> On 25 Sep 2024, at 07:48, wangmy via lists.openembedded.org
> <[email protected]> wrote:
>
> configurehack.patch
> refreshed for 3.7.5
>
> Changelog:
> ============
> - fix multiple vulnerabilities identified by SAST
> - cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
> - lzop: prevent integer overflow
> - rar4: protect copy_from_lzss_window_to_unp()
> - rar4: fix CVE-2024-26256
> - rar4: fix OOB in delta and audio filter
> - rar4: fix out of boundary access with large files
> - rar4: add boundary checks to rgb filter
> - rar4: fix OOB access with unicode filenames
> - rar5: clear 'data ready' cache on window buffer reallocs
> - rpm: calculate huge header sizes correctly
> - unzip: unify EOF handling
> - util: fix out of boundary access in mktemp functions
> - uu: stop processing if lines are too long
> - 7zip: fix issue when skipping first file in 7zip archive that is a multiple
> of 65536 bytes
> - ar: fix archive entries having no type
> - lha: do not allow negative file sizes
> - lha: fix integer truncation on 32-bit systems
> - shar: check strdup return value
> - rar5: don't try to read rediculously long names
> - xar: fix another infinite loop and expat error handling
> - many Windows fixes, cleanups and improvements
This causes python-libarchive-c to fail ptests:
{'python3-libarchive-c':
['tests/test_entry.py:test_check_archiveentry_using_python_testtar']}
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#204975):
https://lists.openembedded.org/g/openembedded-core/message/204975
Mute This Topic: https://lists.openembedded.org/mt/108643606/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
