lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20220317203446.22444-1-phillip@squashfs.org.uk>
Date:   Thu, 17 Mar 2022 20:34:46 +0000
From:   Phillip Lougher <phillip@...ashfs.org.uk>
To:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        squashfs-devel@...ts.sourceforge.net
Cc:     phillip.lougher@...il.com
Subject: [ANN] Squashfs-tools 4.5.1 released

Hi,

I'm pleased to announce the release of Squashfs tools 4.5.1.
This is a point release which adds Manpages, a fix for
CVE-2021-41072, and the usual minor improvements and bug fixes.

The release can be downloaded either from Sourceforge, or GitHub.

https://sourceforge.net/projects/squashfs/files/latest/download

https://github.com/plougher/squashfs-tools/archive/refs/tags/4.5.1.tar.gz

A summary of the changes is below.

Phillip

	1. Major improvements

		1.1 This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
		    Sqfstar(1) and Sqfscat(1).
		1.2 The -help text output from the utilities has been improved
		    and extended as well (but the Manpages are now more
		    comprehensive).
		1.3 CVE-2021-41072 which is a writing outside of destination
		    exploit, has been fixed.

	2. Minor improvements

		2.1 The number of hard-links in the filesystem is now also
		    displayed by Mksquashfs in the output summary.
		2.2 The number of hard-links written by Unsquashfs is now
		    also displayed in the output summary.
		2.3 Unsquashfs will now write to a pre-existing destination
		    directory, rather than aborting.
		2.4 Unsquashfs now allows "." to used as the destination, to
		    extract to the current directory.
		2.5 The Unsquashfs progress bar now tracks empty files and
		    hardlinks, in addition to data blocks.
		2.6 -no-hardlinks option has been implemented for Sqfstar.
		2.7 More sanity checking for "corrupted" filesystems, including
		    checks for multiply linked directories and directory loops.
		2.8 Options that may cause filesystems to be unmountable have
		    been moved into a new "experts" category in the Mksquashfs
		    help text (and Manpage).

	3. Bug fixes

		3.1 Maximum cpiostyle filename limited to PATH_MAX.  This
		    prevents attempts to overflow the stack, or cause system
		    calls to fail with a too long pathname.
		3.2 Don't always use "max open file limit" when calculating
		    length of queues, as a very large file limit can cause
		    Unsquashfs to abort.  Instead use the smaller of max open
		    file limit and cache size.
		3.3 Fix Mksquashfs silently ignoring Pseudo file definitions
		    when appending.
		3.4 Don't abort if no XATTR support has been built in, and
		    there's XATTRs in the filesystem.  This is a regression
		    introduced in 2019 in Version 4.4.
		3.5 Fix duplicate check when the last file block is sparse.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