From aee1b2acfb229482b3c93ae75249d9addb1fc68c Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Fri, 24 Apr 2015 15:36:36 +0800
Subject: libarchive: Security Advisory - libarchive - CVE-2015-2304

libarchive: Updated libarchive packages fix security vulnerability

Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.

(From OE-Core rev: e64a961e9c5e94e643896e4b68b85bd5b4c27470)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/libarchive/libarchive_3.1.2.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-extended/libarchive/libarchive_3.1.2.bb')

diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
index 96e2d500ed..75008c3e26 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -32,6 +32,7 @@ PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
            file://libarchive-CVE-2013-0211.patch \
            file://pkgconfig.patch \
+           file://0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch \
            "
 
 SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"
-- 
cgit v1.2.3-54-g00ecf