- Update from version 3.7.4 to 3.7.7 - Update of rootfile - Fixes for 3 CVE's in 3.7.5 - Changelog 3.7.7 Security fixes: gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz) tar: don't crash on truncated tar archives (#2364, OSS-Fuzz) tar: fix two leaks in tar header parsing (#2377) Important bugfixes: 7-zip: read/write symlink paths as UTF-8 (#2252) cpio: exit with an error code if an entry could not be extracted (#2371) rar5: report encrypted entries (#2096) tar: fix truncation of entry pathnames in specific archives (#2360) windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363) 3.7.6 This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337) Important bugfixes. tar: clean up linkpath between entries (#2343) tar: fix memory leaks when processing symlinks or parsing pax headers (#2338) iso: be more cautious about parsing ISO-9660 timestamps (#2330) 3.7.5 Security fixes: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) Important bugfixes: 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes (#2245) ar: fix archive entries having no type (#2290) lha: do not allow negative file sizes (#2155) lha: fix integer truncation on 32-bit systems (#2161) shar: check strdup return value (#2173) rar5: don't try to read rediculously long names (#2259) xar: fix another infinite loop and expat error handling (#2150) many Windows fixes, cleanups and improvements
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/libarchive | 2 +- lfs/libarchive | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index 2f38c29a7..0e6d2087b 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -7,7 +7,7 @@ #usr/lib/libarchive.la #usr/lib/libarchive.so usr/lib/libarchive.so.13 -usr/lib/libarchive.so.13.7.4 +usr/lib/libarchive.so.13.7.7 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdcpio.1 diff --git a/lfs/libarchive b/lfs/libarchive index 668f2a87e..3f4eccff0 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -24,7 +24,7 @@
include Config
-VER = 3.7.4 +VER = 3.7.7
THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 128f72235da61e112201046c0cfe62a8c580cf73b426c4cfe270ae913356f6ad430ba33a663dcd617b082c7baf45ada8d1c9928c45fea16fd57e8020693a60bc +$(DL_FILE)_BLAKE2 = e118c693f7a78e86ab868fc6c2c77beba539cf5c7d5999e270cdceb225e9f85c68c938ec6ce3a33f75b2a44a6f7debe2c280d2573c1bcf05806300e8dce1a4f0
install : $(TARGET)