aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip/unzip
AgeCommit message (Collapse)Author
2016-01-11Add "CVE:" tag to current patches in OE-coreMariano Lopez
The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-11-16unzip: rename patch to reflect CVE fixRoss Burton
Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-11-02unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-01unzip: drop 12-cve-2014-9636-test-compr-eb.patchRoy Li
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-06-26unzip: fix four CVE defectsRoy Li
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix: cve-2014-8139 cve-2014-8140 cve-2014-8141 cve-2014-9636 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-05-14unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315Roy Li
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-01-29unzip: Pass LDFLAGS to the linkerMikhail Durnev
Change Makefile to use LDFLAGS Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-12-15Patch Upstream Status UpdatesSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-06-23unzip: Avoid stripping binariesMark Hatle
Not only do we have to override things on the make line, but we need to hack on configure as well to avoid certain behavior. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-12 08:57:01 +0000