From patchwork Tue Nov 19 21:10:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8252 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4XtHH157Zkz3wx0 for ; Tue, 19 Nov 2024 21:11:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4XtHGz4ztWz4ZH; Tue, 19 Nov 2024 21:11:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4XtHGz3mYFz347r; Tue, 19 Nov 2024 21:11:23 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4XtHGn6hGBz2xP8 for ; Tue, 19 Nov 2024 21:11:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4XtHGn58B9z1Zb; Tue, 19 Nov 2024 21:11:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1732050673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vYe5Z3JkWvF8vSlyK6UHZfycSixVg1JdAkoiaanxk8w=; b=oY1rErw6ZZopfjUCZk0E4NOV+0wgrX7xbIGeiI6MI5h2DVJcBxL8aeKGwy8u4c62BoXAqW ibxG//4lNEddHeBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1732050673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vYe5Z3JkWvF8vSlyK6UHZfycSixVg1JdAkoiaanxk8w=; b=AE3EEoRdyoAWbFYy5edwd1PKzLbBF/XiM2DYj67F9HTCKzzwxxNUWiqdUl9IAKihADgKam TmIqhPOEFCaH20fk3H3eNud57DMLTFwctiaal/tWyEWNrLbWetq7N30F+N5489e4Qwidoe 8f/e13d6WXkCIvQF8DUgh6H8K5a5roV3RCBquCKG5i68W+39QZrtFlKSEPwPSdl1dlcrfZ BJYcK8JSuG+lXNvUR5l50NDxqlD1EyJsy+05pngcZZM+f6UuEtiirtfjBBhnGthtzB0s1c uD6ZJ0j1B8hyoZP/oD2SxZ/SnNVpS0/JcgNvxizcKAvy7TATKDuitei+BCEBmQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libarchive: Update to version 3.7.7 Date: Tue, 19 Nov 2024 22:10:54 +0100 Message-ID: <20241119211106.2194373-6-adolf.belka@ipfire.org> In-Reply-To: <20241119211106.2194373-1-adolf.belka@ipfire.org> References: <20241119211106.2194373-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: G4YDUCWM4ERIN6YSWOXZUEASRPPDYGCT X-Message-ID-Hash: G4YDUCWM4ERIN6YSWOXZUEASRPPDYGCT X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.7.4 to 3.7.7 - Update of rootfile - Fixes for 3 CVE's in 3.7.5 - Changelog 3.7.7 Security fixes: gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz) tar: don't crash on truncated tar archives (#2364, OSS-Fuzz) tar: fix two leaks in tar header parsing (#2377) Important bugfixes: 7-zip: read/write symlink paths as UTF-8 (#2252) cpio: exit with an error code if an entry could not be extracted (#2371) rar5: report encrypted entries (#2096) tar: fix truncation of entry pathnames in specific archives (#2360) windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363) 3.7.6 This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337) Important bugfixes. tar: clean up linkpath between entries (#2343) tar: fix memory leaks when processing symlinks or parsing pax headers (#2338) iso: be more cautious about parsing ISO-9660 timestamps (#2330) 3.7.5 Security fixes: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) Important bugfixes: 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes (#2245) ar: fix archive entries having no type (#2290) lha: do not allow negative file sizes (#2155) lha: fix integer truncation on 32-bit systems (#2161) shar: check strdup return value (#2173) rar5: don't try to read rediculously long names (#2259) xar: fix another infinite loop and expat error handling (#2150) many Windows fixes, cleanups and improvements Signed-off-by: Adolf Belka --- config/rootfiles/common/libarchive | 2 +- lfs/libarchive | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index 2f38c29a7..0e6d2087b 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -7,7 +7,7 @@ #usr/lib/libarchive.la #usr/lib/libarchive.so usr/lib/libarchive.so.13 -usr/lib/libarchive.so.13.7.4 +usr/lib/libarchive.so.13.7.7 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdcpio.1 diff --git a/lfs/libarchive b/lfs/libarchive index 668f2a87e..3f4eccff0 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -24,7 +24,7 @@ include Config -VER = 3.7.4 +VER = 3.7.7 THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 128f72235da61e112201046c0cfe62a8c580cf73b426c4cfe270ae913356f6ad430ba33a663dcd617b082c7baf45ada8d1c9928c45fea16fd57e8020693a60bc +$(DL_FILE)_BLAKE2 = e118c693f7a78e86ab868fc6c2c77beba539cf5c7d5999e270cdceb225e9f85c68c938ec6ce3a33f75b2a44a6f7debe2c280d2573c1bcf05806300e8dce1a4f0 install : $(TARGET)