libarchive: Security Advisory - libarchive - CVE-2015-2304

libarchive: Updated libarchive packages fix security vulnerability Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths. (From OE-Core rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Li Zhou <li.zhou@windriver.com> 2015-04-24 15:36:36 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-04-28 07:56:56 +0100
commit: aee1b2acfb229482b3c93ae75249d9addb1fc68c (patch)
tree: 74b91d87dbaebfd55d7058d3721bb9e965ed51b5 /meta/recipes-extended/libarchive/libarchive_3.1.2.bb
parent: 0a6e3a9d69359ad64467dc29d8665ee7f425fbf9 (diff)
download: poky-aee1b2acfb229482b3c93ae75249d9addb1fc68c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
index 96e2d500ed..75008c3e26 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -32,6 +32,7 @@ PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
           file://libarchive-CVE-2013-0211.patch \
           file://pkgconfig.patch \
+           file://0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch \
           "
 SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"
author	Li Zhou <li.zhou@windriver.com>	2015-04-24 15:36:36 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-04-28 07:56:56 +0100
commit	aee1b2acfb229482b3c93ae75249d9addb1fc68c (patch)
tree	74b91d87dbaebfd55d7058d3721bb9e965ed51b5 /meta/recipes-extended/libarchive/libarchive_3.1.2.bb
parent	0a6e3a9d69359ad64467dc29d8665ee7f425fbf9 (diff)
download	poky-aee1b2acfb229482b3c93ae75249d9addb1fc68c.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb index 96e2d500ed..75008c3e26 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -32,6 +32,7 @@ PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
32	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \	32	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
33	file://libarchive-CVE-2013-0211.patch \	33	file://libarchive-CVE-2013-0211.patch \
34	file://pkgconfig.patch \	34	file://pkgconfig.patch \
		35	file://0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch \
35	"	36	"
36		37
37	SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"	38	SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"