summaryrefslogtreecommitdiffstats
path: root/package/libarchive
Commit message (Collapse)AuthorAgeFilesLines
* libarchive: security bump to version 3.3.2Baruch Siach2017-09-093-2/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-8687: Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8688: The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. CVE-2016-8689: The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. CVE-2016-10349: The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2017-5601: An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. Add upstream patch fixing the following issue: CVE-2017-14166: libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, package: use SPDX short identifier for BSD-2cRahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-2c is BSD-2-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, package: use SPDX short identifier for BSD-3cRahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: add selection of bsdcatFrank Hunleth2016-07-272-0/+17
| | | | | | | | | libarchive builds three commandline utilities: bsdtar, bsdcpio, and bsdcat. This change adds control over the third utility to the list of configuration options. Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: fix build error when linking with lzmaSergio Prado2016-07-231-1/+2
| | | | | | | | | | | | | | | | | | Build fails when linking with liblzma compiled without threads support. ./.libs/libarchive.so: undefined reference to `lzma_cputhreads' ./.libs/libarchive.so: undefined reference to `lzma_stream_encoder_mt' So let's enable LZMA only when toolchain has threads support. Fixes: http://autobuild.buildroot.org/results/2cb7f8a056982d0b894d0e2531ef357e74c8b796 http://autobuild.buildroot.org/results/d12954fbd460d396f255158fa127f39ff9d2be8d http://autobuild.buildroot.org/results/abe10c70f38423a212ab27d7d27e22174eaa5aab Many more... Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: security bump to version 3.2.1Gustavo Zacarias2016-06-232-2/+2
| | | | | | | | | | | Fixes: CVE-2016-4302 - Libarchive Rar RestartModel Code Execution Vulnerability CVE-2016-4300 - Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability CVE-2016-4809 - Memory allocate error in corrupted cpio archives Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libarchive: bump to version 3.2.0Frank Hunleth2016-06-203-73/+2
| | | | | | | The CVE patch is now included in this release. Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libarchive: add host variantThomas Petazzoni2016-06-121-0/+17
| | | | | | | | This will be needed for the host variant of the fwup package. We enable zlib support since host-fwup needs it. All other features are explicitly disabled. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: add security patch for CVE-2016-1541Gustavo Zacarias2016-05-111-0/+71
| | | | | | | | | | | | Fixes: CVE-2016-1541 - heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked into processing a specially crafted ZIP file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libarchive: add optional support for bzip2Bernd Kuhls2016-02-201-0/+7
| | | | | | | | | | | | | | When bzip2 was compiled before, libarchive will use it as optional dependency: $ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libarchive.so.13.1.2 | grep NEEDED 0x00000001 (NEEDED) Shared library: [liblzma.so.5] 0x00000001 (NEEDED) Shared library: [libbz2.so.1.0] 0x00000001 (NEEDED) Shared library: [libz.so.1] 0x00000001 (NEEDED) Shared library: [libc.so.1] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: add hash and enable lzma supportNimai Mahajan2015-06-262-1/+9
| | | | | | | | | | Add libarchive hash. Enable lzma support. Both xz and lzma support are provided by the xz library. [Thomas: explicitly pass --with-lzma when xz is available.] Signed-off-by: Nimai Mahajan <nimaim@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSThomas Petazzoni2014-12-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-16/+16
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libarchive: avoid some tools to build statically on shared buildsVicente Olivert Riera2014-09-111-3/+21
| | | | | | | | | | | | | | Some libarchive tools, like bsdtar, builds statically by default although libarchive itself is being built dynamically. We can force those tools to build the same way as libarchive by using the right configure options. Fixes: http://autobuild.buildroot.net/results/b8f/b8f7a29787ea1cc5c98e4cbd5f47f257f9b306f2/ Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Romain Naour <romain.naour@openwide.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libarchive: bump to version 3.1.2Gustavo Zacarias2014-07-311-7/+52
