| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
iso9660: validate directory record length
Affects libarchive <= 3.3.2
(From OE-Core rev: dea4280623f945c06e8132c888988373e686318e)
(From OE-Core rev: ab1bfa1872d44ea7fff096df781521143a907545)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
(From OE-Core rev: 3e000591928cfc35df192c7eb00db65687930566)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is needed for meta-swupd. Without it, some bsdtar
invocations fail with:
bsdtar: Option -n is not permitted in mode -x
The patch was removed in the update to 3.3.1 with the claim that it
had been merged upstream, but that is not the case.
(From OE-Core rev: 38c86302ebdf886b887165aff06560c63a1537b9)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
read_header in archive_read_support_format_rar.c suffers from an
off-by-one error for UTF-16 names in RAR archives, leading to an
out-of-bounds read in archive_read_format_rar_read_header.
Backport the patch from
https://github.com/libarchive/libarchive/commit
commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6
CVE: CVE-2017-14502
(From OE-Core rev: 0bedb69abff85cc07ad4a54eed41d15d0a38c080)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 9b248a17d60b70cb715f15c0401dc5ddc38eee98)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Drop merged 0001-configure.ac-check-acl-libacl.h-and-sys-acl.h-based-.patch
(From OE-Core rev: 4d65a93d3e705cfb9b4cfe102e9d0cabaffe7a52)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update configure.ac to properly handle --disable-acl option
[YOCTO #9668]
(From OE-Core rev: 84fe3f29f2bdaf98c9beefdfede143084fba093b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All patches are removed as they are no longer needed. Most were merged into this
release of libarchive. "0001-Set-xattrs-after-setting-times.patch" was dropped
upstream after discussion, see https://github.com/libarchive/libarchive/pull/664.
The COPYING file in libarchive had a couple of minor changes to clarify which
files are under which copyrights but the overall license is unaffected.
(From OE-Core rev: 4976382011106b9515e44359f2f6bb1d0c69fdb3)
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With Integrity Measurement Architecture (IMA) enabled in Linux
kernel the security.ima extended attribute gets overwritten
when setting times on a file with a futimens() call. So it's safer
to set xattrs after times.
(From OE-Core rev: 9bef9e0a9904beeaea1417f9b66089e7555beb26)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.
This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.
(From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch is a CVE fix, so rename it to help CVE detection tools identify it as
such.
(From OE-Core rev: 3fd05ce1f709cbbd8fdeb1dbfdffbd39922eca6e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4201e432e4034907efeaebfea6509e821a9ba3c5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libarchive: Updated libarchive packages fix security vulnerability
Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
(From OE-Core rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: fe277bf0a61d5d7787dba699ee1ed4d979ba5cff)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE description:
Integer signedness error in the archive_write_zip_data function in
archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running
on 64-bit machines, allows context-dependent attackers to cause a denial of
service (crash) via unspecified vectors, which triggers an improper conversion
between unsigned and signed types, leading to a buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211
(From OE-Core rev: 355a8086637b859a469e1f2dc717b4ccec00b970)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All patches against libarchive in oe-core appear to be merged into the latest
release. The license checksum has changed because a couple of referenced files
have been renamed but there is no change to the license terms themselves.
(From OE-Core rev: f3fd24badd189bbb083dba9397598e1566d1e4be)
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patches are found, but not used by any recipe, so we should
remove them.
meta/recipes-connectivity/avahi/files/fix_for_automake_1.11.2.patch
meta/recipes-connectivity/dhcp/dhcp/fix-client-path.patch
meta/recipes-connectivity/libnss-mdns/files/alignment-fix.patch
meta/recipes-core/dbus/dbus-1.6.10/test-run-path.patch
meta/recipes-core/gettext/gettext-0.16.1/fixchicken.patch
meta/recipes-core/gettext/gettext-0.16.1/getline.m4.patch
meta/recipes-core/systemd/systemd/use-rootlibdir.patch
meta/recipes-core/util-linux/util-linux/remove-lscpu.patch
meta/recipes-core/util-linux/util-linux/remove_sigsetmark.patch
meta/recipes-core/util-linux/util-linux/uclibc-compile.patch
meta/recipes-devtools/autoconf/autoconf/autoconf-x.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build.patch
meta/recipes-devtools/btrfs-tools/btrfs-tools/btrfs-progs-fix-parallel-build2.patch
meta/recipes-devtools/cdrtools/cdrtools-native/no_usr_src.patch
meta/recipes-devtools/elfutils/elfutils-0.155/elfutils-robustify.patch
meta/recipes-devtools/gdb/gdb/libiberty-cross.patch
meta/recipes-devtools/perl/perl-5.14.3/asm-pageh-fix.patch
meta/recipes-devtools/python/python-native/sys_platform_is_now_always_linux2.patch
meta/recipes-devtools/python/python-pygobject/generate-constants.patch
meta/recipes-devtools/qemu/files/3f08ffb4a4741d147634761dc053ed386243a0de.patch
meta/recipes-devtools/qemu/files/enable-i386-linux-user.patch
meta/recipes-devtools/qemu/files/init-info.patch
meta/recipes-devtools/rpm/rpm/rpm_fix_for_automake-1.12.patch
meta/recipes-devtools/tcf-agent/tcf-agent/fix_tcf-agent.init.patch
meta/recipes-extended/iputils/files/arping-break-libsysfs-dependency.patch
meta/recipes-extended/libarchive/libarchive/0003-Patch-from-upstream-rev-2516.patch
meta/recipes-extended/procps/procps-3.2.8/pagesz-not-constant.patch
meta/recipes-gnome/gtk+/gtk+-2.24.22/no-demos.patch
meta/recipes-gnome/libglade/libglade-2.6.4/no-deprecation.patch
meta/recipes-graphics/mesa/mesa/0005-llvmpipe-remove-the-power-of-two-sizeof-struct-cmd_b.patch
meta/recipes-graphics/xorg-lib/libxxf86dga/libxxf86dga-1.1.3_fix_for_x32.patch
meta/recipes-kernel/kmod/kmod/fix-undefined-O_CLOEXEC.patch
meta/recipes-kernel/linux-libc-headers/linux-libc-headers/connector-msg-size-fix.patch
meta/recipes-kernel/linux/linux-yocto/tools-perf-no-scripting.patch
meta/recipes-support/gnutls/gnutls/gnutls-texinfo-euro.patch
meta/recipes-support/nspr/nspr/fix-build-on-aarch64.patch
[YOCTO #5180]
(From OE-Core rev: e5d81f757de4bd1bfd37a96300edd50b77b0d21c)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
This recipe has been imported from OpenEmbedded (rev
6db4b9050e0e8b963e2a6b63790e48e3042ea99e).
(From OE-Core rev: 292a45064aa9926868c798341dc72f183c5de076)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
