Commit Graph

28 Commits

Author SHA1 Message Date
Gustavo Zacarias
25d5aebead libarchive: security bump to version 3.2.1
Fixes:
CVE-2016-4302 - Libarchive Rar RestartModel Code Execution Vulnerability
CVE-2016-4300 - Libarchive 7zip read_SubStreamsInfo Code Execution
Vulnerability
CVE-2016-4809 - Memory allocate error in corrupted cpio archives

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-23 21:13:15 +02:00
Frank Hunleth
c56bc9dcfa libarchive: bump to version 3.2.0
The CVE patch is now included in this release.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-20 22:29:48 +02:00
Thomas Petazzoni
02b93c2136 libarchive: add host variant
This will be needed for the host variant of the fwup package. We enable
zlib support since host-fwup needs it. All other features are explicitly
disabled.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-12 23:10:38 +02:00
Gustavo Zacarias
156633ace8 libarchive: add security patch for CVE-2016-1541
Fixes:
CVE-2016-1541 - heap-based buffer overflow vulnerability in the
zip_read_mac_metadata function in libarchive, a multi-format archive and
compression library, which may lead to the execution of arbitrary code
if a user or automated system is tricked into processing a specially
crafted ZIP file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-11 22:04:00 +02:00
Bernd Kuhls
67ce9dcb94 package/libarchive: add optional support for bzip2
When bzip2 was compiled before, libarchive will use it as optional
dependency:

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/lib/libarchive.so.13.1.2 | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [liblzma.so.5]
 0x00000001 (NEEDED)                     Shared library: [libbz2.so.1.0]
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.1]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-20 15:50:38 +01:00
Nimai Mahajan
eab1756c19 libarchive: add hash and enable lzma support
Add libarchive hash. Enable lzma support.
Both xz and lzma support are provided by the xz library.

[Thomas: explicitly pass --with-lzma when xz is available.]

Signed-off-by: Nimai Mahajan <nimaim@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-26 21:26:47 +02:00
Thomas Petazzoni
665e13c85e Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.

As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.

This also helps preparing the addition of other options to select
shared, shared+static or just static.

Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2014-12-11 22:48:13 +01:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Vicente Olivert Riera
9581d0d117 libarchive: avoid some tools to build statically on shared builds
Some libarchive tools, like bsdtar, builds statically by default
although libarchive itself is being built dynamically. We can force
those tools to build the same way as libarchive by using the right
configure options.

Fixes:
  http://autobuild.buildroot.net/results/b8f/b8f7a29787ea1cc5c98e4cbd5f47f257f9b306f2/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-11 22:50:47 +02:00
Gustavo Zacarias
dc6576e7ba libarchive: bump to version 3.1.2
Switch to proper upstream source.
And account for many auto dependencies that were missing.
Also fixes link issues:
http://autobuild.buildroot.net/results/774/7747a043123e958952a16e0c0db823296c4e0594/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 22:41:31 +02:00
Thomas De Schampheleire
35eaed8d07 Config.in files: use if/endif instead of 'depends on' for main symbol
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
    depends on BR2_PACKAGE_FOO
in each extra symbol, or with
    if BR2_PACKAGE_FOO
        ...
    endif
around the entire set of extra symbols.

The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)

This patch modifies the Config.in files accordingly.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 12:21:39 +01:00
Thomas De Schampheleire
66bb10b7b0 Config.in files: unify comments of toolchain option dependencies
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-14 22:45:57 +02:00
Jerzy Grzegorek
0e2e7c71d0 package: remove the default value of the $(PKG)_SOURCE variable
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Acked-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com)
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-06 21:52:19 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Alexandre Belloni
f2c2f25cef Remove description and url from header
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:00 +02:00
Alexandre Belloni
702704014d Fix package headers to comply with coding style
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 17:26:35 +02:00
Tilman Keskinöz
db5db3486f libarchive: update to 3.0.4
Signed-off-by: Tilman Keskinöz <arved@arved.at>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-30 20:44:58 +01:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
9ae23e3911 packages: remove redundant INSTALL_TARGET=YES declarations
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-11 22:30:33 +01:00
Peter Korsgaard
457d9c592f libarchive: bump version
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-02-23 23:19:53 +01:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Peter Korsgaard
9eb70889bc libarchive: add optional libxml2 support
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-07-10 20:15:54 +02:00
Baruch Siach
ec0b51648b libarchive: bump to version 2.8.4
The libxml2 dependency is new in this version, and does not behave nicely with
cross compile. The configure script looks for the host xml2-config. Add
'--disable-xml2' as a workaround for now.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-07-10 17:10:23 +02:00
Peter Korsgaard
0be744e495 package: apply libtool patch where possible
Now that we have libtool-2.2.x patch support, we can get rid of a bunch
of _LIBTOOL_PATH = NO, fixing (potential) cross link issues.

Notice: php not changed, as it uses a very old 1.5 version for the
embedded sqlite, where our buildroot-libtool-v1.5.patch doesn't apply.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-17 14:02:52 +01:00
Sven Neumann
dc5ae2c428 libarchive: add conditional dependency on zlib
If zlib is selected, then it should be built before libarchive so that
libarchive picks up the headers and includes support for zlib
compression.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-10-23 10:15:11 +02:00
Sven Neumann
683a964c8f libarchive: make bsdtar and bsdcpio binaries configurable
libarchive comes with two binaries, bsdtar and bsdcpio that used
to be installed by default. This change makes this configurable
with the default not to build and install the binaries.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-10-20 22:37:49 +02:00
Will Newton
422ce6536b package: Remove unnecessary dependencies on uclibc.
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.

Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-03 20:22:38 +02:00
Daniel Mack
32518793e1 libarchive package added
See http://code.google.com/p/libarchive/

[Peter: removed conditional target install, added wchar dependency]

Signed-off-by: Daniel Mack <daniel@caiaq.de>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-02 10:00:51 +02:00