Accepting request 963333 from home:dirkmueller:Factory

- update to 4.5.1 (bsc#1190531, CVE-2021-41072):
  * This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
    Sqfstar(1) and Sqfscat(1).
  * The -help text output from the utilities has been improved
    and extended as well (but the Manpages are now more
    comprehensive).
  * CVE-2021-41072 which is a writing outside of destination
    exploit, has been fixed.
  * The number of hard-links in the filesystem is now also
    displayed by Mksquashfs in the output summary.
  * The number of hard-links written by Unsquashfs is now
    also displayed in the output summary.
  * Unsquashfs will now write to a pre-existing destination
    directory, rather than aborting.
  * Unsquashfs now allows "." to used as the destination, to
    extract to the current directory.
  * The Unsquashfs progress bar now tracks empty files and
    hardlinks, in addition to data blocks.
  * -no-hardlinks option has been implemented for Sqfstar.
  * More sanity checking for "corrupted" filesystems, including
    checks for multiply linked directories and directory loops.
  * Options that may cause filesystems to be unmountable have
    been moved into a new "experts" category in the Mksquashfs
    help text (and Manpage).
  * Maximum cpiostyle filename limited to PATH_MAX.  This
    prevents attempts to overflow the stack, or cause system
    calls to fail with a too long pathname.
  * Don't always use "max open file limit" when calculating
    length of queues, as a very large file limit can cause
    Unsquashfs to abort.  Instead use the smaller of max open

OBS-URL: https://build.opensuse.org/request/show/963333
OBS-URL: https://build.opensuse.org/package/show/filesystems/squashfs?expand=0&rev=50
This commit is contained in:
Dirk Mueller 2022-04-08 07:47:51 +00:00 committed by Git OBS Bridge
parent 76ddb9bee5
commit f26d30efe2
5 changed files with 66 additions and 25 deletions

3
4.5.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:277b6e7f75a4a57f72191295ae62766a10d627a4f5e5f19eadfbc861378deea7
size 270112

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b9e16188e6dc1857fe312633920f7d71cc36b0162eb50f3ecb1f0040f02edddd
size 250471

View File

@ -1,26 +1,26 @@
Index: squashfs-tools-4.5/squashfs-tools/mksquashfs.c
Index: squashfs-tools-4.5.1/squashfs-tools/mksquashfs.c
===================================================================
--- squashfs-tools-4.5.orig/squashfs-tools/mksquashfs.c
+++ squashfs-tools-4.5/squashfs-tools/mksquashfs.c
@@ -5954,7 +5954,7 @@ static void print_options(FILE *stream,
fprintf(stream, "-root-gid <gid>\t\tset root directory group to <gid>\n");
fprintf(stream, "-force-uid <uid>\tset all file uids to <uid>\n");
fprintf(stream, "-force-gid <gid>\tset all file gids to <gid>\n");
--- squashfs-tools-4.5.1.orig/squashfs-tools/mksquashfs.c
+++ squashfs-tools-4.5.1/squashfs-tools/mksquashfs.c
@@ -6079,7 +6079,7 @@ static void print_options(FILE *stream,
fprintf(stream, "\t\t\tOptionally a suffix of K, M or G can be given to ");
fprintf(stream, "specify\n\t\t\tKbytes, Mbytes or Gbytes respectively\n");
fprintf(stream, "\nExpert options (these may make the filesystem unmountable):\n");
- fprintf(stream, "-nopad\t\t\tdo not pad filesystem to a multiple of 4K\n");
+ fprintf(stream, "-nopad\t\t\tdo not pad filesystem to a multiple of 64K\n");
fprintf(stream, "-keep-as-directory\tif one source directory is specified, ");
fprintf(stream, "create a root\n");
fprintf(stream, "\t\t\tdirectory containing that directory, rather than the\n");
@@ -6112,7 +6112,7 @@ static void print_sqfstar_options(FILE *
fprintf(stream, "-root-gid <gid>\t\tset root directory group to <gid>\n");
fprintf(stream, "-force-uid <uid>\tset all file uids to <uid>\n");
fprintf(stream, "-force-gid <gid>\tset all file gids to <gid>\n");
fprintf(stream, "-offset <offset>\tSkip <offset> bytes at the beginning of ");
fprintf(stream, "FILESYSTEM.\n\t\t\tOptionally a suffix of K, M or G can be given ");
fprintf(stream, "to specify\n\t\t\tKbytes, Mbytes or Gbytes respectively.\n");
@@ -6210,7 +6210,7 @@ static void print_sqfstar_options(FILE *
fprintf(stream, "\t\t\tOptionally a suffix of K, M or G can be given to ");
fprintf(stream, "specify\n\t\t\tKbytes, Mbytes or Gbytes respectively\n");
fprintf(stream, "\nExpert options (these may make the filesystem unmountable):\n");
- fprintf(stream, "-nopad\t\t\tdo not pad filesystem to a multiple of 4K\n");
+ fprintf(stream, "-nopad\t\t\tdo not pad filesystem to a multiple of 64K\n");
fprintf(stream, "\nFilesystem filter options:\n");
fprintf(stream, "-ef <exclude_file>\tlist of exclude dirs/files. ");
fprintf(stream, "One per line\n");
@@ -6877,9 +6877,9 @@ print_sqfstar_compressor_options:
fprintf(stream, "-offset <offset>\tSkip <offset> bytes at the beginning of ");
fprintf(stream, "FILESYSTEM.\n\t\t\tOptionally a suffix of K, M or G can be given ");
fprintf(stream, "to specify\n\t\t\tKbytes, Mbytes or Gbytes respectively.\n");
@@ -6958,9 +6958,9 @@ print_sqfstar_compressor_options:
set_progressbar_state(FALSE);
write_filesystem_tables(&sBlk);

View File

@ -1,8 +1,49 @@
-------------------------------------------------------------------
Sun Mar 20 19:51:00 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows "." to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for "corrupted" filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new "experts" category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use "max open file limit" when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
-------------------------------------------------------------------
Sat Dec 11 23:03:19 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.5:
* Mksquashfs now supports "Actions".
* Mksquashfs now supports "Actions".
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.

View File

@ -1,7 +1,7 @@
#
# spec file for package squashfs
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,13 +17,13 @@
Name: squashfs
Version: 4.5
Version: 4.5.1
Release: 0
Summary: A Read-Only File System with Efficient Compression
License: GPL-2.0-or-later
Group: System/Filesystems
URL: https://github.com/plougher/squashfs-tools
Source0: https://github.com/plougher/squashfs-tools/archive/refs/tags/4.5.tar.gz
Source0: https://github.com/plougher/squashfs-tools/archive/refs/tags/%{version}.tar.gz
Patch0: squashfs-64k.patch
Patch1: squashfs-thread-limit
BuildRequires: lzma-devel