mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-21 22:53:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb0a4eb7a8aa94deffd46c4611175dee4ffe2d07
poky/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
Hugo SIMELIERE (Schneider Electric) 5bfb71633f libarchive: Fix CVE-2026-4424 
Pick patches from [1] and [2] as mentioned in Debian report in [3].

[1] d379dc0b29
[2] e1907c5832
[3] https://security-tracker.debian.org/tracker/CVE-2026-4424

(From OE-Core rev: 7fa280872275e194152cc2d355ad39c81a477d50)

Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com>
Reviewed-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-10 14:35:20 +01:00

85 lines
3.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "Support for reading various archive formats"
DESCRIPTION = "C library and command-line tools for reading and writing tar, cpio, zip, ISO, and other archive formats"
HOMEPAGE = "http://www.libarchive.org/"
SECTION = "devel"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
DEPENDS = "e2fsprogs-native"
PACKAGECONFIG ?= "zlib bz2 xz zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}"
DEPENDS_BZIP2 = "bzip2-replacement-native"
DEPENDS_BZIP2:class-target = "bzip2"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib,"
PACKAGECONFIG[bz2] = "--with-bz2lib,--without-bz2lib,${DEPENDS_BZIP2},"
PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz,"
PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl,"
PACKAGECONFIG[libb2] = "--with-libb2,--without-libb2,libb2,"
PACKAGECONFIG[libxml2] = "--with-xml2,--without-xml2,libxml2,"
PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat,"
PACKAGECONFIG[lzo] = "--with-lzo2,--without-lzo2,lzo,"
PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"
PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
EXTRA_OECONF += "--enable-largefile --without-iconv"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://configurehack.patch \
file://CVE-2025-5914.patch \
file://CVE-2025-5915.patch \
file://CVE-2025-5916.patch \
file://CVE-2025-5917.patch \
file://CVE-2025-5918-0001.patch \
file://CVE-2025-5918-0002.patch \
file://CVE-2025-5918-0003.patch \
file://0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
file://CVE-2025-60753-01.patch \
file://CVE-2025-60753-02.patch \
file://CVE-2026-4111-1.patch \
file://CVE-2026-4111-2.patch \
file://CVE-2026-4426.patch \
file://CVE-2026-4424-1.patch \
file://CVE-2026-4424-2.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
SRC_URI[sha256sum] = "aa90732c5a6bdda52fda2ad468ac98d75be981c15dde263d7b5cf6af66fd009f"
inherit autotools update-alternatives pkgconfig
CPPFLAGS += "-I${WORKDIR}/extra-includes"
do_configure[cleandirs] += "${WORKDIR}/extra-includes"
do_configure:prepend() {
# We just need the headers for some type constants, so no need to
# build all of e2fsprogs for the target
cp -R ${STAGING_INCDIR_NATIVE}/ext2fs ${WORKDIR}/extra-includes/
}
ALTERNATIVE_PRIORITY = "80"
PACKAGES =+ "bsdtar"
FILES:bsdtar = "${bindir}/bsdtar"
ALTERNATIVE:bsdtar = "tar"
ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar"
ALTERNATIVE_TARGET[tar] = "${bindir}/bsdtar"
PACKAGES =+ "bsdcpio"
FILES:bsdcpio = "${bindir}/bsdcpio"
ALTERNATIVE:bsdcpio = "cpio"
ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
ALTERNATIVE_TARGET[cpio] = "${bindir}/bsdcpio"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink