* [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3
@ 2022-02-09 19:36 Fabrice Fontaine
2022-02-10 21:34 ` Peter Korsgaard
2022-02-22 16:54 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-02-09 19:36 UTC (permalink / raw)
To: buildroot; +Cc: Pierre-Jean Texier, Fabrice Fontaine
Libarchive 3.5.3 is a security release
Security Fixes:
- extended fix for following symlinks when processing the fixup list
(CVE-2021-31566)
- fix invalid memory access and out of bounds read in RAR5 reader
(CVE-2021-36976)
https://github.com/libarchive/libarchive/releases/tag/v3.5.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libarchive/libarchive.hash | 2 +-
package/libarchive/libarchive.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libarchive/libarchive.hash b/package/libarchive/libarchive.hash
index d31e9f55f4..5dd8e5c167 100644
--- a/package/libarchive/libarchive.hash
+++ b/package/libarchive/libarchive.hash
@@ -1,4 +1,4 @@
# From https://www.libarchive.de/downloads/sha256sums
-sha256 f0b19ff39c3c9a5898a219497ababbadab99d8178acc980155c7e1271089b5a0 libarchive-3.5.2.tar.xz
+sha256 5cac725dd4be31c4a10b65d30f29dc957ea29ef3d758df6e46e8ae90a996a19a libarchive-3.5.3.tar.xz
# Locally computed:
sha256 b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba COPYING
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index eec256ba75..cf16c27e67 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBARCHIVE_VERSION = 3.5.2
+LIBARCHIVE_VERSION = 3.5.3
LIBARCHIVE_SOURCE = libarchive-$(LIBARCHIVE_VERSION).tar.xz
LIBARCHIVE_SITE = https://www.libarchive.de/downloads
LIBARCHIVE_INSTALL_STAGING = YES
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3
2022-02-09 19:36 [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3 Fabrice Fontaine
@ 2022-02-10 21:34 ` Peter Korsgaard
2022-02-22 16:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-02-10 21:34 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Pierre-Jean Texier, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Libarchive 3.5.3 is a security release
> Security Fixes:
> - extended fix for following symlinks when processing the fixup list
> (CVE-2021-31566)
> - fix invalid memory access and out of bounds read in RAR5 reader
> (CVE-2021-36976)
> https://github.com/libarchive/libarchive/releases/tag/v3.5.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3
2022-02-09 19:36 [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3 Fabrice Fontaine
2022-02-10 21:34 ` Peter Korsgaard
@ 2022-02-22 16:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-02-22 16:54 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Pierre-Jean Texier, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Libarchive 3.5.3 is a security release
> Security Fixes:
> - extended fix for following symlinks when processing the fixup list
> (CVE-2021-31566)
> - fix invalid memory access and out of bounds read in RAR5 reader
> (CVE-2021-36976)
> https://github.com/libarchive/libarchive/releases/tag/v3.5.3
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-22 16:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-09 19:36 [Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.3 Fabrice Fontaine
2022-02-10 21:34 ` Peter Korsgaard
2022-02-22 16:54 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.