Get fix for write outside destination directory

Another write outside destination directory issue was fixed post 4.5. While 4.5.1 should be out soon, I wanted to get this out since the release date isn't known yet.
2021-09-13 09:52:04 -05:00 · 2021-09-13 09:52:04 -05:00 · 4603989d56
commit 4603989d56
parent 8bc59796df
3 changed files with 16 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@ squashfs-4.1.tar.bz2
 /4.4-git.1.tar.gz
 /squashfs-tools-4.5.tar.gz
 /4.5.tar.gz
+/squashfs-tools-e0485802ec72996c20026da320650d8362f555bd.tar.gz
--- a/2
+++ b/2
@ -1,3 +1,3 @@
-SHA512 (4.5.tar.gz) = e00610487d24eed9e5dadcf84014a3d7faa9815d8ce00fd4660e6c8ce394dccf185ed9f387f4fa1313b9812fe770f802bdcbaef87887f2bcefacf234594a72e0
+SHA512 (squashfs-tools-e0485802ec72996c20026da320650d8362f555bd.tar.gz) = e72ccb09d6fd725f1ff4d87d9b81f783dbc3b614e45517f28a9978922467af765e8e04c5d0081a7ca76345bc606f365e39dd28b6a2e2a2dbe73a2c6998f5fd2b
 SHA512 (mksquashfs.1) = 4dc03bccf5842791abf6ca437ada03c331942a9a37fcacdbf136443db11a7f26121f6e8ba742aaffc9fda9a5e220b171c5223ee3ab0474dde6b300a63ee32f92
 SHA512 (unsquashfs.1) = fbf7c96454584fb844572a43af8781688186e3854c0d0acb9dfd83c5d0e3b6f49b58fbd68407b66ff573f82d8d16ecd10a4c319e49e809428fe65068f0c48bf2
--- a/squashfs-tools.spec
+++ b/squashfs-tools.spec
@ -1,11 +1,14 @@
-Summary: Utility for the creation of squashfs filesystems
-%global forgeurl https://github.com/plougher/squashfs-tools
-Version: 4.5
 Name: squashfs-tools
-Release: 2%{?dist}
+Version: 4.5
+Summary: Utility for the creation of squashfs filesystems
+%global forgeurl https://github.com/plougher/%{name}
+%global date 20210913
+%global commit e0485802ec72996c20026da320650d8362f555bd
+%forgemeta -i
+URL:	 %{forgeurl}
+Source:  %{forgesource}
+Release: 3%{?dist}
 License: GPLv2+
-URL: %{forgeurl}/archive/4.5.tar.gz
-Source: 4.5.tar.gz
 # manpages from http://ftp.debian.org/debian/pool/main/s/squashfs-tools/squashfs-tools_4.2+20121212-1.debian.tar.xz
 # The man pages have been modified for 4.3 for Fedora.
 # Man pages still need a lot of changes for 4.5
@ -26,7 +29,7 @@ Squashfs is a highly compressed read-only filesystem for Linux.  This package
 contains the utilities for manipulating squashfs filesystems.

 %prep
-%setup -n %{name}-4.5
+%forgesetup

 %build
 %set_build_flags
@ -54,6 +57,9 @@ ln -s unsquashfs %{buildroot}%{_sbindir}/sqfscat
 %{_sbindir}/sqfscat

 %changelog
+* Mon Sep 13 2021 Bruno Wolff III <bruno@wolff.to> - 4.5-3.20210913gite048580
+- Fix bug 2003701 (additional write outside destination directory exploit)
+
 * Mon Jul 26 2021 Bruno Wolff III <bruno@wolff.to> - 4.5-2
 - Fix for sparse fragment bug 1985561