[ptxdist] [PATCH] libarchive: Version bump. 3.7.4 -> 3.8.1

Wed, 09 Jul 2025 03:03:37 -0700 

Bunch of fixes and a bunch security updates, including CVEs.
Probably still in the wake of the xz fallout.
https://github.com/libarchive/libarchive/releases/tag/v3.7.5
https://github.com/libarchive/libarchive/releases/tag/v3.7.6
https://github.com/libarchive/libarchive/releases/tag/v3.7.7
https://github.com/libarchive/libarchive/releases/tag/v3.7.8
https://github.com/libarchive/libarchive/releases/tag/v3.7.9
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://github.com/libarchive/libarchive/releases/tag/v3.8.1

Plugs CVEs:
CVE-2025-5918: RAR. Do not skip past EOF while reading.
CVE-2025-5914: RAR. Fix double free with over 4 billion nodes.
CVE-2025-5915: RAR. Fix heap-buffer-overflow.
CVE-2025-5916: WARC. Prevent signed integer overflow.
CVE-2025-5917: TAR. Fix overflow in build_ustar_entry.
CVE-2024-57970: TAR. Handle truncation in the middle of a GNU long linkname.
CVE-2025-1632: UNZIP. Fix null pointer dereference.
CVE-2025-25724: TAR. Fix unchecked return value in list_item_verbose.
CVE-2024-20696: RAR. Protect copy_from_lzss_window_to_unp.
CVS-2024-26256. RAR: Fix OOB in rar e8 filter.

* License hash changed, minor source inclusion row change.

Signed-off-by: Christian Melki <[email protected]>
---
 rules/libarchive.make | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/libarchive.make b/rules/libarchive.make
index 5fbe4b0fe..c506b644d 100644
--- a/rules/libarchive.make
+++ b/rules/libarchive.make
@@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_LIBARCHIVE) += libarchive
 #
 # Paths and names
 #
-LIBARCHIVE_VERSION     := 3.7.4
-LIBARCHIVE_MD5         := 5649f858cd87dc969b6901152bd6614d
+LIBARCHIVE_VERSION     := 3.8.1
+LIBARCHIVE_MD5         := 29353cd50c2146601b708a80307a5a76
 LIBARCHIVE             := libarchive-$(LIBARCHIVE_VERSION)
 LIBARCHIVE_SUFFIX      := tar.gz
 LIBARCHIVE_URL         := 
https://www.libarchive.org/downloads/$(LIBARCHIVE).$(LIBARCHIVE_SUFFIX)
@@ -23,7 +23,7 @@ LIBARCHIVE_SOURCE     := 
$(SRCDIR)/$(LIBARCHIVE).$(LIBARCHIVE_SUFFIX)
 LIBARCHIVE_DIR         := $(BUILDDIR)/$(LIBARCHIVE)
 LIBARCHIVE_LICENSE     := BSD-2-Clause AND BSD-3-Clause AND public_domain AND \
                           (CC-0-1.0 OR OpenSSL OR Apache-2.0)
-LIBARCHIVE_LICENSE_FILES       := 
file://COPYING;md5=d499814247adaee08d88080841cb5665
+LIBARCHIVE_LICENSE_FILES       := 
file://COPYING;md5=7ce08437ff7f5e24d72e666313ae4084
 
 # ----------------------------------------------------------------------------
 # Prepare
-- 
2.34.1

Reply via email to