aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
AgeCommit message (Collapse)Author
2015-11-16libarchive: rename patch to reflect CVERoss Burton
This patch is a CVE fix, so rename it to help CVE detection tools identify it as such. (From OE-Core rev: 3fd05ce1f709cbbd8fdeb1dbfdffbd39922eca6e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-05-07libarchive: fix out of tree buildsRoss Burton
(From OE-Core rev: 4201e432e4034907efeaebfea6509e821a9ba3c5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-28libarchive: Security Advisory - libarchive - CVE-2015-2304Li Zhou
libarchive: Updated libarchive packages fix security vulnerability Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. (From OE-Core rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-08-11libarchive: add PACKAGECONFIG for nettleMartin Jansa
* fixes following floating dependencies: libarchive/libarchive/latest lost dependency on nettle libarchive/libarchive-bin/latest lost dependency on libxml2 nettle (From OE-Core rev: a4dd641f54f12d454ba9c6db624b94df63f7d220) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-06libarchive: avoid dependency on e2fsprogsPaul Eggleton
libarchive's configure script looks for ext2fs/ext2_fs.h in order to use some defines for file attributes support if present (but doesn't link to any additional libraries.) There is no configure option to disable this, and if e2fsprogs is rebuilding between do_configure and do_compile you can currently get a failure. Because it doesn't need anything else from e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway, copy the headers in from e2fsprogs-native which we're likely to have built already (and add it to DEPENDS just to be sure we have.) Fixes [YOCTO #6268]. (From OE-Core rev: ad754e46ad477acfbe7543187a5c38bc333b8612) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-06-03recipes: Add missing pkgconfig class inheritsRichard Purdie
These recipes all use pkg-config in some way but were missing dependencies on the tool, this patch adds them. (From OE-Core rev: 2543b14dd0ca13005be0df027543431fc8e882ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28libarchive: Use pkg-config for libxml2 dependencyRichard Purdie
(From OE-Core rev: fe277bf0a61d5d7787dba699ee1ed4d979ba5cff) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-04libarchive: Add PACKAGECONFIG for lzoPaul Barker
This ensures that the dependency on lzo is deterministic rather than floating. The configure option to libarchive refers to this library as 'lzo2' but it is just called 'lzo' in OpenEmbedded. (From OE-Core rev: 09d729a21a2404095279c717c88ac494e2e716d6) Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-30libarchive: fix CVE-2013-0211Baogen Shang
CVE description: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211 (From OE-Core rev: 355a8086637b859a469e1f2dc717b4ccec00b970) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-28autotools-brokensep: Mark recipes with broken separate build dir supportRichard Purdie
This patch goes through the OE-Core recipes and marks those which use autotools but don't support a separate build directory (${S} != ${B}). A new class, autotools-brokensep is used for this purpose. This doesn't introduce any change in behaviour in its own right. (From OE-Core rev: 006b8a7808a58713af16c326dc37d07765334b12) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-10libarchive: Upgrade to v3.1.2Paul Barker
All patches against libarchive in oe-core appear to be merged into the latest release. The license checksum has changed because a couple of referenced files have been renamed but there is no change to the license terms themselves. (From OE-Core rev: f3fd24badd189bbb083dba9397598e1566d1e4be) Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-23 04:07:49 +0000