From: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To: buildroot@buildroot.org
Subject: [Buildroot] [git commit] package/libarchive: security bump to version 3.5.2
Date: Wed, 25 Aug 2021 21:48:12 +0200 [thread overview]
Message-ID: <20210825202152.34F8C89086@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=a223dd4aef256bf1c63881353399e4a18f7c43bc
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free
in copy_string (called from do_uncompress_block and process_block).
https://github.com/libarchive/libarchive/releases/tag/v3.5.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
package/libarchive/libarchive.hash | 2 +-
package/libarchive/libarchive.mk | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/libarchive/libarchive.hash b/package/libarchive/libarchive.hash
index bf0d6e4fdd..d31e9f55f4 100644
--- a/package/libarchive/libarchive.hash
+++ b/package/libarchive/libarchive.hash
@@ -1,4 +1,4 @@
# From https://www.libarchive.de/downloads/sha256sums
-sha256 9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a libarchive-3.5.1.tar.gz
+sha256 f0b19ff39c3c9a5898a219497ababbadab99d8178acc980155c7e1271089b5a0 libarchive-3.5.2.tar.xz
# Locally computed:
sha256 b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba COPYING
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 9cc69fd45a..eec256ba75 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -4,7 +4,8 @@
#
################################################################################
-LIBARCHIVE_VERSION = 3.5.1
+LIBARCHIVE_VERSION = 3.5.2
+LIBARCHIVE_SOURCE = libarchive-$(LIBARCHIVE_VERSION).tar.xz
LIBARCHIVE_SITE = https://www.libarchive.de/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
reply other threads:[~2021-08-25 20:23 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210825202152.34F8C89086@busybox.osuosl.org \
--to=arnout@mind.be \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.