From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 09 Jul 2025 12:03:48 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uZReW-00FfZD-21 for lore@lore.pengutronix.de; Wed, 09 Jul 2025 12:03:48 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uZReV-0008MP-Gr; Wed, 09 Jul 2025 12:03:47 +0200 Received: from mail-db8eur05on2109.outbound.protection.outlook.com ([40.107.20.109] helo=EUR05-DB8-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1uZRdz-0008IO-Iw for ptxdist@pengutronix.de; Wed, 09 Jul 2025 12:03:16 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c8aJlrubDIoYBUvqA6ReXki5HPBg5UIKXEpjOLp7vlve9EPvbfxn9OhWE0B2GBP22eFbkOK4dXGMKIhbb8scKrqqGw4QoP1Fz2AcsljuO7zwxnZHJMBxlzjcvq2YhG9bL24KgKyuz5nNw6stpWcm+11G6nwLw6ngTPnAntu8wY69m4NgR3Q7cyYUgWuAbfl/XD3p0mky6Koe2/i8nhd4Q8yvorLUgbQTWWguEH62/4N7cMqgzqzeBgKF+2w3IPf4FcA8qkzv90iXqxQVf+qpAPaYabv1zeUMLMgZ+FoORPQNHUstbWfJNy2qGBNT3yY9VVtSgHmwI+/ej3+BWHy1/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gzuHzMoAvwFQFk4lfAOxQDDKBAJ775oWexAArxjG7bo=; b=DiVcJ2qWwKNLbeUu1VS7PpeD/IwWqPvAjdfLgmXW2SycPk9wgXhooYCz8MJUmeplCLZBwxL3NylPlh88/5WjA0bo3o24S9GPRkMcq0sEJnRlAqYa1POj2TKm5FO9F/Y5eABrJ6svCjmIPuRmS7Uo7sGTQtyakcsE1lQpaE9MLdmuD7jHs8aooe3S+NfodPkNSSLkRVkPNAL8cfYlOu5A81ZJlkXNU1z3R/cZ5/2ZASMNjTkssJMBKrsrmWvo/Ah78XyJxrpuwrAIiLxZpR3CpFOiP4rR8eYAHUqVuP3PpxtE+0WEgrhOJac1XP3A4rzB+S4CdXu8XbWvu/g8tsvEDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gzuHzMoAvwFQFk4lfAOxQDDKBAJ775oWexAArxjG7bo=; b=AImqiyR4+8TyAqC1qbRVsz0YfMb0mpGLh6xseq5X0dikel3pceNeue0NdTNaqfARCvPfVJkYw0OCErBereIWva/rWgrssy8lJDbrxBsdYFKuUOoXx6Xpe62/FIwrMZjE0k5BkYXPAeLm+vlfUAcSCQnp+R8CUbRZ60kkcU4Ka80= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by PAXP251MB0132.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:204::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8901.28; Wed, 9 Jul 2025 10:03:13 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%6]) with mapi id 15.20.8901.023; Wed, 9 Jul 2025 10:03:13 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 9 Jul 2025 12:03:07 +0200 Message-Id: <20250709100307.3572495-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVX0EPF00011B5F.