mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity
Files
styhead
poky/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
T
Hitendra Prajapati f2609a2f16 libarchive: fix CVE-2024-48957 & CVE-2024-48958 
Backport fixes for:

* CVE-2024-48957 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
* CVE-2024-48958 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7

(From OE-Core rev: 8b520c3cea136591128f6601718c23334afd7a55)

(From OE-Core rev: 4f6a2eea1476bc7be1d55b6b6051c4b65d4d97fa)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-12-17 12:58:10 -08:00

71 lines
2.6 KiB
BlitzBasic
Raw Permalink Blame History

SUMMARY = "Support for reading various archive formats"
DESCRIPTION = "C library and command-line tools for reading and writing tar, cpio, zip, ISO, and other archive formats"
HOMEPAGE = "http://www.libarchive.org/"
SECTION = "devel"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
DEPENDS = "e2fsprogs-native"
PACKAGECONFIG ?= "zlib bz2 xz zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}"
DEPENDS_BZIP2 = "bzip2-replacement-native"
DEPENDS_BZIP2:class-target = "bzip2"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib,"
PACKAGECONFIG[bz2] = "--with-bz2lib,--without-bz2lib,${DEPENDS_BZIP2},"
PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz,"
PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl,"
PACKAGECONFIG[libb2] = "--with-libb2,--without-libb2,libb2,"
PACKAGECONFIG[libxml2] = "--with-xml2,--without-xml2,libxml2,"
PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat,"
PACKAGECONFIG[lzo] = "--with-lzo2,--without-lzo2,lzo,"
PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"
PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
EXTRA_OECONF += "--enable-largefile --without-iconv"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
SRC_URI += "file://configurehack.patch \
file://CVE-2024-48957.patch \
file://CVE-2024-48958.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"
CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"
inherit autotools update-alternatives pkgconfig
CPPFLAGS += "-I${WORKDIR}/extra-includes"
do_configure[cleandirs] += "${WORKDIR}/extra-includes"
do_configure:prepend() {
# We just need the headers for some type constants, so no need to
# build all of e2fsprogs for the target
cp -R ${STAGING_INCDIR_NATIVE}/ext2fs ${WORKDIR}/extra-includes/
}
ALTERNATIVE_PRIORITY = "80"
PACKAGES =+ "bsdtar"
FILES:bsdtar = "${bindir}/bsdtar"
ALTERNATIVE:bsdtar = "tar"
ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar"
ALTERNATIVE_TARGET[tar] = "${bindir}/bsdtar"
PACKAGES =+ "bsdcpio"
FILES:bsdcpio = "${bindir}/bsdcpio"
ALTERNATIVE:bsdcpio = "cpio"
ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
ALTERNATIVE_TARGET[cpio] = "${bindir}/bsdcpio"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink