > -+++ b/squashfs-tools/Makefile > -@@ -406,5 +406,5 @@ install: mksquashfs unsquashfs > - mkdir -p $(INSTALL_DIR) > - cp mksquashfs $(INSTALL_DIR) > - cp unsquashfs $(INSTALL_DIR) > -- ln -fs $(INSTALL_DIR)/unsquashfs $(INSTALL_DIR)/sqfscat > -- ln -fs $(INSTALL_DIR)/mksquashfs $(INSTALL_DIR)/sqfstar > -+ ln -fs unsquashfs $(INSTALL_DIR)/sqfscat > -+ ln -fs mksquashfs $(INSTALL_DIR)/sqfstar > --- > -2.31.1 > - > diff --git a/package/squashfs/0001-remove-manpages.patch b/package/squashfs/0001-remove-manpages.patch > new file mode 100644 > index 000000000..5bb1a12d0 > --- /dev/null > +++ b/package/squashfs/0001-remove-manpages.patch > @@ -0,0 +1,22 @@ > +From 9ae79c2202e462401715671c6d19bb1e83dad741 Mon Sep 17 00:00:00 2001 > +From: Francois Perrad <francois.perrad@gadz.org> > +Date: Tue, 20 Sep 2022 20:16:21 +0200 > +Subject: [PATCH] remove manpages > + > +Signed-off-by: Francois Perrad <francois.perrad@gadz.org> > +--- > + squashfs-tools/Makefile | 1 - > + 1 file changed, 1 deletion(-) > + > +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile > +index 8b80b8a..3d14773 100755 > +--- a/squashfs-tools/Makefile > ++++ b/squashfs-tools/Makefile > +@@ -422,4 +422,3 @@ install: mksquashfs unsquashfs > + cp unsquashfs $(INSTALL_DIR) > + ln -fs unsquashfs $(INSTALL_DIR)/sqfscat > + ln -fs mksquashfs $(INSTALL_DIR)/sqfstar > +- ../generate-manpages/install-manpages.sh $(shell pwd)/.. "$(INSTALL_MANPAGES_DIR)" > +-- > +2.34.1 > + > diff --git a/package/squashfs/squashfs.hash b/package/squashfs/squashfs.hash > index 09a2bae36..13d5aed71 100644 > --- a/package/squashfs/squashfs.hash > +++ b/package/squashfs/squashfs.hash > @@ -1,5 +1,5 @@ > # Locally computed > -sha256 b9e16188e6dc1857fe312633920f7d71cc36b0162eb50f3ecb1f0040f02edddd squashfs-4.5.tar.gz > +sha256 277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7 squashfs-4.5.1.tar.gz > > # License files > sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING > diff --git a/package/squashfs/squashfs.mk b/package/squashfs/squashfs.mk > index f64d441c9..99ba1380a 100644 > --- a/package/squashfs/squashfs.mk > +++ b/package/squashfs/squashfs.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -SQUASHFS_VERSION = 4.5 > +SQUASHFS_VERSION = 4.5.1 > SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION)) > SQUASHFS_LICENSE = GPL-2.0+ > SQUASHFS_LICENSE_FILES = COPYING > -- > 2.34.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch b/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch deleted file mode 100644 index 997719e63..000000000 --- a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f5c908e92d4c055859be2fddbda266d9e3bfd415 Mon Sep 17 00:00:00 2001 -From: Patrick McCarty <patrick.mccarty@intel.com> -Date: Mon, 26 Jul 2021 11:38:43 -0700 -Subject: [PATCH] Avoid use of INSTALL_DIR for symlink targets - -In case INSTALL_DIR is overridden with a staged install location, using -INSTALL_DIR for the symlink target path prefix will yield an incorrect location -for the final installation. - -Because the symlink itself is already installed to INSTALL_DIR, simply removing -the INSTALL_DIR prefix suffices as a fix. - -Note that using $DESTDIR/$INSTALL_DIR where appropriate can avoid this type of -issue, but that can be considered a future enhancement. - -Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com> -Upstream: f5c908e92d4c055859be2fddbda266d9e3bfd415 -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> ---- - squashfs-tools/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile -index f5a55f1..7262a2e 100755 ---- a/squashfs-tools/Makefile -+++ b/squashfs-tools/Makefile -@@ -406,5 +406,5 @@ install: mksquashfs unsquashfs - mkdir -p $(INSTALL_DIR) - cp mksquashfs $(INSTALL_DIR) - cp unsquashfs $(INSTALL_DIR) -- ln -fs $(INSTALL_DIR)/unsquashfs $(INSTALL_DIR)/sqfscat -- ln -fs $(INSTALL_DIR)/mksquashfs $(INSTALL_DIR)/sqfstar -+ ln -fs unsquashfs $(INSTALL_DIR)/sqfscat -+ ln -fs mksquashfs $(INSTALL_DIR)/sqfstar --- -2.31.1 - diff --git a/package/squashfs/0001-remove-manpages.patch b/package/squashfs/0001-remove-manpages.patch new file mode 100644 index 000000000..5bb1a12d0 --- /dev/null +++ b/package/squashfs/0001-remove-manpages.patch @@ -0,0 +1,22 @@ +From 9ae79c2202e462401715671c6d19bb1e83dad741 Mon Sep 17 00:00:00 2001 +From: Francois Perrad <francois.perrad@gadz.org> +Date: Tue, 20 Sep 2022 20:16:21 +0200 +Subject: [PATCH] remove manpages + +Signed-off-by: Francois Perrad <francois.perrad@gadz.org> +--- + squashfs-tools/Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile +index 8b80b8a..3d14773 100755 +--- a/squashfs-tools/Makefile ++++ b/squashfs-tools/Makefile +@@ -422,4 +422,3 @@ install: mksquashfs unsquashfs + cp unsquashfs $(INSTALL_DIR) + ln -fs unsquashfs $(INSTALL_DIR)/sqfscat + ln -fs mksquashfs $(INSTALL_DIR)/sqfstar +- ../generate-manpages/install-manpages.sh $(shell pwd)/.. "$(INSTALL_MANPAGES_DIR)" +-- +2.34.1 + diff --git a/package/squashfs/squashfs.hash b/package/squashfs/squashfs.hash index 09a2bae36..13d5aed71 100644 --- a/package/squashfs/squashfs.hash +++ b/package/squashfs/squashfs.hash @@ -1,5 +1,5 @@ # Locally computed -sha256 b9e16188e6dc1857fe312633920f7d71cc36b0162eb50f3ecb1f0040f02edddd squashfs-4.5.tar.gz +sha256 277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7 squashfs-4.5.1.tar.gz # License files sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/squashfs/squashfs.mk b/package/squashfs/squashfs.mk index f64d441c9..99ba1380a 100644 --- a/package/squashfs/squashfs.mk +++ b/package/squashfs/squashfs.mk @@ -4,7 +4,7 @@ # ################################################################################ -SQUASHFS_VERSION = 4.5 +SQUASHFS_VERSION = 4.5.1 SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION)) SQUASHFS_LICENSE = GPL-2.0+ SQUASHFS_LICENSE_FILES = COPYING
fix CVE-2021-41072 remove upstream patch add a new patch Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- ...e-of-INSTALL_DIR-for-symlink-targets.patch | 37 ------------------- package/squashfs/0001-remove-manpages.patch | 22 +++++++++++ package/squashfs/squashfs.hash | 2 +- package/squashfs/squashfs.mk | 2 +- 4 files changed, 24 insertions(+), 39 deletions(-) delete mode 100644 package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch create mode 100644 package/squashfs/0001-remove-manpages.patch