From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] libarchive: Update to version 3.7.7
Date: Tue, 19 Nov 2024 22:10:54 +0100 [thread overview]
Message-ID: <20241119211106.2194373-6-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20241119211106.2194373-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3790 bytes --]
- Update from version 3.7.4 to 3.7.7
- Update of rootfile
- Fixes for 3 CVE's in 3.7.5
- Changelog
3.7.7
Security fixes:
gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz)
tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
tar: fix two leaks in tar header parsing (#2377)
Important bugfixes:
7-zip: read/write symlink paths as UTF-8 (#2252)
cpio: exit with an error code if an entry could not be extracted (#2371)
rar5: report encrypted entries (#2096)
tar: fix truncation of entry pathnames in specific archives (#2360)
windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363)
3.7.6
This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337)
Important bugfixes.
tar: clean up linkpath between entries (#2343)
tar: fix memory leaks when processing symlinks or parsing pax headers (#2338)
iso: be more cautious about parsing ISO-9660 timestamps (#2330)
3.7.5
Security fixes:
fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
Important bugfixes:
7zip: fix issue when skipping first file in 7zip archive that is a
multiple of 65536 bytes (#2245)
ar: fix archive entries having no type (#2290)
lha: do not allow negative file sizes (#2155)
lha: fix integer truncation on 32-bit systems (#2161)
shar: check strdup return value (#2173)
rar5: don't try to read rediculously long names (#2259)
xar: fix another infinite loop and expat error handling (#2150)
many Windows fixes, cleanups and improvements
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/common/libarchive | 2 +-
lfs/libarchive | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index 2f38c29a7..0e6d2087b 100644
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@
#usr/lib/libarchive.la
#usr/lib/libarchive.so
usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.7.4
+usr/lib/libarchive.so.13.7.7
#usr/lib/pkgconfig/libarchive.pc
#usr/share/man/man1/bsdcat.1
#usr/share/man/man1/bsdcpio.1
diff --git a/lfs/libarchive b/lfs/libarchive
index 668f2a87e..3f4eccff0 100644
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -24,7 +24,7 @@
include Config
-VER = 3.7.4
+VER = 3.7.7
THISAPP = libarchive-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 128f72235da61e112201046c0cfe62a8c580cf73b426c4cfe270ae913356f6ad430ba33a663dcd617b082c7baf45ada8d1c9928c45fea16fd57e8020693a60bc
+$(DL_FILE)_BLAKE2 = e118c693f7a78e86ab868fc6c2c77beba539cf5c7d5999e270cdceb225e9f85c68c938ec6ce3a33f75b2a44a6f7debe2c280d2573c1bcf05806300e8dce1a4f0
install : $(TARGET)
--
2.47.0
next prev parent reply other threads:[~2024-11-19 21:10 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-19 21:10 [PATCH] json-c: Update to version 0.18 Adolf Belka
2024-11-19 21:10 ` [PATCH] kmod: Update to version 33 Adolf Belka
2024-11-19 21:10 ` [PATCH] knot: Update to version 3.4.2 Adolf Belka
2024-11-19 21:10 ` [PATCH] krb5: Update to version 1.21.3 Adolf Belka
2024-11-19 21:10 ` [PATCH] less: Update to version 668 Adolf Belka
2024-11-19 21:10 ` Adolf Belka [this message]
2024-11-19 21:10 ` [PATCH] libcap: Update to version 2.72 Adolf Belka
2024-11-19 21:10 ` [PATCH] libedit: Update to version 20240808-3.1 Adolf Belka
2024-11-19 21:10 ` [PATCH] libgpg-error: Update to version 1.51 Adolf Belka
2024-11-19 21:10 ` [PATCH] libjpeg: Update to version 3.0.4 Adolf Belka
2024-11-19 21:10 ` [PATCH] libnl-3: Update to version 3.11.0 Adolf Belka
2024-11-19 21:11 ` [PATCH] liboping: Update to version 1.10.0 Adolf Belka
2024-11-19 21:11 ` [PATCH] libpcap: Update to version 1.10.5 Adolf Belka
2024-11-19 21:11 ` [PATCH] libpipeline: Update to version 1.5.8 Adolf Belka
2024-11-19 21:11 ` [PATCH] libtirpc: Update to version 1.3.6 Adolf Belka
2024-11-19 21:11 ` [PATCH] libtool: Update to version 2.5.3 Adolf Belka
2024-11-19 21:11 ` [PATCH] libuv: Update to version 1.49.2 Adolf Belka
2024-11-19 21:11 ` [PATCH] libxml2: Update to version 2.13.5 Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241119211106.2194373-6-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox