summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip/unzip
Commit message (Collapse)AuthorAgeFilesLines
* unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea2015-12-082-0/+69
| | | | | | | | | | | | | | | | CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 (From OE-Core rev: 458d877590bcd39c7f05d31cc6e7600ca59de332) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: drop 12-cve-2014-9636-test-compr-eb.patchRoy Li2015-07-081-45/+0
| | | | | | | | | | | | 12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23) (From OE-Core rev: 0a849983d066cd1beee64cef94b2c8421275b45c) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix four CVE defectsRoy Li2015-07-084-0/+274
| | | | | | | | | | | | | | Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix: cve-2014-8139 cve-2014-8140 cve-2014-8141 cve-2014-9636 (From OE-Core rev: 2bf9165f5db5edd946a064dc5e877f97817dbae0) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315Roy Li2015-06-282-0/+447
| | | | | | | | | | | | | | | | | | | | | | | | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. (From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802) (From OE-Core rev: d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Pass LDFLAGS to the linkerMikhail Durnev2014-01-291-0/+18
| | | | | | | | | Change Makefile to use LDFLAGS (From OE-Core rev: 4f211322eb1179db62c03616b4c113114c612cf8) Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Patch Upstream Status UpdatesSaul Wold2011-12-151-0/+2
| | | | | | | (From OE-Core rev: 0eb139619301d0efee330932eba3617dcb39284e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Avoid stripping binariesMark Hatle2011-06-231-0/+48
Not only do we have to override things on the make line, but we need to hack on configure as well to avoid certain behavior. (From OE-Core rev: 97a6bf1787995f15c8033bd26bdbe50c7efbbcfd) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-08 16:55:15 +0000