Message ID | 1727246960-20665-14-git-send-email-wangmy@fujitsu.com |
---|---|
State | New |
Headers | show |
Series | [01/47] adwaita-icon-theme: upgrade 46.2 -> 47.0 | expand |
> On 25 Sep 2024, at 07:48, wangmy via lists.openembedded.org <wangmy=fujitsu.com@lists.openembedded.org> wrote: > > configurehack.patch > refreshed for 3.7.5 > > Changelog: > ============ > - fix multiple vulnerabilities identified by SAST > - cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing > - lzop: prevent integer overflow > - rar4: protect copy_from_lzss_window_to_unp() > - rar4: fix CVE-2024-26256 > - rar4: fix OOB in delta and audio filter > - rar4: fix out of boundary access with large files > - rar4: add boundary checks to rgb filter > - rar4: fix OOB access with unicode filenames > - rar5: clear 'data ready' cache on window buffer reallocs > - rpm: calculate huge header sizes correctly > - unzip: unify EOF handling > - util: fix out of boundary access in mktemp functions > - uu: stop processing if lines are too long > - 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes > - ar: fix archive entries having no type > - lha: do not allow negative file sizes > - lha: fix integer truncation on 32-bit systems > - shar: check strdup return value > - rar5: don't try to read rediculously long names > - xar: fix another infinite loop and expat error handling > - many Windows fixes, cleanups and improvements This causes python-libarchive-c to fail ptests: {'python3-libarchive-c': ['tests/test_entry.py:test_check_archiveentry_using_python_testtar']} Ross
> On 26 Sep 2024, at 12:39, Ross Burton via lists.openembedded.org <ross.burton=arm.com@lists.openembedded.org> wrote: > This causes python-libarchive-c to fail ptests: > > {'python3-libarchive-c': ['tests/test_entry.py:test_check_archiveentry_using_python_testtar’] > } It already breaks opkg, but 3.7.6 has fixed that regression at least. I’ve posted the upgrade to that so it’s on the list and nobody else tries it. Ross
diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch index 45fddd9147..1d416d4e6d 100644 --- a/meta/recipes-extended/libarchive/libarchive/configurehack.patch +++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch @@ -1,4 +1,8 @@ -To work with autoconf 2.73, tweak the macro ordering in configure.in. +From 18d5b2ff6ba3bbe856777447e59ee4d3343b0131 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Thu, 27 Jul 2023 20:47:55 -0700 +Subject: [PATCH] To work with autoconf 2.73, tweak the macro ordering in + configure.in. Upstream-Status: Pending Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> @@ -7,10 +11,10 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac -index 503bb75..e3101da 100644 +index 227275a..b75eb87 100644 --- a/configure.ac +++ b/configure.ac -@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then +@@ -429,6 +429,19 @@ if test "x$with_bz2lib" != "xno"; then esac fi @@ -30,7 +34,7 @@ index 503bb75..e3101da 100644 AC_ARG_WITH([libb2], AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2])) -@@ -678,19 +691,6 @@ fi +@@ -693,19 +706,6 @@ fi AC_SUBST(DEAD_CODE_REMOVAL) @@ -50,6 +54,3 @@ index 503bb75..e3101da 100644 # Check for tm_gmtoff in struct tm AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,, [ --- -2.34.1 - diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.5.bb similarity index 96% rename from meta/recipes-extended/libarchive/libarchive_3.7.4.bb rename to meta/recipes-extended/libarchive/libarchive_3.7.5.bb index da85764116..15a307c2f5 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.5.bb @@ -33,7 +33,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" SRC_URI += "file://configurehack.patch" UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8" +SRC_URI[sha256sum] = "37556113fe44d77a7988f1ef88bf86ab68f53d11e85066ffd3c70157cc5110f1" CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"