diff options
author | Huang Qiyu <huangqy.fnst@cn.fujitsu.com> | 2018-01-31 16:56:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-06 11:06:28 +0000 |
commit | 1bd9013c31c38c0fbfe35aa548acd3cb3ca1ce0b (patch) | |
tree | 0898e086c1d3d0663c137f6c753a41d524e1228e /meta/recipes-extended | |
parent | 475a6187dc4a2b138a652cd54592406f509d37bc (diff) | |
download | poky-1bd9013c31c38c0fbfe35aa548acd3cb3ca1ce0b.tar.gz |
tar: 1.29 -> 1.30
1.Upgrade tar from 1.29 to 1.30.
2.Modify musl_dirent.patch, since the data has been changed.
3.Delete CVE-2016-6321.patch, since it is integrated upstream.
(From OE-Core rev: 9dc417ef8f94b51140fe2befcd492f6ea9726a4a)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/tar/tar/CVE-2016-6321.patch | 66 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar/musl_dirent.patch | 4 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar_1.30.bb (renamed from meta/recipes-extended/tar/tar_1.29.bb) | 5 |
3 files changed, 4 insertions, 71 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2016-6321.patch b/meta/recipes-extended/tar/tar/CVE-2016-6321.patch deleted file mode 100644 index 6d35bcc513..0000000000 --- a/meta/recipes-extended/tar/tar/CVE-2016-6321.patch +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> | ||
3 | Date: Sat, 29 Oct 2016 21:04:40 -0700 | ||
4 | Subject: [PATCH] When extracting, skip ".." members | ||
5 | |||
6 | * NEWS: Document this. | ||
7 | * src/extract.c (extract_archive): Skip members whose names | ||
8 | contain "..". | ||
9 | |||
10 | CVE: CVE-2016-6321 | ||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Cherry picked from commit: 7340f67 When extracting, skip ".." members | ||
14 | |||
15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
16 | --- | ||
17 | NEWS | 8 +++++++- | ||
18 | src/extract.c | 8 ++++++++ | ||
19 | 2 files changed, 15 insertions(+), 1 deletion(-) | ||
20 | |||
21 | diff --git a/NEWS b/NEWS | ||
22 | index 501164a..fc97cfc 100644 | ||
23 | --- a/NEWS | ||
24 | +++ b/NEWS | ||
25 | @@ -1,6 +1,12 @@ | ||
26 | -GNU tar NEWS - User visible changes. 2016-05-16 | ||
27 | +GNU tar NEWS - User visible changes. 2016-10-29 | ||
28 | Please send GNU tar bug reports to <bug-tar@gnu.org> | ||
29 | |||
30 | +* Member names containing '..' components are now skipped when extracting. | ||
31 | + | ||
32 | +This fixes tar's behavior to match its documentation, and is a bit | ||
33 | +safer when extracting untrusted archives over old files (an unsafe | ||
34 | +practice that the tar manual has long recommended against). | ||
35 | + | ||
36 | |||
37 | version 1.29 - Sergey Poznyakoff, 2016-05-16 | ||
38 | |||
39 | diff --git a/src/extract.c b/src/extract.c | ||
40 | index f982433..7904148 100644 | ||
41 | --- a/src/extract.c | ||
42 | +++ b/src/extract.c | ||
43 | @@ -1629,12 +1629,20 @@ extract_archive (void) | ||
44 | { | ||
45 | char typeflag; | ||
46 | tar_extractor_t fun; | ||
47 | + bool skip_dotdot_name; | ||
48 | |||
49 | fatal_exit_hook = extract_finish; | ||
50 | |||
51 | set_next_block_after (current_header); | ||
52 | |||
53 | + skip_dotdot_name = (!absolute_names_option | ||
54 | + && contains_dot_dot (current_stat_info.orig_file_name)); | ||
55 | + if (skip_dotdot_name) | ||
56 | + ERROR ((0, 0, _("%s: Member name contains '..'"), | ||
57 | + quotearg_colon (current_stat_info.orig_file_name))); | ||
58 | + | ||
59 | if (!current_stat_info.file_name[0] | ||
60 | + || skip_dotdot_name | ||
61 | || (interactive_option | ||
62 | && !confirm ("extract", current_stat_info.file_name))) | ||
63 | { | ||
64 | -- | ||
65 | 1.9.1 | ||
66 | |||
diff --git a/meta/recipes-extended/tar/tar/musl_dirent.patch b/meta/recipes-extended/tar/tar/musl_dirent.patch index b0dc16c3dd..2d98ed1310 100644 --- a/meta/recipes-extended/tar/tar/musl_dirent.patch +++ b/meta/recipes-extended/tar/tar/musl_dirent.patch | |||
@@ -14,6 +14,6 @@ Index: tar-1.28/m4/d-ino.m4 | |||
14 | - linux*-gnu*) gl_cv_struct_dirent_d_ino="guessing yes" ;; | 14 | - linux*-gnu*) gl_cv_struct_dirent_d_ino="guessing yes" ;; |
15 | + linux*-gnu*|linux*-musl*) | 15 | + linux*-gnu*|linux*-musl*) |
16 | + gl_cv_struct_dirent_d_ino="guessing yes" ;; | 16 | + gl_cv_struct_dirent_d_ino="guessing yes" ;; |
17 | # Guess no on native Windows. | ||
18 | mingw*) gl_cv_struct_dirent_d_ino="guessing no" ;; | ||
17 | # If we don't know, assume the worst. | 19 | # If we don't know, assume the worst. |
18 | *) gl_cv_struct_dirent_d_ino="guessing no" ;; | ||
19 | esac | ||
diff --git a/meta/recipes-extended/tar/tar_1.29.bb b/meta/recipes-extended/tar/tar_1.30.bb index f22d9c9388..e743a6d0d0 100644 --- a/meta/recipes-extended/tar/tar_1.29.bb +++ b/meta/recipes-extended/tar/tar_1.30.bb | |||
@@ -8,10 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | |||
8 | 8 | ||
9 | SRC_URI += "file://remove-gets.patch \ | 9 | SRC_URI += "file://remove-gets.patch \ |
10 | file://musl_dirent.patch \ | 10 | file://musl_dirent.patch \ |
11 | file://CVE-2016-6321.patch \ | ||
12 | " | 11 | " |
13 | SRC_URI[md5sum] = "955cd533955acb1804b83fd70218da51" | 12 | SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65" |
14 | SRC_URI[sha256sum] = "236b11190c0a3a6885bdb8d61424f2b36a5872869aa3f7f695dea4b4843ae2f2" | 13 | SRC_URI[sha256sum] = "87592b86cb037c554375f5868bdd3cc57748aef38d6cb741c81065f0beac63b7" |
15 | 14 | ||
16 | do_install_append_libc-musl() { | 15 | do_install_append_libc-musl() { |
17 | rm -f ${D}${libdir}/charset.alias | 16 | rm -f ${D}${libdir}/charset.alias |