From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] libarchive: Update to version 3.6.1 Date: Sun, 11 Sep 2022 14:00:21 +0000 Message-ID: <3cdf998d-a7c1-8fed-e32c-7ebfe32ad85c@ipfire.org> In-Reply-To: <20220824075034.2978-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2705963153949970351==" List-Id: --===============2705963153949970351== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Yikes, another security release of a compression library. Thank you for taking care of it, as always! :-) Reviewed-by: Peter M=C3=BCller > - Update from version 3.6.0 to 3.6.1 > - Update of rootfile > - Changelog > Libarchive 3.6.1 is a bugfix and security release. > Security fixes: > 7zip reader: fix PPMD read beyond boundary (#1671) > ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672) > ISO reader: fix possible heap buffer overflow in read_children() (OSS-= Fuzz 38764, #1685) > RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in = libarchive 3.6.0) > fix heap use after free in archive_read_format_rar_read_data() (OS= S-Fuzz 44547, 52efa50) > fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 12= 71f77) > fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715) >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/common/libarchive | 2 +- > lfs/libarchive | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) >=20 > diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/l= ibarchive > index c939d74f4..d6860041b 100644 > --- a/config/rootfiles/common/libarchive > +++ b/config/rootfiles/common/libarchive > @@ -6,7 +6,7 @@ > #usr/lib/libarchive.la > #usr/lib/libarchive.so > usr/lib/libarchive.so.13 > -usr/lib/libarchive.so.13.6.0 > +usr/lib/libarchive.so.13.6.1 > #usr/lib/pkgconfig/libarchive.pc > #usr/share/man/man1/bsdcat.1 > #usr/share/man/man1/bsdcpio.1 > diff --git a/lfs/libarchive b/lfs/libarchive > index 42040b6db..46074341a 100644 > --- a/lfs/libarchive > +++ b/lfs/libarchive > @@ -24,7 +24,7 @@ > =20 > include Config > =20 > -VER =3D 3.6.0 > +VER =3D 3.6.1 > =20 > THISAPP =3D libarchive-$(VER) > DL_FILE =3D $(THISAPP).tar.xz > @@ -41,7 +41,7 @@ objects =3D $(DL_FILE) > =20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =20 > -$(DL_FILE)_BLAKE2 =3D e62bb0fccff23f752912de4ca6b8fd5dce6feb0e5f5d59b975d8= e6fc9b3153500d6f622b4ea8c4541f0d574e7d8aa5f6903acc0c32b4e47a16f7e1b92ea952e9 > +$(DL_FILE)_BLAKE2 =3D e7b79e97545dabeac164069e87adbd2081d3bd75c22f80b3797c= 6e487a477b3f6347b6fc14c76668eb69f2f2e5dcdd5a33a694e0a292ce426b8d0d93435218cf > =20 > install : $(TARGET) > =20 --===============2705963153949970351==--