* [Buildroot] [git commit] package/libarchive: security bump to version 3.5.2
@ 2021-08-25 19:48 Arnout Vandecappelle
0 siblings, 0 replies; only message in thread
From: Arnout Vandecappelle @ 2021-08-25 19:48 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=a223dd4aef256bf1c63881353399e4a18f7c43bc
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free
in copy_string (called from do_uncompress_block and process_block).
https://github.com/libarchive/libarchive/releases/tag/v3.5.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
package/libarchive/libarchive.hash | 2 +-
package/libarchive/libarchive.mk | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/libarchive/libarchive.hash b/package/libarchive/libarchive.hash
index bf0d6e4fdd..d31e9f55f4 100644
--- a/package/libarchive/libarchive.hash
+++ b/package/libarchive/libarchive.hash
@@ -1,4 +1,4 @@
# From https://www.libarchive.de/downloads/sha256sums
-sha256 9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a libarchive-3.5.1.tar.gz
+sha256 f0b19ff39c3c9a5898a219497ababbadab99d8178acc980155c7e1271089b5a0 libarchive-3.5.2.tar.xz
# Locally computed:
sha256 b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba COPYING
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 9cc69fd45a..eec256ba75 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -4,7 +4,8 @@
#
################################################################################
-LIBARCHIVE_VERSION = 3.5.1
+LIBARCHIVE_VERSION = 3.5.2
+LIBARCHIVE_SOURCE = libarchive-$(LIBARCHIVE_VERSION).tar.xz
LIBARCHIVE_SITE = https://www.libarchive.de/downloads
LIBARCHIVE_INSTALL_STAGING = YES
LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-25 20:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-25 19:48 [Buildroot] [git commit] package/libarchive: security bump to version 3.5.2 Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.