Date: Fri, 29 Oct 2021 17:50:08 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 259534] archivers/advancecomp: Update to 2.2.g20210429 and fix CVEs Message-ID: <bug-259534-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259534 Bug ID: 259534 Summary: archivers/advancecomp: Update to 2.2.g20210429 and fix CVEs Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/amadvance/advancecomp/releases OS: Any Status: New Keywords: security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: fuz@fuz.su Attachment #229127 maintainer-approval+ Flags: Created attachment 229127 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D229127&action= =3Dedit archivers/advancecomp: Update to 2.2.g20210429 This updates archivers/advancecomp to a few commits after the 2.1 version.= =20 This is needed as CVE-2019-9210, CVE-2019-8383, and CVE-2019-8379 are open = in 2.1 but fixed in the git repository. No significant other changes have occurred since version 2.1. While we are at it... - follow project to new upstream - unbundle libdeflate - hook up test suite - add a BZIP2 option - take maintainership of this unmaintained port Relevant upstream changes: - Added support for reading MNG files with depth of 1, 2, and 4 bits. - Fixed a crash condition with invalid ZIP data. - Support ZIPs with data descriptor signature. Tested with Poudriere on armv7 arm64 FreeBSD 13. Test suite passes (if BZIP2 is disabled), portlint is happy. Please MFH this change as it fixes open security problems. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259534-7788>