projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9295f64) | patch
package/libarchive: security bump to version 3.4.1
authorPierre-Jean Texier <pjtexier@koncepto.io>
Mon, 6 Jan 2020 19:56:37 +0000 (20:56 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Mon, 6 Jan 2020 22:29:20 +0000 (23:29 +0100)
commitbbc64eae62f86434096b290d602873e393d59c43
tree88da48c61acbb1e03624d0e2b7213ac6926f84c1tree
parent9295f6465042432c0ca02157b9c03a4f38c49c00commit | diff
package/libarchive: security bump to version 3.4.1

Fixes the following security vulnerabilities:

- CVE-2019-19221: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
 has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example,
 bsdtar crashes via a crafted archive.

And adds various security fixes.  For details, see :

https://github.com/libarchive/libarchive/releases/tag/v3.4.1

Also remove upstreamed patch.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/libarchive/0001-Unbreak-compilation-without-zlib.patch [deleted file] blob | history
package/libarchive/libarchive.hash diff | blob | history
package/libarchive/libarchive.mk diff | blob | history