Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7
@ 2022-05-21 12:40 Fabrice Fontaine
  2022-05-30 20:30 ` Thomas Petazzoni via buildroot
  2022-06-06 12:30 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-05-21 12:40 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix CVE-2022-30333: RARLAB UnRAR before 6.12 on Linux and UNIX allows
directory traversal to write to files during an extract (aka unpack)
operation, as demonstrated by creating a ~/.ssh/authorized_keys file.

6.12 application version corresponds to 6.1.7 source version:
https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/unrar/unrar.hash | 2 +-
 package/unrar/unrar.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/unrar/unrar.hash b/package/unrar/unrar.hash
index e354753bb2..40e05a1a32 100644
--- a/package/unrar/unrar.hash
+++ b/package/unrar/unrar.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  d05022442009202a792e588bec58921c123ff046fc755f7f2272871a5bd79636  unrarsrc-6.1.3.tar.gz
+sha256  de75b6136958173fdfc530d38a0145b72342cf0d3842bf7bb120d336602d88ed  unrarsrc-6.1.7.tar.gz
 sha256  6ecc1687808b7d66b24f874755abfed7464d9751ed0001cd4e8e5d9bf397ff8a  license.txt
diff --git a/package/unrar/unrar.mk b/package/unrar/unrar.mk
index 6923660153..fee9fb753b 100644
--- a/package/unrar/unrar.mk
+++ b/package/unrar/unrar.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-UNRAR_VERSION = 6.1.3
+UNRAR_VERSION = 6.1.7
 UNRAR_SOURCE = unrarsrc-$(UNRAR_VERSION).tar.gz
 UNRAR_SITE = https://www.rarlab.com/rar
 UNRAR_LICENSE = unrar
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7
  2022-05-21 12:40 [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7 Fabrice Fontaine
@ 2022-05-30 20:30 ` Thomas Petazzoni via buildroot
  2022-06-06 12:30 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:30 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

On Sat, 21 May 2022 14:40:33 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Fix CVE-2022-30333: RARLAB UnRAR before 6.12 on Linux and UNIX allows
> directory traversal to write to files during an extract (aka unpack)
> operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
> 
> 6.12 application version corresponds to 6.1.7 source version:
> https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/unrar/unrar.hash | 2 +-
>  package/unrar/unrar.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7
  2022-05-21 12:40 [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7 Fabrice Fontaine
  2022-05-30 20:30 ` Thomas Petazzoni via buildroot
@ 2022-06-06 12:30 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-06-06 12:30 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-30333: RARLAB UnRAR before 6.12 on Linux and UNIX allows
 > directory traversal to write to files during an extract (aka unpack)
 > operation, as demonstrated by creating a ~/.ssh/authorized_keys file.

 > 6.12 application version corresponds to 6.1.7 source version:
 > https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-06 12:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-21 12:40 [Buildroot] [PATCH 1/1] package/unrar: security bump to version 6.1.7 Fabrice Fontaine
2022-05-30 20:30 ` Thomas Petazzoni via buildroot
2022-06-06 12:30 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox