aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
AgeCommit message (Collapse)Author
2016-03-02libarchive: Set xattrs after setting timesDmitry Rozhkov
With Integrity Measurement Architecture (IMA) enabled in Linux kernel the security.ima extended attribute gets overwritten when setting times on a file with a futimens() call. So it's safer to set xattrs after times. Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-31libarchive-native: Disable libxml2 supportRichard Purdie
For libarchive-native, we don't really need libxml2 support. Adding this means we need libxml2-native which means we need python-native and makes the dependency chains pretty heavy. The target case is unaffected. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-17libarchive: Add bsdtar and bsdcpio packagesDmitry Rozhkov
Some products might need to use a tar replacement that 1. supports xattrs and 2. has more permissive license than GNU tar. And the bsdtar binary produced from libarchive meets these requirements. Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-11-16libarchive: rename patch to reflect CVERoss Burton
This patch is a CVE fix, so rename it to help CVE detection tools identify it as such. Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-05-07libarchive: fix out of tree buildsRoss Burton
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-28libarchive: Security Advisory - libarchive - CVE-2015-2304Li Zhou
libarchive: Updated libarchive packages fix security vulnerability Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-08-11libarchive: add PACKAGECONFIG for nettleMartin Jansa
* fixes following floating dependencies: libarchive/libarchive/latest lost dependency on nettle libarchive/libarchive-bin/latest lost dependency on libxml2 nettle Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-06libarchive: avoid dependency on e2fsprogsPaul Eggleton
libarchive's configure script looks for ext2fs/ext2_fs.h in order to use some defines for file attributes support if present (but doesn't link to any additional libraries.) There is no configure option to disable this, and if e2fsprogs is rebuilding between do_configure and do_compile you can currently get a failure. Because it doesn't need anything else from e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway, copy the headers in from e2fsprogs-native which we're likely to have built already (and add it to DEPENDS just to be sure we have.) Fixes [YOCTO #6268]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-03recipes: Add missing pkgconfig class inheritsRichard Purdie
These recipes all use pkg-config in some way but were missing dependencies on the tool, this patch adds them. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28libarchive: Use pkg-config for libxml2 dependencyRichard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-04libarchive: Add PACKAGECONFIG for lzoPaul Barker
This ensures that the dependency on lzo is deterministic rather than floating. The configure option to libarchive refers to this library as 'lzo2' but it is just called 'lzo' in OpenEmbedded. Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-28libarchive: fix CVE-2013-0211Baogen Shang
CVE description: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-28autotools-brokensep: Mark recipes with broken separate build dir supportRichard Purdie
This patch goes through the OE-Core recipes and marks those which use autotools but don't support a separate build directory (${S} != ${B}). A new class, autotools-brokensep is used for this purpose. This doesn't introduce any change in behaviour in its own right. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-08libarchive: Upgrade to v3.1.2Paul Barker
All patches against libarchive in oe-core appear to be merged into the latest release. The license checksum has changed because a couple of referenced files have been renamed but there is no change to the license terms themselves. Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-01 14:15:54 +0000