NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/lrzip: security bump to version 0.651

Browse Source 
- Fix CVE-2022-26291: lrzip v0.641 was discovered to contain a multiple
  concurrency use-after-free between the functions zpaq_decompress_buf()
  and clear_rulist(). This vulnerability allows attackers to cause a
  Denial of Service (DoS) via a crafted Irz file.
- Use official tarball and so drop autoreconf

https://github.com/ckolivas/lrzip/blob/v0.651/WHATS-NEW

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2022-10-16 00:26:05 +02:00 committed by Peter Korsgaard
parent 51812c3390
commit edbdad9397
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/lrzip/lrzip.hash
View File

@ -1,3 +1,3 @@
# Locally computed:
sha256 9b6b4bb1ae76dafbaab96ec9d50d41af5fed45a6c4f2e06feea828c2cd8025c0 lrzip-0.641.tar.gz
sha256 48bd8decb097c1596c9b3777959cd3e332819434ed77a2823e65aa436f1602f9 lrzip-0.651.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING

6
package/lrzip/lrzip.mk
View File

@ -4,9 +4,9 @@
#
################################################################################
LRZIP_VERSION = 0.641
LRZIP_SITE = $(call github,ckolivas,lrzip,v$(LRZIP_VERSION))
LRZIP_AUTORECONF = YES
LRZIP_VERSION = 0.651
LRZIP_SOURCE = lrzip-$(LRZIP_VERSION).tar.xz
LRZIP_SITE = http://ck.kolivas.org/apps/lrzip
LRZIP_LICENSE = GPL-2.0+
LRZIP_LICENSE_FILES = COPYING
LRZIP_CPE_ID_VENDOR = long_range_zip_project