aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip
AgeCommit message (Collapse)Author
2015-11-05unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
2015-07-08unzip: drop 12-cve-2014-9636-test-compr-eb.patchRoy Li
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-08unzip: fix four CVE defectsRoy Li
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix: cve-2014-8139 cve-2014-8140 cve-2014-8141 cve-2014-9636 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-06-28unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315Roy Li
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. (From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-20unzip: Add ALTERNATIVE configurationSaul Wold
Since busybox also provides the unzip command use the update-alternatives mechanism to address this. [YOCTO #7446] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-01-29unzip: Pass LDFLAGS to the linkerMikhail Durnev
Change Makefile to use LDFLAGS Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-02Replace one-line DESCRIPTION with SUMMARYPaul Eggleton
A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2012-11-24unzip: pay some attention to our CFLAGSJoe Slater
Makefile makes use of CFLAGS_NOOPT. If we set that when calling make we can enable options like -g. The Makefile will override any optimization to -O3. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-11-02recipes-extended: replace virtclass-native(sdk) with class-native(sdk)Robert Yang
The overrides virtclass-native and virtclass-nativesdk are deprecated, which should be replaced by class-native and class-nativesdk. [YOCTO #3297] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-03-16unzip: Fix unpackaged files warningsRichard Purdie
WARNING: For recipe unzip, the following files/directories were installed but not shipped in any package: WARNING: /usr/man Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-12-15Patch Upstream Status UpdatesSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-12-08OECore license fixes: meta/*Elizabeth Flanagan
This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
2011-06-23unzip: Avoid stripping binariesMark Hatle
Not only do we have to override things on the make line, but we need to hack on configure as well to avoid certain behavior. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2010-12-09SRC_URI Checksums AdditionalsSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2010-09-01packages: Separate out most of the remaining packages into recipesRichard Purdie
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 15:37:48 +0000