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:8:0:17) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|PAXP251MB0132:EE_ X-MS-Office365-Filtering-Correlation-Id: b2e1b7ec-ba14-4cec-2b8a-08ddbecfd0e0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|1800799024|52116014|376014|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?p888bmPLUTZgF19D2jmn0+rlMt3atVaeCNFUmqkOo0Um2jgFnJA17OYvT5/r?= =?us-ascii?Q?/YjKWzxiVQfR5hhIXnoZxCp6lv+FkbZAVOcGZhqSUDCnFHSwhBCQzjh8h0A9?= =?us-ascii?Q?75dLZZpWHXVU4sSHigwxDaTW6yFHBidyACdBOqT3yonERBUxSGdwrpbxDg7w?= =?us-ascii?Q?rrwXLwmQVY24rmM+bQMyg1Iob99PxCrqylBpsshahAjDqvwyF/tIKc+JMkyL?= =?us-ascii?Q?lSrt36a3I4oITmC35Bo5dpQw//GdDQLEjWn40HjT5RGylcwBxRe5bG3vYJhs?= =?us-ascii?Q?u5fAnRUOmMVsbSLE23Lq7pXWDvI1R/7EaraKF9MxyfE8p60DHDnsKoY1ka5B?= =?us-ascii?Q?NcjuLs/F0brr9q2Q1LsiC1pyHWC9T3igSeM/WQzDI3vTrAMEhdox9GA0asDu?= =?us-ascii?Q?3CqP8S5UKucfaqd6pqT/tzPRgVLz+BMkOB2A2EiwlykiFL6gbZxeEdnFeGDI?= =?us-ascii?Q?wbK6ibxaQQj/WHfFwcGo3JXwcupy3i50e5XzdfUBccCxPj9INyIQXtMZaChb?= =?us-ascii?Q?OAJnwUYixf2WTxj6bfvO85hf+BSz21KV4xRzwoz75OsVBaBdhVKPo8Gxg42g?= =?us-ascii?Q?zCumIKgKkmRiJVdmaZXNKl1pb4sm4+VG8lmN7zsQvLbbMMZ+RlyWKl30pIbo?= =?us-ascii?Q?unBd7y3styjGkmkOnCCw7NNVmIY0VsPbExxcjGJTvlRktzxgyV/xXt62lE6j?= =?us-ascii?Q?OfxXk2/fDXe7YvY+imyKEcr9tc1cDGdDOrxQ7nrnip6O9Uv83c0OQLnrWpKM?= =?us-ascii?Q?tLF65wD9v3Cpbbrblf2TIaDDxsMKqTXiT5KkUSk6V5xyVwUW0LFitdYx0YqN?= =?us-ascii?Q?NztXcCr5vLtnKVWvhQLjyV2mu2LMOMfMAlh4QDGDOFk0U4Ob1kulDO6MTtrU?= =?us-ascii?Q?HMX7ZgyFwotmf4WuB2MOHG2eX8I86lYlTfG7cnZ5V5RP7Vf9DVur0VjhFs3m?= =?us-ascii?Q?t+DLg118SC+uenej51JSuWXNkD17gWUzTk6xB1xxmHQ44kRfSf32SnxQrGGg?= =?us-ascii?Q?IXkgubBMUOslUph/3cmrHq+z4GtG6Gz3T/hElS0KPP3iE4PogBUZ4tA2NxcR?= =?us-ascii?Q?cs9tH31Seuk6LiBNiAlmRgZOR6i7GCCMMEGOGZDRVbaU+dU2ygKPhfcwG6sP?= =?us-ascii?Q?TY9s0Gmw5PufQBtHE8wN12sWLP0ylXaylzlyrMYOU61ZJdExxstce0Kd0OTh?= =?us-ascii?Q?JdVecFifRswjiKeUQfqmjjNlZc9kQKKsndqYxNlmMsDym5GJL7s77lUWqiyG?= =?us-ascii?Q?k9LVGuYIktRo8HaK+JSJdCgpHL5vyJk+HttOyMvqpS+Y/MFmDXRR40DKooPB?= =?us-ascii?Q?Asjy4uHdHU4EVO4xL0Zkff5N9Glxr55bCjIwPLdwkvimG1mx8EQWpBwJ+QlT?= =?us-ascii?Q?EJ6Qlmzjdh7/RPHG8MI5bT9EWU7/g/8sWbgQ1Q9n/Je4X99ZqB1WFsujap18?= =?us-ascii?Q?4mwyySjCoug=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(366016)(1800799024)(52116014)(376014)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?6oPd4fkp5DifgMZSRJL/5RTmk9/WOuTkG3PS7qdf5g39GsdqzpJB7QHuiMSe?= =?us-ascii?Q?+X75K7vCFWo/EAj24snm5SyVjkns6CbMyZaJFqM3AOmpOiwgXzPchPbUy007?= =?us-ascii?Q?u5eA3by7it4Q7zD027WlVi7EFOMMHofGlFgBCe67MZmeLJuy2WNhgLCGpxv/?