openembedded-core.git/meta/recipes-extended/libarchive, branch thud Mirror of openembedded-core libarchive: fix bug1066 2018-10-10T22:23:55+00:00 Andrej Valek andrej.valek@siemens.com 2018-10-10T13:40:14+00:00 459506272b8800604886f6bd3bc32ee09d7bb906 Fix out of bounds read on empty string filename for guntar, pax and v7tar Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fix out of bounds read on empty string filename for guntar, pax and v7tar

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: Update 3.3.2 -> 3.3.3 2018-09-21T15:15:19+00:00 Otavio Salvador otavio@ossystems.com.br 2018-09-16T21:16:23+00:00 60d99a4e64fdddbbe5863fa5879c813fa004600b This upgrades to 3.3.3 release and drop the backported patches when doing the recipe update. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> 
This upgrades to 3.3.3 release and drop the backported patches when
doing the recipe update.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libarchive: CVE-2017-14501 2018-09-04T10:03:31+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-08-27T17:13:19+00:00 dea4280623f945c06e8132c888988373e686318e iso9660: validate directory record length Affects libarchive <= 3.3.2 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
iso9660: validate directory record length

Affects libarchive <= 3.3.2

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: CVE-2017-14503 2018-08-23T06:45:32+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-08-22T12:00:31+00:00 d6479f5d2e6de17bac8662f5057d87176524c6fa Reject LHA archive entries with negative size. Affects libarchive = 3.3.2 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Reject LHA archive entries with negative size.

Affects libarchive = 3.3.2

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: Enable xz and lzo by default 2018-01-17T16:32:41+00:00 Otavio Salvador otavio@ossystems.com.br 2018-01-17T16:05:03+00:00 6d24b0bc7ebddd10de5ad8f210b8ed85fc6ae769 The XZ format is widely used and multiple recipes inside OE-Core already use it, so making the XZ enabled by default align the expectation of users. The LZO, on the other side, is commonly used in embedded systems due its performance so it makes sense to be available by default. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The XZ format is widely used and multiple recipes inside OE-Core
already use it, so making the XZ enabled by default align the
expectation of users. The LZO, on the other side, is commonly used in
embedded systems due its performance so it makes sense to be available
by default.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: re-add non-recursive extract and list support 2017-10-06T11:03:34+00:00 Patrick Ohly patrick.ohly@intel.com 2017-10-05T11:13:21+00:00 38c86302ebdf886b887165aff06560c63a1537b9 This patch is needed for meta-swupd. Without it, some bsdtar invocations fail with: bsdtar: Option -n is not permitted in mode -x The patch was removed in the update to 3.3.1 with the claim that it had been merged upstream, but that is not the case. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
This patch is needed for meta-swupd. Without it, some bsdtar
invocations fail with:
bsdtar: Option -n is not permitted in mode -x

The patch was removed in the update to 3.3.1 with the claim that it
had been merged upstream, but that is not the case.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libarchive: CVE-2017-14502 2017-10-06T11:03:32+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2017-09-28T08:06:05+00:00 0bedb69abff85cc07ad4a54eed41d15d0a38c080 read_header in archive_read_support_format_rar.c suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. Backport the patch from https://github.com/libarchive/libarchive/commit commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6 CVE: CVE-2017-14502 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
read_header in archive_read_support_format_rar.c suffers from an
off-by-one error for UTF-16 names in RAR archives, leading to an
out-of-bounds read in archive_read_format_rar_read_header.
Backport the patch from
https://github.com/libarchive/libarchive/commit
commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6

CVE: CVE-2017-14502

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libarchive: fix bug929 and CVE-2017-14166 2017-09-12T22:51:36+00:00 Andrej Valek andrej.valek@siemens.com 2017-09-11T14:20:37+00:00 9b248a17d60b70cb715f15c0401dc5ddc38eee98 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: Remove xz packageconfig --with-lzmadec option 2017-08-16T08:18:46+00:00 Fabio Berton fabio.berton@ossystems.com.br 2017-08-14T21:20:04+00:00 e1dda927d3734c0d272cfc7d99167498ca9d8f6d --with-lzmadec option was removed in libarchive commit: 30e1b7efd472e0439bea14df6a2d19cd8b5ac15e See Github PR: https://github.com/libarchive/libarchive/pull/806 Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
--with-lzmadec option was removed in libarchive commit:
30e1b7efd472e0439bea14df6a2d19cd8b5ac15e

See Github PR: https://github.com/libarchive/libarchive/pull/806

Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive: Upgrade to 3.3.2 release 2017-07-17T12:48:58+00:00 Otavio Salvador otavio@ossystems.com.br 2017-07-11T15:06:14+00:00 00cd51e4f9e4344faf0d2e6c1a7fa109901b48b2 Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>