Created attachment 231155 [details] patch to upgrade squashfs-tools Find attached my attempt tu update squashfs-tools to the latest released version. The full changelog is available here: https://github.com/plougher/squashfs-tools/blob/master/README-4.5
According to the upstream, on 2021-07-25, three days after releasing 4.5, an important bug had been found. A new point release would be forthcoming in the next couple of days (sooner if no other release bugs are reported). Also, we expect one regression* in 4.4 which also present in 4.5 to be fixed as well. *) https://github.com/plougher/squashfs-tools/issues/120
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=812d78629a3dd8d0f622cd44a2262ed01e3d6297 commit 812d78629a3dd8d0f622cd44a2262ed01e3d6297 Author: Alexey Dokuchaev <danfe@FreeBSD.org> AuthorDate: 2022-03-27 10:43:52 +0000 Commit: Alexey Dokuchaev <danfe@FreeBSD.org> CommitDate: 2022-03-27 10:43:52 +0000 sysutils/squashfs-tools: update the port to version 4.5.1 (finally) This is a long-awaited release which fixes known security issue [1] and regression when working with extended attributes [2]. Install more complete documentation set while here and GC no longer needed CFLAGS+= and USE_CSTD knobs. Security: CVE-2021-41072 [1] PR: 256790 [2], 261334 sysutils/squashfs-tools/Makefile | 30 +++++++++++++++++----------- sysutils/squashfs-tools/distinfo | 6 +++--- sysutils/squashfs-tools/files/patch-Makefile | 22 ++++++++++++-------- 3 files changed, 35 insertions(+), 23 deletions(-)