= =?us-ascii?Q?FfUxE47hb1yN9wcq+NramwyTTpQN/AthlQuO5/Y+yzzFgQptCjqu+kmUZ05A?= =?us-ascii?Q?JlRGB4raX7U1nBzjaBk2GwisEsGur1XG3uEMa37fY5YGM3Uv2VI9cTZoRbNu?= =?us-ascii?Q?lQsnGRYfKi5Qi3xk7LK8VXtdyisasPYPxHNMoJJKYpS6ZShFnPGTGMqMe2tl?= =?us-ascii?Q?nvyk6kCq40Fgz8Mwd64rSZtKuSz/uqM8hTPV/KgYd5xiUpbgkcFzjNK+AHSD?= =?us-ascii?Q?MWB2glK1XReaOHN9rCX9D0iFrDDp71jPfW+Aw2SNmTizZo/Y+mwtR7UscGnN?= =?us-ascii?Q?Y0dMXvnKrUhx8Unx3pqaSHWk30BGOEOZo2wxSKVzXedMgFdk2R6V8sMV76YG?= =?us-ascii?Q?UDz4+PbWzyyew7mUcJvzAMZ4a3OZzxkUZdTsRdifZAvMlgQSDSh2HH1I+KZp?= =?us-ascii?Q?MCOxIGcqd7S7aOYxUW3pLSa8/BTuM3oTkUNuvFGTY+2njajQStBMXWYuufIw?= =?us-ascii?Q?Bun5f8jKAyJm3GnAabeeaU4iLg2ARor5XGRHE1UHznHj1VJGoHcHYfhiYAFc?= =?us-ascii?Q?rdGEMDgd3sUBWeF3A/Ists26TlZGRyVqlVq3swRdFaqyn2tP7VEowlG8Itcu?= =?us-ascii?Q?liN1BuWcRlUZZwPwZW1lMe3DT5IkVO4sEEPYOdlisb9OpftJG+wmC54/feOV?= =?us-ascii?Q?A1w7ps0qxIYCLhSv1zW3ig2BKw8pRkvsJitHaotQ+/kJXlR1wl6vCbHL25Qo?= =?us-ascii?Q?uck2VxwGdS5PvfCYKPBfdQ9LM76yWTW638+ASBd/WtOkXLrHYcXF1QCy6gXE?= =?us-ascii?Q?Zs46Kgwudvck7247qi3Kd6So6bTZRqvMMWlKMNYPKaGMbVRPZDqfxuS/FpL1?= =?us-ascii?Q?jUvjIuz6bhgpQSmlhcIoG5MdMkDHUDZXTgZa0kU6Uu9jKsNkdWy9r2yxFeRr?= =?us-ascii?Q?a3dhpeCiZwE8or5uUdx1rPOdN8SubzvDvKEWwIZb0CJv0lggUV0lwClYWODN?= =?us-ascii?Q?WUYRkTymylpXvF4ec+8W8Yqmm72BZZ/BJKXOKt9pICq6fHPFj9wJk7Geyo+r?= =?us-ascii?Q?JtF5Pvk/rtdXnCXASMYIe7/6xrCBaUpmBC2+Do4zMSI3D8SixQA5WXoujzdd?= =?us-ascii?Q?qdrwU0Ckd3OFghDPVXjkXW4XeQTPDQp62Ta/N29ZrcCPJuprfnhG53tX5TXr?= =?us-ascii?Q?H+kHGely7tWxtzicRKe7rUA3KsGFwiArekaBX0ZtEMUvcFJt9yfgmicvpSLf?= =?us-ascii?Q?J/ulcBaHDbL1LI3t3el8rqT2Mzt4HBeBtbxFZ0UoLS+qgCtip1fnBTuySWA1?= =?us-ascii?Q?rfrRXk+ash91hT4KC38bCpjCwkRDpvslhEIMCGN8LiZVUTo0ew8RfpaWApgI?= =?us-ascii?Q?ekbFWvqLlphBpQ6IhWI2JhPE9/jIWyBG/XEFgTTI2QF+aYXueqIIk42Uf45B?= =?us-ascii?Q?3hidlcAZZwizx4lfqMUimSYz3iAWcveYO1T+WkJ08p3K66uF4nt0jZqYnwxt?= =?us-ascii?Q?Gw=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2e1b7ec-ba14-4cec-2b8a-08ddbecfd0e0 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jul 2025 10:03:13.0128 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oNGMZ2bFKOx99UgZrWZiMIIhl7J5kxEvS4NvkltsOPgqqch6GAYfOibcXYABJ6PwsRyQK8fAXodB2muy9UU4jyckjOKcpT5e4p9pQbqtFp4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP251MB0132 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libarchive: Version bump. 3.7.4 -> 3.8.