diff mbox series

[walnascar,2/2] libarchive: upgrade 3.7.9 -> 3.8.1

Message ID 20250626104814.3113263-2-divya.chellam@windriver.com
State Rejected
Delegated to: Steve Sakoman
Headers show
Series [walnascar,1/2] libarchive: correct upstream version check | expand

Commit Message

dchellam June 26, 2025, 10:48 a.m. UTC 
From: Divya Chellam <divya.chellam@windriver.com>

Includes bugfixes for CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917
and CVE-2025-5918, which are introduced in version 3.8.0.

License-Update: Public Domain file changed from libarchive/archive_getdate.c
    to libarchive/archive_parse_date.c
    https://github.com/libarchive/libarchive/commit/c26f0377457db392bd57a640e8fe25506120f810

Changelog:
==========
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
https://github.com/libarchive/libarchive/releases/tag/v3.8.1

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
 .../libarchive/{libarchive_3.7.9.bb => libarchive_3.8.1.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-extended/libarchive/{libarchive_3.7.9.bb => libarchive_3.8.1.bb} (93%)

Comments

Steve Sakoman June 26, 2025, 3:42 p.m. UTC | #1 
Hi Divya,

Unfortunately libarchive 3.8.0 adds new features and therefore is not
eligible for backporting to a stable release.

Steve

On Thu, Jun 26, 2025 at 3:48 AM dchellam via lists.openembedded.org
<Divya.Chellam=windriver.com@lists.openembedded.org> wrote:
>
> From: Divya Chellam <divya.chellam@windriver.com>
>
> Includes bugfixes for CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917
> and CVE-2025-5918, which are introduced in version 3.8.0.
>
> License-Update: Public Domain file changed from libarchive/archive_getdate.c
>     to libarchive/archive_parse_date.c
>     https://github.com/libarchive/libarchive/commit/c26f0377457db392bd57a640e8fe25506120f810
>
> Changelog:
> ==========
> https://github.com/libarchive/libarchive/releases/tag/v3.8.0
> https://github.com/libarchive/libarchive/releases/tag/v3.8.1
>
> Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
> ---
>  .../libarchive/{libarchive_3.7.9.bb => libarchive_3.8.1.bb}   | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta/recipes-extended/libarchive/{libarchive_3.7.9.bb => libarchive_3.8.1.bb} (93%)
>
> diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb b/meta/recipes-extended/libarchive/libarchive_3.8.1.bb
> similarity index 93%
> rename from meta/recipes-extended/libarchive/libarchive_3.7.9.bb
> rename to meta/recipes-extended/libarchive/libarchive_3.8.1.bb
> index d70cdb3d83..472b5820f0 100644
> --- a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
> +++ b/meta/recipes-extended/libarchive/libarchive_3.8.1.bb
> @@ -3,7 +3,7 @@ DESCRIPTION = "C library and command-line tools for reading and writing tar, cpi
>  HOMEPAGE = "http://www.libarchive.org/"
>  SECTION = "devel"
>  LICENSE = "BSD-2-Clause"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=7ce08437ff7f5e24d72e666313ae4084"
>
>  DEPENDS = "e2fsprogs-native"
>
> @@ -31,7 +31,7 @@ EXTRA_OECONF += "--enable-largefile --without-iconv"
>
>  SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
>
> -SRC_URI[sha256sum] = "aa90732c5a6bdda52fda2ad468ac98d75be981c15dde263d7b5cf6af66fd009f"
> +SRC_URI[sha256sum] = "bde832a5e3344dc723cfe9cc37f8e54bde04565bfe6f136bc1bd31ab352e9fab"
>
>  inherit autotools update-alternatives pkgconfig
>
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#219348): https://lists.openembedded.org/g/openembedded-core/message/219348
> Mute This Topic: https://lists.openembedded.org/mt/113841058/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb b/meta/recipes-extended/libarchive/libarchive_3.8.1.bb
similarity index 93%
rename from meta/recipes-extended/libarchive/libarchive_3.7.9.bb
rename to meta/recipes-extended/libarchive/libarchive_3.8.1.bb
index d70cdb3d83..472b5820f0 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.1.bb
@@ -3,7 +3,7 @@  DESCRIPTION = "C library and command-line tools for reading and writing tar, cpi
 HOMEPAGE = "http://www.libarchive.org/"
 SECTION = "devel"
 LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
+LIC_FILES_CHKSUM = "file://COPYING;md5=7ce08437ff7f5e24d72e666313ae4084"
 
 DEPENDS = "e2fsprogs-native"
 
@@ -31,7 +31,7 @@  EXTRA_OECONF += "--enable-largefile --without-iconv"
 
 SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "aa90732c5a6bdda52fda2ad468ac98d75be981c15dde263d7b5cf6af66fd009f"
+SRC_URI[sha256sum] = "bde832a5e3344dc723cfe9cc37f8e54bde04565bfe6f136bc1bd31ab352e9fab"
 
 inherit autotools update-alternatives pkgconfig