linux/poky.git/meta/recipes-extended/libarchive, branch zeus Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=zeus 2020-03-19T09:57:51+00:00 libarchive: Fix CVE-2020-9308 2020-03-19T09:57:51+00:00 Wenlin Kang wenlin.kang@windriver.com 2020-03-14T12:19:23+00:00 urn:sha1:9542f3282e9b25aaa97c24715a35c47923a07ecb Fix CVE-2020-9308 (From OE-Core rev: 878817358eb7c25ffa48d10dde9475299674a96c) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: fix CVE-2019-19221 2019-12-06T14:49:33+00:00 Anuj Mittal anuj.mittal@intel.com 2019-11-27T03:29:50+00:00 urn:sha1:6945f565c961f7fa5470a38245a2828c629a1098 Also see: https://github.com/libarchive/libarchive/issues/1276 (From OE-Core rev: 422bef7a205b9b5d48d5b0e0b2b14ac65484607a) (From OE-Core rev: f3e7298c32c430dfc955a2023474810ae32926ba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive:upgrade 3.3.3 -> 3.4.0 2019-08-28T10:31:21+00:00 Zang Ruochen zangrc.fnst@cn.fujitsu.com 2019-08-27T02:45:16+00:00 urn:sha1:662c64166fcba75bc6ed9ae59f492788982ff6f8 -libarchive/CVE-2018-1000877.patch -libarchive/CVE-2018-1000878.patch -libarchive/CVE-2018-1000879.patch -libarchive/CVE-2018-1000880.patch -libarchive/CVE-2019-1000019.patch -libarchive/CVE-2019-1000020.patch -libarchive/bug1066.patch -libarchive/non-recursive-extract-and-list.patch Removed since these are included in 3.4.0. -License-Update: Copyright year updated to 2018. (From OE-Core rev: 4f8fa80b6c57f29c68678cabcac5d114d1ff0500) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: fix up CVE IDs in patches 2019-03-29T08:28:53+00:00 Chen Qi Qi.Chen@windriver.com 2019-03-27T08:45:51+00:00 urn:sha1:14193f5860c738b191cb074ff4eb0bf8fbc9329b (From OE-Core rev: cf7473fae0f339286221f8e2b54d5c38ea41e6e2) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: integrate security fixes 2019-03-06T10:39:25+00:00 Ross Burton ross.burton@intel.com 2019-03-05T16:30:02+00:00 urn:sha1:4aafd981b85c3c03937d57a6afaa20546d987a19 Fix the following CVEs by backporting patches from upstream: - CVE-2019-1000019 - CVE-2019-1000020 - CVE-2018-1000877 - CVE-2018-1000878 - CVE-2018-1000879 - CVE-2018-1000880 (From OE-Core rev: ea251020304b9c18f31c39de867a47311b1bb46c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: fix bug1066 2018-10-11T22:06:35+00:00 Andrej Valek andrej.valek@siemens.com 2018-10-10T13:40:14+00:00 urn:sha1:31dbe40c9f9c5fe3073fab2a780f7a248995cc82 Fix out of bounds read on empty string filename for guntar, pax and v7tar (From OE-Core rev: 459506272b8800604886f6bd3bc32ee09d7bb906) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: Update 3.3.2 -> 3.3.3 2018-09-22T01:45:46+00:00 Otavio Salvador otavio@ossystems.com.br 2018-09-16T21:16:23+00:00 urn:sha1:4622cc08bfd1f195c17b153cc5ff40e939850434 This upgrades to 3.3.3 release and drop the backported patches when doing the recipe update. (From OE-Core rev: 60d99a4e64fdddbbe5863fa5879c813fa004600b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: CVE-2017-14501 2018-09-04T10:03:55+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-08-27T17:13:19+00:00 urn:sha1:381f016dccb78a8cf52ffde05459ff084b2f15fd iso9660: validate directory record length Affects libarchive <= 3.3.2 (From OE-Core rev: dea4280623f945c06e8132c888988373e686318e) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: CVE-2017-14503 2018-08-23T06:50:01+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-08-22T12:00:31+00:00 urn:sha1:79c8c364719440bc42f551a14b40bb7bae8901dd Reject LHA archive entries with negative size. Affects libarchive = 3.3.2 (From OE-Core rev: d6479f5d2e6de17bac8662f5057d87176524c6fa) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libarchive: Enable xz and lzo by default 2018-01-18T12:50:36+00:00 Otavio Salvador otavio@ossystems.com.br 2018-01-17T16:05:03+00:00 urn:sha1:9b302481982cb6ca92342f9bd5c9b54168424f57 The XZ format is widely used and multiple recipes inside OE-Core already use it, so making the XZ enabled by default align the expectation of users. The LZO, on the other side, is commonly used in embedded systems due its performance so it makes sense to be available by default. (From OE-Core rev: 6d24b0bc7ebddd10de5ad8f210b8ed85fc6ae769) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>