| | | | | | | | | | Switch to proper upstream source. And account for many auto dependencies that were missing. Also fixes link issues: http://autobuild.buildroot.net/results/774/7747a043123e958952a16e0c0db823296c4e0594/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: use if/endif instead of 'depends on' for main symbolThomas De Schampheleire2013-12-251-4/+5
| | | | | | | | | | | | | | | | | | | | | | | In the Config.in file of package foo, it often happens that there are other symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense when foo itself is enabled. There are two ways to express this: with depends on BR2_PACKAGE_FOO in each extra symbol, or with if BR2_PACKAGE_FOO ... endif around the entire set of extra symbols. The if/endif approach avoids the repetition of 'depends on' statements on multiple symbols, so this is clearly preferred. But even when there is only one extra symbol, if/endif is a more logical choice: - it is future-proof for when extra symbols are added - it allows to have just one strategy instead of two (less confusion) This patch modifies the Config.in files accordingly. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: unify comments of toolchain option dependenciesThomas De Schampheleire2013-10-141-1/+1
| | | | | | | | This patch lines up the comments in Config.in files that clarify which toolchain options the package depends on. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: remove the default value of the $(PKG)_SOURCE variableJerzy Grzegorek2013-10-061-1/+0
| | | | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com) Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Normalize separator size to 80Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Remove description and url from headerAlexandre Belloni2013-06-061-1/+1
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Fix package headers to comply with coding styleAlexandre Belloni2013-06-061-0/+1
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: update to 3.0.4Tilman Keskinöz2013-03-302-3/+3
| | | | | | | Signed-off-by: Tilman Keskinöz <arved@arved.at> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove redundant INSTALL_TARGET=YES declarationsGustavo Zacarias2012-03-111-1/+0
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: bump versionPeter Korsgaard2012-02-231-1/+1
| | | | Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: remove useless arguments from AUTOTARGETSThomas Petazzoni2011-09-291-1/+1
| | | | | | | | | | Thanks to the pkgparentdir and pkgname functions, we can rewrite the AUTOTARGETS macro in a way that avoids the need for each package to repeat its name and the directory in which it is present. [Peter: pkgdir->pkgparentdir] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: add optional libxml2 supportPeter Korsgaard2011-07-101-1/+7
| | | | Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: bump to version 2.8.4Baruch Siach2011-07-101-1/+2
| | | | | | | | | The libxml2 dependency is new in this version, and does not behave nicely with cross compile. The configure script looks for the host xml2-config. Add '--disable-xml2' as a workaround for now. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: apply libtool patch where possiblePeter Korsgaard2011-02-171-1/+0
| | | | | | | | | | Now that we have libtool-2.2.x patch support, we can get rid of a bunch of _LIBTOOL_PATH = NO, fixing (potential) cross link issues. Notice: php not changed, as it uses a very old 1.5 version for the embedded sqlite, where our buildroot-libtool-v1.5.patch doesn't apply. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: add conditional dependency on zlibSven Neumann2009-10-231-0/+4
| | | | | | | | | If zlib is selected, then it should be built before libarchive so that libarchive picks up the headers and includes support for zlib compression. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive: make bsdtar and bsdcpio binaries configurableSven Neumann2009-10-202-0/+19
| | | | | | | | | libarchive comes with two binaries, bsdtar and bsdcpio that used to be installed by default. This change makes this configurable with the default not to build and install the binaries. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: Remove unnecessary dependencies on uclibc.Will Newton2009-09-031-2/+0
| | | | | | | | A C library will have been built by the toolchain makefiles, so there is no need for packages to explicitly depend on uclibc. Signed-off-by: Will Newton <will.newton@gmail.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* libarchive package addedDaniel Mack2009-09-022-0/+26
See http://code.google.com/p/libarchive/ [Peter: removed conditional target install, added wchar dependency] Signed-off-by: Daniel Mack <daniel@caiaq.de> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
OpenPOWER on IntegriCloud