[Buildroot] [PATCH 1/1] package/libarchive: security bump to version 3.5.2
Arnout Vandecappelle
arnout at mind.be
Wed Aug 25 19:57:13 UTC 2021
On 24/08/2021 21:50, Fabrice Fontaine wrote:
> Fix CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free
> in copy_string (called from do_uncompress_block and process_block).
>
> https://github.com/libarchive/libarchive/releases/tag/v3.5.2
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/libarchive/libarchive.hash | 2 +-
> package/libarchive/libarchive.mk | 3 ++-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/package/libarchive/libarchive.hash b/package/libarchive/libarchive.hash
> index bf0d6e4fdd..d31e9f55f4 100644
> --- a/package/libarchive/libarchive.hash
> +++ b/package/libarchive/libarchive.hash
> @@ -1,4 +1,4 @@
> # From https://www.libarchive.de/downloads/sha256sums
> -sha256 9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a libarchive-3.5.1.tar.gz
> +sha256 f0b19ff39c3c9a5898a219497ababbadab99d8178acc980155c7e1271089b5a0 libarchive-3.5.2.tar.xz
> # Locally computed:
> sha256 b2cdf763345de2de34cebf54394df3c61a105c3b71288603c251f2fa638200ba COPYING
> diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
> index 9cc69fd45a..eec256ba75 100644
> --- a/package/libarchive/libarchive.mk
> +++ b/package/libarchive/libarchive.mk
> @@ -4,7 +4,8 @@
> #
> ################################################################################
>
> -LIBARCHIVE_VERSION = 3.5.1
> +LIBARCHIVE_VERSION = 3.5.2
> +LIBARCHIVE_SOURCE = libarchive-$(LIBARCHIVE_VERSION).tar.xz
> LIBARCHIVE_SITE = https://www.libarchive.de/downloads
> LIBARCHIVE_INSTALL_STAGING = YES
> LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
>
More information about the buildroot
mailing list