aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/libarchive/libarchive
Commit message (Collapse)AuthorAgeFilesLines
* libarchive: integrate security fixesRoss Burton2019-03-056-0/+331
| | | | | | | | | | | | | Fix the following CVEs by backporting patches from upstream: - CVE-2019-1000019 - CVE-2019-1000020 - CVE-2018-1000877 - CVE-2018-1000878 - CVE-2018-1000879 - CVE-2018-1000880 Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: fix bug1066Andrej Valek2018-10-101-0/+54
| | | | | | | Fix out of bounds read on empty string filename for guntar, pax and v7tar Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Update 3.3.2 -> 3.3.3Otavio Salvador2018-09-215-224/+0
| | | | | | | | This upgrades to 3.3.3 release and drop the backported patches when doing the recipe update. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: CVE-2017-14501Jagadeesh Krishnanjanappa2018-09-041-0/+79
| | | | | | | | | iso9660: validate directory record length Affects libarchive <= 3.3.2 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: CVE-2017-14503Jagadeesh Krishnanjanappa2018-08-231-0/+33
| | | | | | | | | Reject LHA archive entries with negative size. Affects libarchive = 3.3.2 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: re-add non-recursive extract and list supportPatrick Ohly2017-10-061-0/+153
| | | | | | | | | | | | This patch is needed for meta-swupd. Without it, some bsdtar invocations fail with: bsdtar: Option -n is not permitted in mode -x The patch was removed in the update to 3.3.1 with the claim that it had been merged upstream, but that is not the case. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: CVE-2017-14502Zhixiong Chi2017-10-061-0/+37
| | | | | | | | | | | | | | read_header in archive_read_support_format_rar.c suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. Backport the patch from https://github.com/libarchive/libarchive/commit commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6 CVE: CVE-2017-14502 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: fix bug929 and CVE-2017-14166Andrej Valek2017-09-122-0/+75
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: update to 3.2.1Alexander Kanavin2016-07-101-66/+0
| | | | | | | Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: respect disable-acl configuration optionMaxin B. John2016-06-051-0/+66
| | | | | | | | | Update configure.ac to properly handle --disable-acl option [YOCTO #9668] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Upgrade to v3.2.0Paul Barker2016-06-015-320/+0
| | | | | | | | | | | | All patches are removed as they are no longer needed. Most were merged into this release of libarchive. "0001-Set-xattrs-after-setting-times.patch" was dropped upstream after discussion, see https://github.com/libarchive/libarchive/pull/664. The COPYING file in libarchive had a couple of minor changes to clarify which files are under which copyrights but the overall license is unaffected. Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Set xattrs after setting timesDmitry Rozhkov2016-03-021-0/+59
| | | | | | | | | | With Integrity Measurement Architecture (IMA) enabled in Linux kernel the security.ima extended attribute gets overwritten when setting times on a file with a futimens() call. So it's safer to set xattrs after times. Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* Add "CVE:" tag to current patches in OE-coreMariano Lopez2016-01-112-0/+2
| | | | | | | | | | | The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: rename patch to reflect CVERoss Burton2015-11-161-0/+0
| | | | | | | This patch is a CVE fix, so rename it to help CVE detection tools identify it as such. Signed-off-by: Ross Burton <ross.burton@intel.com>
* libarchive: fix out of tree buildsRoss Burton2015-05-071-0/+45
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Security Advisory - libarchive - CVE-2015-2304Li Zhou2015-04-281-0/+151
| | | | | | | | | | | libarchive: Updated libarchive packages fix security vulnerability Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Use pkg-config for libxml2 dependencyRichard Purdie2014-05-281-0/+25
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: fix CVE-2013-0211Baogen Shang2014-03-281-0/+38
| | | | | | | | | | | | | | | CVE description: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Upgrade to v3.1.2Paul Barker2014-01-086-196/+0
| | | | | | | | | All patches against libarchive in oe-core appear to be merged into the latest release. The license checksum has changed because a couple of referenced files have been renamed but there is no change to the license terms themselves. Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com>
* meta/*: remove unnecessary patchesChong Lu2013-12-101-63/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches are found, but not used by any recipe, so we should remove them. meta/recipes-connectivity/avahi/files/fix_for_automake_1.11.2.patch meta/recipes-connectivity/dhcp/dhcp/fix-client-path.patch meta/recipes-connectivity/libnss-mdns/files/alignment-fix.patch meta/recipes-core/dbus/dbus-1.6.10/test-run-path.patch meta/recipes-core/gettext/gettext-0.16.1/fixchicken.patch meta/recipes-core/gettext/gettext-0.16.1/getline.m4.patch meta/recipes-core/systemd/systemd/use-rootlibdir.patch meta/recipes-core/util-linux/util-linux/remove-lscpu.patch meta/recipes-core/util-linux/util-linux/remove_sigsetmark.patch meta/recipes-core/util-linux/util-linux/uclibc-compile.patch meta/recipes-devtools/autoconf/autoconf/autoconf-x.patch meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build.patch meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build2.patch meta/recipes-devtools/cdrtools/cdrtools-native/no_usr_src.patch meta/recipes-devtools/elfutils/elfutils-0.155/elfutils-robustify.patch meta/recipes-devtools/gdb/gdb/libiberty-cross.patch meta/recipes-devtools/perl/perl-5.14.3/asm-pageh-fix.patch meta/recipes-devtools/python/python-native/sys_platform_is_now_always_linux2.patch meta/recipes-devtools/python/python-pygobject/generate-constants.patch meta/recipes-devtools/qemu/files/3f08ffb4a4741d147634761dc053ed386243a0de.patch meta/recipes-devtools/qemu/files/enable-i386-linux-user.patch meta/recipes-devtools/qemu/files/init-info.patch meta/recipes-devtools/rpm/rpm/rpm_fix_for_automake-1.12.patch meta/recipes-devtools/tcf-agent/tcf-agent/fix_tcf-agent.init.patch meta/recipes-extended/iputils/files/arping-break-libsysfs-dependency.patch meta/recipes-extended/libarchive/libarchive/0003-Patch-from-upstream-rev-2516.patch meta/recipes-extended/procps/procps-3.2.8/pagesz-not-constant.patch meta/recipes-gnome/gtk+/gtk+-2.24.22/no-demos.patch meta/recipes-gnome/libglade/libglade-2.6.4/no-deprecation.patch meta/recipes-graphics/mesa/mesa/0005-llvmpipe-remove-the-power-of-two-sizeof-struct-cmd_b.patch meta/recipes-graphics/xorg-lib/libxxf86dga/libxxf86dga-1.1.3_fix_for_x32.patch meta/recipes-kernel/kmod/kmod/fix-undefined-O_CLOEXEC.patch meta/recipes-kernel/linux-libc-headers/linux-libc-headers/connector-msg-size-fix.patch meta/recipes-kernel/linux/linux-yocto/tools-perf-no-scripting.patch meta/recipes-support/gnutls/gnutls/gnutls-texinfo-euro.patch meta/recipes-support/nspr/nspr/fix-build-on-aarch64.patch [YOCTO #5180] Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: add 2.8.4 versionOtavio Salvador2011-07-087-0/+259
This recipe has been imported from OpenEmbedded (rev 6db4b9050e0e8b963e2a6b63790e48e3042ea99e). Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>