* [PATCH] libarchive: upgrade 3.8.5 -> 3.8.6
@ 2026-03-11 22:42 Peter Marko
2026-03-12 14:11 ` [OE-core] " Robert Yang
0 siblings, 1 reply; 2+ messages in thread
From: Peter Marko @ 2026-03-11 22:42 UTC (permalink / raw)
To: openembedded-core; +Cc: Peter Marko
From: Peter Marko <peter.marko@siemens.com>
Release information [1]:
Libarchive 3.8.6 is a security and bugfix release.
Notable fixes:
* libarchive: fix incompatibility with Nettle 4.x (#2858)
* libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859)
* bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
* 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
* 7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
* RAR5 reader: fix infinite loop in rar5 decompression (#2877)
* RAR5 reader: fix potential memory leak (#2892)
* RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893)
* CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab (#2895)
* mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878)
* various small bugfixes in code and documentation
[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.6
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
.../libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} (97%)
diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
similarity index 97%
rename from meta/recipes-extended/libarchive/libarchive_3.8.5.bb
rename to meta/recipes-extended/libarchive/libarchive_3.8.6.bb
index 7b10823002..d579cdb65a 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
@@ -34,7 +34,7 @@ SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz \
"
UPSTREAM_CHECK_URI = "https://www.libarchive.org/"
-SRC_URI[sha256sum] = "8a60f3a7bfd59c54ce82ae805a93dba65defd04148c3333b7eaa2102f03b7ffd"
+SRC_URI[sha256sum] = "213269b05aac957c98f6e944774bb438d0bd168a2ec60b9e4f8d92035925821c"
inherit autotools update-alternatives pkgconfig ptest
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] libarchive: upgrade 3.8.5 -> 3.8.6
2026-03-11 22:42 [PATCH] libarchive: upgrade 3.8.5 -> 3.8.6 Peter Marko
@ 2026-03-12 14:11 ` Robert Yang
0 siblings, 0 replies; 2+ messages in thread
From: Robert Yang @ 2026-03-12 14:11 UTC (permalink / raw)
To: peter.marko, openembedded-core
Hello,
I've taken this patch into rpm 6's upgrading because we need a PULL from
github:
https://github.com/libarchive/libarchive/pull/2846
https://lists.openembedded.org/g/openembedded-core/message/232960
// Robert
On 3/12/26 06:42, Peter Marko via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Release information [1]:
>
> Libarchive 3.8.6 is a security and bugfix release.
>
> Notable fixes:
> * libarchive: fix incompatibility with Nettle 4.x (#2858)
> * libarchive: fix NULL pointer dereference in archive_acl_from_text_w() (#2859)
> * bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
> * 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
> * 7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
> * RAR5 reader: fix infinite loop in rar5 decompression (#2877)
> * RAR5 reader: fix potential memory leak (#2892)
> * RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called twice (#2893)
> * CAB reader: fix memory leak on repeated calls to archive_read_support_format_cab (#2895)
> * mtree reader: Fix file descriptor leak in mtree parser cleanup (CWE-775, #2878)
> * various small bugfixes in code and documentation
>
> [1] https://github.com/libarchive/libarchive/releases/tag/v3.8.6
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---
> .../libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-extended/libarchive/{libarchive_3.8.5.bb => libarchive_3.8.6.bb} (97%)
>
> diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
> similarity index 97%
> rename from meta/recipes-extended/libarchive/libarchive_3.8.5.bb
> rename to meta/recipes-extended/libarchive/libarchive_3.8.6.bb
> index 7b10823002..d579cdb65a 100644
> --- a/meta/recipes-extended/libarchive/libarchive_3.8.5.bb
> +++ b/meta/recipes-extended/libarchive/libarchive_3.8.6.bb
> @@ -34,7 +34,7 @@ SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz \
> "
> UPSTREAM_CHECK_URI = "https://www.libarchive.org/"
>
> -SRC_URI[sha256sum] = "8a60f3a7bfd59c54ce82ae805a93dba65defd04148c3333b7eaa2102f03b7ffd"
> +SRC_URI[sha256sum] = "213269b05aac957c98f6e944774bb438d0bd168a2ec60b9e4f8d92035925821c"
>
> inherit autotools update-alternatives pkgconfig ptest
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#232914): https://lists.openembedded.org/g/openembedded-core/message/232914
> Mute This Topic: https://lists.openembedded.org/mt/118270139/7304958
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [liezhi.yang@eng.windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-12 14:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-11 22:42 [PATCH] libarchive: upgrade 3.8.5 -> 3.8.6 Peter Marko
2026-03-12 14:11 ` [OE-core] " Robert Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox