[Buildroot] [PATCH] package/squashfs: security bump to version 4.5.1

Yann E. MORIN yann.morin.1998 at free.fr
Tue Sep 20 19:31:52 UTC 2022 

François, All,

On 2022-09-20 21:03 +0200, Francois Perrad spake thusly:
> fix CVE-2021-41072
> 
> remove upstream patch
> add a new patch

OK, so looking at the diffstat, it is obvious that a patch is added.
What the cmmit log should state, is why it is added:

    squashfs-tools will try by default to build manpages, but that
    fails in our case because [reason]. So, we disable building manpages
    by setting USE_PREBUILT_MANPAGES=n.

And thus you can see that probably we do not need the patch. Or if we
do, then tweak the explanations above to explain why we can't use
USE_PREBUILT_MANPAGES=n and thus need a patch to remove the call to
../generate-manpages/install-manpages.sh

Regards,
Yann E. MORIN.

> Signed-off-by: Francois Perrad <francois.perrad at gadz.org>
> ---
>  ...e-of-INSTALL_DIR-for-symlink-targets.patch | 37 -------------------
>  package/squashfs/0001-remove-manpages.patch   | 22 +++++++++++
>  package/squashfs/squashfs.hash                |  2 +-
>  package/squashfs/squashfs.mk                  |  2 +-
>  4 files changed, 24 insertions(+), 39 deletions(-)
>  delete mode 100644 package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
>  create mode 100644 package/squashfs/0001-remove-manpages.patch
> 
> diff --git a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch b/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
> deleted file mode 100644
> index 997719e63..000000000
> --- a/package/squashfs/0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From f5c908e92d4c055859be2fddbda266d9e3bfd415 Mon Sep 17 00:00:00 2001
> -From: Patrick McCarty <patrick.mccarty at intel.com>
> -Date: Mon, 26 Jul 2021 11:38:43 -0700
> -Subject: [PATCH] Avoid use of INSTALL_DIR for symlink targets
> -
> -In case INSTALL_DIR is overridden with a staged install location, using
> -INSTALL_DIR for the symlink target path prefix will yield an incorrect location
> -for the final installation.
> -
> -Because the symlink itself is already installed to INSTALL_DIR, simply removing
> -the INSTALL_DIR prefix suffices as a fix.
> -
> -Note that using $DESTDIR/$INSTALL_DIR where appropriate can avoid this type of
> -issue, but that can be considered a future enhancement.
> -
> -Signed-off-by: Patrick McCarty <patrick.mccarty at intel.com>
> -Upstream: f5c908e92d4c055859be2fddbda266d9e3bfd415
> -Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> ----
> - squashfs-tools/Makefile | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
> -index f5a55f1..7262a2e 100755
> ---- a/squashfs-tools/Makefile
> -+++ b/squashfs-tools/Makefile
> -@@ -406,5 +406,5 @@ install: mksquashfs unsquashfs
> - 	mkdir -p $(INSTALL_DIR)
> - 	cp mksquashfs $(INSTALL_DIR)
> - 	cp unsquashfs $(INSTALL_DIR)
> --	ln -fs $(INSTALL_DIR)/unsquashfs $(INSTALL_DIR)/sqfscat
> --	ln -fs $(INSTALL_DIR)/mksquashfs $(INSTALL_DIR)/sqfstar
> -+	ln -fs unsquashfs $(INSTALL_DIR)/sqfscat
> -+	ln -fs mksquashfs $(INSTALL_DIR)/sqfstar
> --- 
> -2.31.1
> -
> diff --git a/package/squashfs/0001-remove-manpages.patch b/package/squashfs/0001-remove-manpages.patch
> new file mode 100644
> index 000000000..5bb1a12d0
> --- /dev/null
> +++ b/package/squashfs/0001-remove-manpages.patch
> @@ -0,0 +1,22 @@
> +From 9ae79c2202e462401715671c6d19bb1e83dad741 Mon Sep 17 00:00:00 2001
> +From: Francois Perrad <francois.perrad at gadz.org>
> +Date: Tue, 20 Sep 2022 20:16:21 +0200
> +Subject: [PATCH] remove manpages
> +
> +Signed-off-by: Francois Perrad <francois.perrad at gadz.org>
> +---
> + squashfs-tools/Makefile | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
> +index 8b80b8a..3d14773 100755
> +--- a/squashfs-tools/Makefile
> ++++ b/squashfs-tools/Makefile
> +@@ -422,4 +422,3 @@ install: mksquashfs unsquashfs
> + 	cp unsquashfs $(INSTALL_DIR)
> + 	ln -fs unsquashfs $(INSTALL_DIR)/sqfscat
> + 	ln -fs mksquashfs $(INSTALL_DIR)/sqfstar
> +-	../generate-manpages/install-manpages.sh $(shell pwd)/.. "$(INSTALL_MANPAGES_DIR)"
> +-- 
> +2.34.1
> +
> diff --git a/package/squashfs/squashfs.hash b/package/squashfs/squashfs.hash
> index 09a2bae36..13d5aed71 100644
> --- a/package/squashfs/squashfs.hash
> +++ b/package/squashfs/squashfs.hash
> @@ -1,5 +1,5 @@
>  # Locally computed
> -sha256  b9e16188e6dc1857fe312633920f7d71cc36b0162eb50f3ecb1f0040f02edddd  squashfs-4.5.tar.gz
> +sha256  277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7  squashfs-4.5.1.tar.gz
>  
>  # License files
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/squashfs/squashfs.mk b/package/squashfs/squashfs.mk
> index f64d441c9..99ba1380a 100644
> --- a/package/squashfs/squashfs.mk
> +++ b/package/squashfs/squashfs.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -SQUASHFS_VERSION = 4.5
> +SQUASHFS_VERSION = 4.5.1
>  SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION))
>  SQUASHFS_LICENSE = GPL-2.0+
>  SQUASHFS_LICENSE_FILES = COPYING
> -- 
> 2.34.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

More information about the buildroot mailing list