* [PR PATCH] libarchive: update to 3.6.2. CVE-2022-36227
@ 2022-12-22 9:46 crtxcr
2022-12-22 9:55 ` [PR PATCH] [Merged]: " sgn
0 siblings, 1 reply; 2+ messages in thread
From: crtxcr @ 2022-12-22 9:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 696 bytes --]
There is a new pull request by crtxcr against master on the void-packages repository
https://github.com/crtxcr/void-packages update_libarchive
https://github.com/void-linux/void-packages/pull/41235
libarchive: update to 3.6.2. CVE-2022-36227
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
A patch file from https://github.com/void-linux/void-packages/pull/41235.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-update_libarchive-41235.patch --]
[-- Type: text/x-diff, Size: 2977 bytes --]
From e97876a9c8149be3df949372dfa643a688488d83 Mon Sep 17 00:00:00 2001
From: Albert Schwarzkopf <dev-voidlinux@quitesimple.org>
Date: Thu, 22 Dec 2022 10:40:02 +0100
Subject: [PATCH] libarchive: update to 3.6.2.
Fix CVE-2022-36227.
Drop patch not required anymore.
---
.../patches/fix-build-glibc-2.36.patch | 41 -------------------
srcpkgs/libarchive/template | 4 +-
2 files changed, 2 insertions(+), 43 deletions(-)
delete mode 100644 srcpkgs/libarchive/patches/fix-build-glibc-2.36.patch
diff --git a/srcpkgs/libarchive/patches/fix-build-glibc-2.36.patch b/srcpkgs/libarchive/patches/fix-build-glibc-2.36.patch
deleted file mode 100644
index 7c88ca1b1ca0..000000000000
--- a/srcpkgs/libarchive/patches/fix-build-glibc-2.36.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 25 Jul 2022 10:56:53 -0700
-Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is
- present
-
-These headers are in conflict and only one is needed by
-archive_read_disk_posix.c therefore include linux/fs.h if it exists
-otherwise include sys/mount.h
-
-It also helps compiling with glibc 2.36
-where sys/mount.h conflicts with linux/mount.h see [1]
-
-[1] https://sourceware.org/glibc/wiki/Release/2.36
----
- libarchive/archive_read_disk_posix.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c
-index 2b39e672b..a96008db7 100644
---- a/libarchive/archive_read_disk_posix.c
-+++ b/libarchive/archive_read_disk_posix.c
-@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$");
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
- #endif
--#ifdef HAVE_SYS_MOUNT_H
--#include <sys/mount.h>
--#endif
- #ifdef HAVE_SYS_STAT_H
- #include <sys/stat.h>
- #endif
-@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$");
- #endif
- #ifdef HAVE_LINUX_FS_H
- #include <linux/fs.h>
-+#elif HAVE_SYS_MOUNT_H
-+#include <sys/mount.h>
- #endif
- /*
- * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
diff --git a/srcpkgs/libarchive/template b/srcpkgs/libarchive/template
index 653c33ab8a9d..535c656e36c9 100644
--- a/srcpkgs/libarchive/template
+++ b/srcpkgs/libarchive/template
@@ -1,6 +1,6 @@
# Template file for 'libarchive'
pkgname=libarchive
-version=3.6.1
+version=3.6.2
revision=1
bootstrap=yes
build_style=gnu-configure
@@ -18,7 +18,7 @@ license="BSD-2-Clause"
homepage="http://www.libarchive.org/"
changelog="https://raw.githubusercontent.com/wiki/libarchive/libarchive/ReleaseNotes.md"
distfiles="https://github.com/libarchive/libarchive/releases/download/v${version}/libarchive-${version}.tar.gz"
-checksum=c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2
+checksum=ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3
build_options="acl expat lzo lz4 ssl zstd"
build_options_default="acl ssl lz4 zstd"
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PR PATCH] [Merged]: libarchive: update to 3.6.2. CVE-2022-36227
2022-12-22 9:46 [PR PATCH] libarchive: update to 3.6.2. CVE-2022-36227 crtxcr
@ 2022-12-22 9:55 ` sgn
0 siblings, 0 replies; 2+ messages in thread
From: sgn @ 2022-12-22 9:55 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 537 bytes --]
There's a merged pull request on the void-packages repository
libarchive: update to 3.6.2. CVE-2022-36227
https://github.com/void-linux/void-packages/pull/41235
Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-22 9:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-22 9:46 [PR PATCH] libarchive: update to 3.6.2. CVE-2022-36227 crtxcr
2022-12-22 9:55 ` [PR PATCH] [Merged]: " sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).