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Bunch of fixes and a bunch security updates, including CVEs. Probably still in the wake of the xz fallout. https://github.com/libarchive/libarchive/releases/tag/v3.7.5 https://github.com/libarchive/libarchive/releases/tag/v3.7.6 https://github.com/libarchive/libarchive/releases/tag/v3.7.7 https://github.com/libarchive/libarchive/releases/tag/v3.7.8 https://github.com/libarchive/libarchive/releases/tag/v3.7.9 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://github.com/libarchive/libarchive/releases/tag/v3.8.1 Plugs CVEs: CVE-2025-5918: RAR. Do not skip past EOF while reading. CVE-2025-5914: RAR. Fix double free with over 4 billion nodes. CVE-2025-5915: RAR. Fix heap-buffer-overflow. CVE-2025-5916: WARC. Prevent signed integer overflow. CVE-2025-5917: TAR. Fix overflow in build_ustar_entry. CVE-2024-57970: TAR. Handle truncation in the middle of a GNU long linkname. CVE-2025-1632: UNZIP. Fix null pointer dereference. CVE-2025-25724: TAR. Fix unchecked return value in list_item_verbose. CVE-2024-20696: RAR. Protect copy_from_lzss_window_to_unp. CVS-2024-26256. RAR: Fix OOB in rar e8 filter. * License hash changed, minor source inclusion row change. Signed-off-by: Christian Melki --- rules/libarchive.make | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/libarchive.make b/rules/libarchive.make index 5fbe4b0fe..c506b644d 100644 --- a/rules/libarchive.make +++ b/rules/libarchive.make @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_LIBARCHIVE) += libarchive # # Paths and names # -LIBARCHIVE_VERSION := 3.7.4 -LIBARCHIVE_MD5 := 5649f858cd87dc969b6901152bd6614d +LIBARCHIVE_VERSION := 3.8.1 +LIBARCHIVE_MD5 := 29353cd50c2146601b708a80307a5a76 LIBARCHIVE := libarchive-$(LIBARCHIVE_VERSION) LIBARCHIVE_SUFFIX := tar.gz LIBARCHIVE_URL := https://www.libarchive.org/downloads/$(LIBARCHIVE).$(LIBARCHIVE_SUFFIX) @@ -23,7 +23,7 @@ LIBARCHIVE_SOURCE := $(SRCDIR)/$(LIBARCHIVE).$(LIBARCHIVE_SUFFIX) LIBARCHIVE_DIR := $(BUILDDIR)/$(LIBARCHIVE) LIBARCHIVE_LICENSE := BSD-2-Clause AND BSD-3-Clause AND public_domain AND \ (CC-0-1.0 OR OpenSSL OR Apache-2.0) -LIBARCHIVE_LICENSE_FILES := file://COPYING;md5=d499814247adaee08d88080841cb5665 +LIBARCHIVE_LICENSE_FILES := file://COPYING;md5=7ce08437ff7f5e24d72e666313ae4084 # ---------------------------------------------------------------------------- # Prepare -- 2.34.1