From: Wang Mingyu <[email protected]> configurehack.patch refreshed for 3.7.5
Changelog: ============ - fix multiple vulnerabilities identified by SAST - cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing - lzop: prevent integer overflow - rar4: protect copy_from_lzss_window_to_unp() - rar4: fix CVE-2024-26256 - rar4: fix OOB in delta and audio filter - rar4: fix out of boundary access with large files - rar4: add boundary checks to rgb filter - rar4: fix OOB access with unicode filenames - rar5: clear 'data ready' cache on window buffer reallocs - rpm: calculate huge header sizes correctly - unzip: unify EOF handling - util: fix out of boundary access in mktemp functions - uu: stop processing if lines are too long - 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes - ar: fix archive entries having no type - lha: do not allow negative file sizes - lha: fix integer truncation on 32-bit systems - shar: check strdup return value - rar5: don't try to read rediculously long names - xar: fix another infinite loop and expat error handling - many Windows fixes, cleanups and improvements Signed-off-by: Wang Mingyu <[email protected]> --- .../libarchive/libarchive/configurehack.patch | 15 ++++++++------- .../{libarchive_3.7.4.bb => libarchive_3.7.5.bb} | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) rename meta/recipes-extended/libarchive/{libarchive_3.7.4.bb => libarchive_3.7.5.bb} (96%) diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch index 45fddd9147..1d416d4e6d 100644 --- a/meta/recipes-extended/libarchive/libarchive/configurehack.patch +++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch @@ -1,4 +1,8 @@ -To work with autoconf 2.73, tweak the macro ordering in configure.in. +From 18d5b2ff6ba3bbe856777447e59ee4d3343b0131 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <[email protected]> +Date: Thu, 27 Jul 2023 20:47:55 -0700 +Subject: [PATCH] To work with autoconf 2.73, tweak the macro ordering in + configure.in. Upstream-Status: Pending Signed-off-by: Richard Purdie <[email protected]> @@ -7,10 +11,10 @@ Signed-off-by: Richard Purdie <[email protected]> 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac -index 503bb75..e3101da 100644 +index 227275a..b75eb87 100644 --- a/configure.ac +++ b/configure.ac -@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then +@@ -429,6 +429,19 @@ if test "x$with_bz2lib" != "xno"; then esac fi @@ -30,7 +34,7 @@ index 503bb75..e3101da 100644 AC_ARG_WITH([libb2], AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2])) -@@ -678,19 +691,6 @@ fi +@@ -693,19 +706,6 @@ fi AC_SUBST(DEAD_CODE_REMOVAL) @@ -50,6 +54,3 @@ index 503bb75..e3101da 100644 # Check for tm_gmtoff in struct tm AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,, [ --- -2.34.1 - diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.5.bb similarity index 96% rename from meta/recipes-extended/libarchive/libarchive_3.7.4.bb rename to meta/recipes-extended/libarchive/libarchive_3.7.5.bb index da85764116..15a307c2f5 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.5.bb @@ -33,7 +33,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"; SRC_URI += "file://configurehack.patch" UPSTREAM_CHECK_URI = "http://libarchive.org/"; -SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8" +SRC_URI[sha256sum] = "37556113fe44d77a7988f1ef88bf86ab68f53d11e85066ffd3c70157cc5110f1" CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#204907): https://lists.openembedded.org/g/openembedded-core/message/204907 Mute This Topic: https://lists.openembedded.org/mt/108643606/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
