[1/1] libarchive: upgrade 3.7.7 -> 3.7.8

Message ID	20250325090733.1137503-1-yogita.urade@windriver.com
State	Accepted, archived
Commit	861d6a37e9457510e526c7cd5a63c82d9c48b591
Headers	show Return-Path: <Yogita.Urade@windriver.com> ip: 205.220.166.238, mailfrom: prvs=51792dbb80=yogita.urade@windriver.com) From: yurade <yogita.urade@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [OE-core][PATCH 1/1] libarchive: upgrade 3.7.7 -> 3.7.8 Date: Tue, 25 Mar 2025 09:07:33 +0000 Message-ID: <20250325090733.1137503-1-yogita.urade@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[1/1] libarchive: upgrade 3.7.7 -> 3.7.8 \| expand [1/1] libarchive: upgrade 3.7.7 -> 3.7.8

Message ID

20250325090733.1137503-1-yogita.urade@windriver.com

State

Accepted, archived

Commit

861d6a37e9457510e526c7cd5a63c82d9c48b591

Headers

From: yurade <yogita.urade@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [OE-core][PATCH 1/1] libarchive: upgrade 3.7.7 -> 3.7.8
Date: Tue, 25 Mar 2025 09:07:33 +0000
Message-ID: <20250325090733.1137503-1-yogita.urade@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[1/1] libarchive: upgrade 3.7.7 -> 3.7.8 | expand

Commit Message

yurade March 25, 2025, 9:07 a.m. UTC

From: Yogita Urade <yogita.urade@windriver.com>

This upgrade includes fix for CVE-2024-57970, CVE-2025-25724 and
CVE-2025-1632

Changelog:
==========
Libarchive 3.7.8 is a bugfix and security release

Security fixes:
tar reader: Handle truncation in the middle of a GNU long linkname (#2422, CVE-2024-57970)
unzip: fix null pointer dereference (#2532, CVE-2025-1632)
tar reader: fix unchecked return value in list_item_verbose() (#2532, CVE-2025-25724)

Important bugfixes:
7zip reader: add SPARC (#2399) and POWERPC (#2459) filter support for non-LZMA compressors
tar reader: Ignore ustar size when pax size is present (#2405)
tar writer: Fix bug when -s/a/b/ used more than once with b flag (#2435)
cpio: Fix a Y2038 bug on Windows (#2471)
libarchive: Handle ARCHIVE_FILTER_LZOP in archive_read_append_filter (#2519)
libarchive: Adding missing seeker function to archive_read_open_FILE() (#2539)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 .../libarchive/{libarchive_3.7.7.bb => libarchive_3.7.8.bb}     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/libarchive/{libarchive_3.7.7.bb => libarchive_3.7.8.bb} (96%)

diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.7.bb b/meta/recipes-extended/libarchive/libarchive_3.7.8.bb
similarity index 96%
rename from meta/recipes-extended/libarchive/libarchive_3.7.7.bb
rename to meta/recipes-extended/libarchive/libarchive_3.7.8.bb
index 0a0a6b374b..d78b38d3e9 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.7.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.8.bb
@@ -33,7 +33,7 @@  SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
 
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
-SRC_URI[sha256sum] = "4cc540a3e9a1eebdefa1045d2e4184831100667e6d7d5b315bb1cbc951f8ddff"
+SRC_URI[sha256sum] = "a123d87b1bd8adb19e8c187da17ae2d957c7f9596e741b929e6b9ceefea5ad0f"
 
 CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"

[1/1] libarchive: upgrade 3.7.7 -> 3.7.8

Commit Message

Patch