summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip
Commit message (Collapse)AuthorAgeFilesLines
* unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea2015-12-083-0/+71
| | | | | | | | | | | | | | | | CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 (From OE-Core rev: 458d877590bcd39c7f05d31cc6e7600ca59de332) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: drop 12-cve-2014-9636-test-compr-eb.patchRoy Li2015-07-082-46/+0
| | | | | | | | | | | | 12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23) (From OE-Core rev: 0a849983d066cd1beee64cef94b2c8421275b45c) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix four CVE defectsRoy Li2015-07-085-0/+278
| | | | | | | | | | | | | | Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix: cve-2014-8139 cve-2014-8140 cve-2014-8141 cve-2014-9636 (From OE-Core rev: 2bf9165f5db5edd946a064dc5e877f97817dbae0) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315Roy Li2015-06-283-1/+451
| | | | | | | | | | | | | | | | | | | | | | | | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. (From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802) (From OE-Core rev: d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Add ALTERNATIVE configurationSaul Wold2015-03-201-0/+7
| | | | | | | | | | | | | Since busybox also provides the unzip command use the update-alternatives mechanism to address this. [YOCTO #7446] (From OE-Core rev: 3e6654f7b7f8e0e18c8115513410ecb308a0ad5f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Pass LDFLAGS to the linkerMikhail Durnev2014-01-292-2/+21
| | | | | | | | | Change Makefile to use LDFLAGS (From OE-Core rev: 4f211322eb1179db62c03616b4c113114c612cf8) Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-021-1/+1
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: pay some attention to our CFLAGSJoe Slater2012-11-241-2/+7
| | | | | | | | | | | | Makefile makes use of CFLAGS_NOOPT. If we set that when calling make we can enable options like -g. The Makefile will override any optimization to -O3. (From OE-Core rev: 7f26794dc9f2e78ee8aed1e23752acb709345c6f) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-extended: replace virtclass-native(sdk) with class-native(sdk)Robert Yang2012-11-021-1/+1
| | | | | | | | | | | | | The overrides virtclass-native and virtclass-nativesdk are deprecated, which should be replaced by class-native and class-nativesdk. [YOCTO #3297] (From OE-Core rev: 528b4ab831c7b0bc1412318d29e2b7f9cf711d57) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Fix unpackaged files warningsRichard Purdie2012-03-161-1/+2
| | | | | | | | | WARNING: For recipe unzip, the following files/directories were installed but not shipped in any package: WARNING: /usr/man (From OE-Core rev: c07c236056ef5b2fe462c3025ac41bd618a62542) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Patch Upstream Status UpdatesSaul Wold2011-12-151-0/+2
| | | | | | | (From OE-Core rev: 0eb139619301d0efee330932eba3617dcb39284e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* OECore license fixes: meta/*Elizabeth Flanagan2011-12-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a quick audit of only the most obviously wrong licenses found within OECore. These fixes fall into four areas: - LICENSE field had incorrect format so that the parser choked - LICENSE field has a license with no version - LICENSE field was actually incorrect - LICENSE field has an imaginary license that didn't exist This fixes most of the LICENSE warnings thrown, along with my prior commit adding additional licenses to common-licenses and additional SPDXLICENSEMAP entries. HOWEVER..... there is much to be done on the license front. For a list of recipes with licenses that need obvious fixing see: https://wiki.yoctoproject.org/wiki/License_Audit That said, I would suggest another license audit as I've found enough inconsistencies. A good suggestion is when in doubt, look at how openSuse or Gentoo or Debian license the package. (From OE-Core rev: 3083dd70b3a9fa01fcc3cf00373b05502505996e) Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Avoid stripping binariesMark Hatle2011-06-232-2/+53
| | | | | | | | | | Not only do we have to override things on the make line, but we need to hack on configure as well to avoid certain behavior. (From OE-Core rev: 97a6bf1787995f15c8033bd26bdbe50c7efbbcfd) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* SRC_URI Checksums AdditionalsSaul Wold2010-12-091-0/+3
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* packages: Separate out most of the remaining packages into recipesRichard Purdie2010-09-011-0/+25
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
OpenPOWER on IntegriCloud