From fbba456ff297ede9e957d96da94f406788a33f52 Mon Sep 17 00:00:00 2001 From: Tee KOBAYASHI Date: Fri, 8 Apr 2022 23:11:04 +0900 Subject: [PATCH] libarchive: Update to 3.6.1 --- packages/libarchive/build.sh | 5 ++-- .../libarchive-3.6.0-CVE-2022-26280.patch | 24 ------------------- 2 files changed, 2 insertions(+), 27 deletions(-) delete mode 100644 packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch diff --git a/packages/libarchive/build.sh b/packages/libarchive/build.sh index e012050e2..c3f109f13 100644 --- a/packages/libarchive/build.sh +++ b/packages/libarchive/build.sh @@ -2,10 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://www.libarchive.org/ TERMUX_PKG_DESCRIPTION="Multi-format archive and compression library" TERMUX_PKG_LICENSE="BSD 2-Clause" TERMUX_PKG_MAINTAINER="@termux" -TERMUX_PKG_VERSION=3.6.0 -TERMUX_PKG_REVISION=2 +TERMUX_PKG_VERSION=3.6.1 TERMUX_PKG_SRCURL=https://github.com/libarchive/libarchive/releases/download/v$TERMUX_PKG_VERSION/libarchive-$TERMUX_PKG_VERSION.tar.gz -TERMUX_PKG_SHA256=a36613695ffa2905fdedc997b6df04a3006ccfd71d747a339b78aa8412c3d852 +TERMUX_PKG_SHA256=c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2 TERMUX_PKG_AUTO_UPDATE=true TERMUX_PKG_DEPENDS="libbz2, libiconv, liblzma, libxml2, openssl, zlib" TERMUX_PKG_BREAKS="libarchive-dev" diff --git a/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch b/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch deleted file mode 100644 index ae892a7b2..000000000 --- a/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch +++ /dev/null @@ -1,24 +0,0 @@ -From cfaa28168a07ea4a53276b63068f94fce37d6aff Mon Sep 17 00:00:00 2001 -From: Tim Kientzle -Date: Thu, 24 Mar 2022 10:35:00 +0100 -Subject: [PATCH] ZIP reader: fix possible out-of-bounds read in - zipx_lzma_alone_init() - -Fixes #1672 ---- - libarchive/archive_read_support_format_zip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 38ada70b5..9d6c900b2 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -1667,7 +1667,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zip *zip) - */ - - /* Read magic1,magic2,lzma_params from the ZIPX stream. */ -- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) { -+ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, - "Truncated lzma data"); - return (ARCHIVE_FATAL);