buildroot/package/libzip/libzip.hash, branch 2018.02

libzip: update legal hash for 1.4.0

2018-01-06T08:25:05+00:00

The copyright was updated in the LICENSES file Fixes (one of many): http://autobuild.buildroot.net/results/a64/a64ddf630aa44c7b0353f5a6818beffd20712615/ Signed-off-by: Matthew Weber Signed-off-by: Peter Korsgaard

libzip: bump to version 1.4.0

2018-01-05T15:16:39+00:00

Upstream switched to cmake. Add upstream patch that removes run of target binary on the host. Cc: Bartosz Golaszewski Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

libzip: security bump to version 1.3.0

2017-09-08T09:16:56+00:00

Fixes the following security issues: CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. For more details, see https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/ https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ libzip-1.3.0 also adds optional bzip2 support, so handle that. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard

libzip: bump version to 1.2.0

2017-07-01T22:43:31+00:00

It's a major release, but the API seems to be mostly backwards-compatible. The only package depending on this library in buildroot is libsigrok and it builds fine. Signed-off-by: Bartosz Golaszewski Signed-off-by: Thomas Petazzoni

libzip: add hash file

2015-07-28T20:32:57+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni