Commit Graph

24 Commits

Author SHA1 Message Date
Fabrice Fontaine
a03fbb4fa9 package/libzip: add LIBZIP_CPE_ID_VENDOR
cpe:2.3🅰️libzip:libzip is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibzip%3Alibzip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-17 14:53:34 +01:00
Paul Cercueil
0e3febb75f package/libzip: add patch from upstream to fix build
Cherry-pick a patch from upstream project that fixes the build when used
with a uClibc based toolchain.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-05 09:16:50 +02:00
Fabrice Fontaine
14b3bb2572 package/libzip: fix build with cmake < 3.16
Fixes:
 - http://autobuild.buildroot.org/results/7e996aebafa4c690ff130b7d18e5b09c7b255829

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-07-25 13:01:07 +02:00
Fabrice Fontaine
e2cfc784b7 package/libzip: add mbedtls optional dependency
mbedtls is available (and enabled by default) since version 1.5.2 and
8e01a4fe8f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-21 09:32:04 +02:00
Fabrice Fontaine
016916e6e2 package/libzip: use ENABLE_BZIP2
Use ENABLE_BZIP2 option which is available since version 1.5.2 and
028c492c9d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-21 09:31:52 +02:00
Bernd Kuhls
8a61f45137 package/libzip: bump version to 1.7.3
Release notes: https://libzip.org/news/

Updated license hash due to copyright year bump:
40098f0445

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-20 18:03:28 +02:00
Pierre-Jean Texier
92b6d09198 package/libzip: bump to version 1.7.1
See https://github.com/nih-at/libzip/releases

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-06-14 18:29:08 +02:00
Bernd Kuhls
947dea9308 package/libzip: bump version to 1.6.1
Use new upstream URL libzip.org.

Add optional dependency to liblzma introduced with version 1.6.0:
https://libzip.org/news/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-20 23:22:27 +02:00
Fabrice Fontaine
b8cf282fa0 package/libzip: fix build with musl-fts
Fixes:
 - http://autobuild.buildroot.org/results/89f5fc111bb8bcecbe05ab79d62ac809094b6ce1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-10-11 22:06:15 +02:00
Jörg Krause
a52b620976 package/libzip: add host variant
The updated host mfgtool package needs the host variant of libzip.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-05-01 14:44:08 +02:00
Jörg Krause
12227863eb package/libzip: bump to version 1.5.2
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 19:58:59 +02:00
Fabrice Fontaine
d5d1df1ba7 libzip: add optional gnutls support
gnutls support has been added since version 1.5.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-07-08 12:17:45 +02:00
Fabrice Fontaine
975dedc753 libzip: add optional openssl support
openssl support has been added since version 1.5.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-07-08 12:17:45 +02:00
Fabrice Fontaine
d1972e13dd libzip: bump to version 1.5.1
- Remove patch (already in version)
- Update hash of license file: AES section has been removed:
  303fde909f
  The AES section was BSD-3-Clause as well, so nothing changes in
  LIBZIP_LICENSE.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-07-08 12:17:03 +02:00
Matt Weber
13f554f530 libzip: update legal hash for 1.4.0
The copyright was updated in the LICENSES file

Fixes (one of many):
http://autobuild.buildroot.net/results/a64/a64ddf630aa44c7b0353f5a6818beffd20712615/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-06 09:25:05 +01:00
Baruch Siach
b7da7469de libzip: bump to version 1.4.0
Upstream switched to cmake.

Add upstream patch that removes run of target binary on the host.

Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-05 16:16:39 +01:00
Peter Korsgaard
f77fb7b585 libzip: security bump to version 1.3.0
Fixes the following security issues:

CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function
in zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.

CVE-2017-14107: The _zip_read_eocd64 function in zip_open.c in libzip before
1.3.0 mishandles EOCD records, which allows remote attackers to cause a
denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.

For more details, see
https://blogs.gentoo.org/ago/2017/09/01/libzip-use-after-free-in-_zip_buffer_free-zip_buffer-c/
https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/

libzip-1.3.0 also adds optional bzip2 support, so handle that.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-09-08 11:16:56 +02:00
Adam Duskett
5dccd7249e package/lib*: fix wrapping of Config.in help text
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
lib in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-31 19:10:08 +02:00
Bartosz Golaszewski
7d9d406832 libzip: depend on !BR2_STATIC_LIBS
Since version 1.2.0 libzip requires dynamic library capabilities. Add
it to Config.in and propagate this dependency to packages selecting
libzip.

Fixes:

  http://autobuild.buildroot.net/results/c50ffa5bf565e75333192edc89e2d39044d07f26/

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 11:35:51 +02:00
Bartosz Golaszewski
7b846fc07f libzip: bump version to 1.2.0
It's a major release, but the API seems to be mostly
backwards-compatible. The only package depending on this library in
buildroot is libsigrok and it builds fine.

Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 00:43:31 +02:00
Rahul Bedarkar
9f59b378a3 boot, package: use SPDX short identifier for BSD-3c
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-3c is BSD-3-Clause.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:26:57 +02:00
Gustavo Zacarias
7ccf520d1c libzip: add hash file
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-28 22:32:57 +02:00
Luca Ceresoli
b0b9606530 Remove trailing slash from all package site URLs
The recommended form is without the trailing slash. Buildroot will add a slash
between FOO_SITE and FOO_SOURCE as appropriate.

Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-10 20:40:08 +01:00
Bartosz Golaszewski
083f853801 libzip: new package
[Peter: license is BSD-3c]
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-01 00:21:10 +01:00