[scarthgap,14/21] libarchive: upgrade 3.7.2 -> 3.7.4

Message ID	1c789d692e0bbea4c26cfad8c36abf051f54a444.1717243719.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/21] libarchive: upgrade 3.7.2 -> 3.7.4 Date: Sat, 1 Jun 2024 05:24:40 -0700 Message-Id: <1c789d692e0bbea4c26cfad8c36abf051f54a444.1717243719.git.steve@sakoman.com> In-Reply-To: <cover.1717243719.git.steve@sakoman.com> References: <cover.1717243719.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/21] ttyrun: define CVE_PRODUCT \| expand [scarthgap,01/21] ttyrun: define CVE_PRODUCT [scarthgap,02/21] ncurses: Fix CVE-2023-45918 [scarthgap,03/21] libusb1: Set CVE_PRODUCT [scarthgap,04/21] ghostscript: fix CVE-2024-33870 [scarthgap,05/21] ghostscript: fix CVE-2024-33869 [scarthgap,06/21] ghostscript: fix CVE-2024-33871 [scarthgap,07/21] ghostscript: fix CVE-2024-29510 [scarthgap,08/21] gcc: Fix for CVE-2024-0151 [scarthgap,09/21] xserver-xorg: upgrade 21.1.11 -> 21.1.12 [scarthgap,10/21] llvm: Upgrade to 18.1.4 [scarthgap,11/21] llvm: Upgrade to 18.1.5 [scarthgap,12/21] llvm: Switch to using release tarballs [scarthgap,13/21] ptest-runner: Bump to 2.4.4 (95f528c) [scarthgap,14/21] libarchive: upgrade 3.7.2 -> 3.7.4 [scarthgap,15/21] devtool: standard: update-recipe/finish: fix update localfile in another layer [scarthgap,16/21] oeqa/selftest/devtool: add test for updating local files into another layer [scarthgap,17/21] gstreamer1.0-plugins-good: Include qttools-native during the build with qt5 PACKA… [scarthgap,18/21] update-rc.d: add +git to PV [scarthgap,19/21] lib/package_manager/ipk: Do not hardcode payload compression algorithm [scarthgap,20/21] ipk: Fix clean up of extracted IPK payload [scarthgap,21/21] git: set --with-gitconfig=/etc/gitconfig for -native builds

Message ID

1c789d692e0bbea4c26cfad8c36abf051f54a444.1717243719.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 14/21] libarchive: upgrade 3.7.2 -> 3.7.4
Date: Sat,  1 Jun 2024 05:24:40 -0700
Message-Id: 
 <1c789d692e0bbea4c26cfad8c36abf051f54a444.1717243719.git.steve@sakoman.com>
In-Reply-To: <cover.1717243719.git.steve@sakoman.com>
References: <cover.1717243719.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/21] ttyrun: define CVE_PRODUCT | expand

Commit Message

Steve Sakoman June 1, 2024, 12:24 p.m. UTC

From: Yogita Urade <yogita.urade@windriver.com>

Changlog:
========
   rar: Fix OOB in rar e8 filter
   zip: Fix out of boundary access
   7zip: Limit amount of properties
   bsdtar: Fix error handling around strtol() usages
   passphrase: Improve newline handling on Windows
   passphrase: Never allow empty passwords
   rar: Fix "File CRC Error" when extracting specific rar4 archives
   xar: Avoid infinite link loop
   zip: Update AppleDouble support for directories
   zstd: Implement core detection
   PCRE2 support
   add trailing letter b to bsdtar(1) substitute pattern
   add support for long options "--group" and "--owner" to tar(1)
   Fix possible vulnerability in tar error reporting introduced in f27c173
   ISO9660: preserve the natural order of links
   rar5: fix decoding unicode filenames on Windows
   rar5: fix infinite loop if during rar5 decompression the last block produced no data
   xz filter: fix incorrect eof at the end of an lzip member
   zip: fix end-of-data marker processing when decompressing zip archives
   multiple bsdunzip(1) fixes
   filetime truncation fix on Windows

Adjusted configurehack.patch to align with upgraded version.

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libarchive/libarchive/configurehack.patch | 19 ++++++++++++-------
 ...ibarchive_3.7.2.bb => libarchive_3.7.4.bb} |  2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)
 rename meta/recipes-extended/libarchive/{libarchive_3.7.2.bb => libarchive_3.7.4.bb} (96%)

diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
index f3989d99eb..44720fdd53 100644
--- a/meta/recipes-extended/libarchive/libarchive/configurehack.patch
+++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
@@ -2,12 +2,15 @@  To work with autoconf 2.73, tweak the macro ordering in configure.in.
 
 Upstream-Status: Pending
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ configure.ac | 26 +++++++++++++-------------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
 
-Index: libarchive-3.6.2/configure.ac
-===================================================================
---- libarchive-3.6.2.orig/configure.ac
-+++ libarchive-3.6.2/configure.ac
-@@ -357,6 +357,19 @@ if test "x$with_bz2lib" != "xno"; then
+diff --git a/configure.ac b/configure.ac
+index 5668d41..7e65e49 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then
    esac
  fi
  
@@ -27,9 +30,9 @@  Index: libarchive-3.6.2/configure.ac
  AC_ARG_WITH([libb2],
    AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2]))
  
-@@ -558,19 +571,6 @@ LDFLAGS=$save_LDFLAGS
+@@ -678,19 +691,6 @@ fi
  
- AC_SUBST(GC_SECTIONS)
+ AC_SUBST(DEAD_CODE_REMOVAL)
  
 -# Checks for typedefs, structures, and compiler characteristics.
 -AC_C_CONST
@@ -47,3 +50,5 @@  Index: libarchive-3.6.2/configure.ac
  # Check for tm_gmtoff in struct tm
  AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,,
  [
+--
+2.40.0
diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.2.bb b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
similarity index 96%
rename from meta/recipes-extended/libarchive/libarchive_3.7.2.bb
rename to meta/recipes-extended/libarchive/libarchive_3.7.4.bb
index 91f521fa4d..da85764116 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
@@ -33,7 +33,7 @@  SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
 SRC_URI += "file://configurehack.patch"
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
-SRC_URI[sha256sum] = "df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104"
+SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"
 
 CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"

[scarthgap,14/21] libarchive: upgrade 3.7.2 -> 3.7.4

Commit Message

Patch