summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cpio/cpio_2.12.bb
Commit message (Collapse)AuthorAgeFilesLines
* cpio: update to 2.13Alexander Kanavin2019-12-161-51/+0
| | | | | | | | | Drop a couple of backports. (From OE-Core rev: 66f3b09364c499d9b0610f7c01763ae5dc1521cf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid ↵Hongxu Jia2019-05-081-3/+3
| | | | | | | | | | | | | | | | | | native clashing The rmt in cpio-native and tar-native is clashing, since tar-native has set var-NATIVE_PACKAGE_PATH_SUFFIX, we move rmt to sbindir, and add suffix NATIVE_PACKAGE_PATH_SUFFIX to sbindir could avoid the clashing. And in Ubuntu, rmt is in sbindir $ which rmt /usr/sbin/rmt (From OE-Core rev: e9ac5ac2f4d135734f549d17cce3ebc52132b7d0) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: avoid conflict with tar-doc and rmt.8Mark Asselstine2019-02-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes: Error: Transaction check error: file /usr/share/man/man8/rmt.8 conflicts between attempted installs of cpio-doc-2.12-r0.core2_64 and tar-doc-1.31-r0.core2_64 Prior to commit 348a96a5b401 [tar: upgrade to 1.31] the copies of rmt.8 found in the tar(-doc) and cpio(-doc) packages were the same and thus no conflict was seen. After the upgrade there were small changes in the manpage header which results in the conflict quoted above. The applications themselves make use of the 'update-alternatives' mechanism to allow a user to select which version of 'rmt' to use but since the man pages are essentially the same we disambiguate the source of the man pages and make them both available should both cpio-doc and tar-doc are both installed. And as such we avoid the conflict. (From OE-Core rev: 692d5b1025450bf1c33fb6aa041603f082e2ba4d) Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix crash when appending to archivesRoss Burton2018-12-011-0/+1
| | | | | | | | | | | The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory bug when appending to an existing archive, which is an operation we perform when building an image. (From OE-Core rev: 046e3e1fca925febf47b3fdd5d4e9ee2e1fad868) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix CVE-2016-2037Andre McCurdy2018-06-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file." https://nvd.nist.gov/vuln/detail/CVE-2016-2037 Note that there appear to be two versions of this fix. The original patch posted to the bug-cpio mailing list [1] is used by Debian [2], but apparently causes regression [3]. The patch accepted to the upstream git repo [4] seems to be the most complete fix. [1] https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html [2] https://security-tracker.debian.org/tracker/CVE-2016-2037 [3] https://www.mail-archive.com/bug-cpio@gnu.org/msg00584.html [4] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b (From OE-Core rev: f170288ac706126e69a504a14d564b2e5c3513e4) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: rely on texinfo.bbclass for texinfo-native dependencyAndre McCurdy2018-06-151-2/+0
| | | | | | | | (From OE-Core rev: 7dad119dd0ee82b14a82b2a0b5a89f790e3bc007) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: move contents of cpio_v2.inc into the cpio recipeAndre McCurdy2018-06-151-2/+38
| | | | | | | | | | Merge contents of cpio_v2.inc into the only recipe which uses it. (From OE-Core rev: 162ff3871779d646dadc7e7287f4667641d6e612) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: use require instead of include when file should existPaul Eggleton2017-01-091-1/+1
| | | | | | | | | | | | If the file is expected to exist, then we should always be using require so that if it doesn't we get an error rather than some other more obscure failure later on. (From OE-Core rev: 603ae6eb487489e65da69c68e532cb767ccc1fc2) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: update to 2.12Alexander Kanavin2015-12-161-0/+12
Drop backported patches: Fix-symlink-bad-length-test-for-64-bit-architectures.patch fix-memory-overrun.patch fix-testcase-symlink-bad-lengths.patch 0001-fix-testcase-of-symlink-bad-length.patch statdef.patch is fixing code that doesn't exist anymore. The problem handled by remove-gets.patch has been fixed differently. The CVE-2015-1197 has been ignored by upstream and had to be rebased: http://lists.gnu.org/archive/html/bug-cpio/2015-09/msg00007.html (From OE-Core rev: feeaa86eb8b1071d56eb6d7ad7120aa389c736a0) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-24 02:51:50 +0000