summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cpio
Commit message (Collapse)AuthorAgeFilesLines
* cpio: remove unused CVE patchChangqing Li2019-12-302-179/+0
| | | | | | | | | | | According to the home page, https://www.gnu.org/software/cpio/, CVE-2015-1197 have been fix in version 2.13, so removed this patch get from SUSE (From OE-Core rev: 6e37b0cba0d59e020ed031659aa050ce4e7c4ccd) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: update to 2.13Alexander Kanavin2019-12-165-401/+2
| | | | | | | | | Drop a couple of backports. (From OE-Core rev: 66f3b09364c499d9b0610f7c01763ae5dc1521cf) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid ↵Hongxu Jia2019-05-081-3/+3
| | | | | | | | | | | | | | | | | | native clashing The rmt in cpio-native and tar-native is clashing, since tar-native has set var-NATIVE_PACKAGE_PATH_SUFFIX, we move rmt to sbindir, and add suffix NATIVE_PACKAGE_PATH_SUFFIX to sbindir could avoid the clashing. And in Ubuntu, rmt is in sbindir $ which rmt /usr/sbin/rmt (From OE-Core rev: e9ac5ac2f4d135734f549d17cce3ebc52132b7d0) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: avoid conflict with tar-doc and rmt.8Mark Asselstine2019-02-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes: Error: Transaction check error: file /usr/share/man/man8/rmt.8 conflicts between attempted installs of cpio-doc-2.12-r0.core2_64 and tar-doc-1.31-r0.core2_64 Prior to commit 348a96a5b401 [tar: upgrade to 1.31] the copies of rmt.8 found in the tar(-doc) and cpio(-doc) packages were the same and thus no conflict was seen. After the upgrade there were small changes in the manpage header which results in the conflict quoted above. The applications themselves make use of the 'update-alternatives' mechanism to allow a user to select which version of 'rmt' to use but since the man pages are essentially the same we disambiguate the source of the man pages and make them both available should both cpio-doc and tar-doc are both installed. And as such we avoid the conflict. (From OE-Core rev: 692d5b1025450bf1c33fb6aa041603f082e2ba4d) Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: update patch to merged versionRoss Burton2018-12-051-68/+32
| | | | | | | | | | The segfault on append was fixed upstream with a different patch, so apply that instead. (From OE-Core rev: 24000d1fdba2684202e15371f80bb385722c9d91) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix crash when appending to archivesRoss Burton2018-12-012-0/+88
| | | | | | | | | | | The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory bug when appending to an existing archive, which is an operation we perform when building an image. (From OE-Core rev: 046e3e1fca925febf47b3fdd5d4e9ee2e1fad868) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix CVE-2016-2037Andre McCurdy2018-06-152-0/+347
| | | | | | | | | | | | | | | | | | | | | | | | "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file." https://nvd.nist.gov/vuln/detail/CVE-2016-2037 Note that there appear to be two versions of this fix. The original patch posted to the bug-cpio mailing list [1] is used by Debian [2], but apparently causes regression [3]. The patch accepted to the upstream git repo [4] seems to be the most complete fix. [1] https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html [2] https://security-tracker.debian.org/tracker/CVE-2016-2037 [3] https://www.mail-archive.com/bug-cpio@gnu.org/msg00584.html [4] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b (From OE-Core rev: f170288ac706126e69a504a14d564b2e5c3513e4) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: rely on texinfo.bbclass for texinfo-native dependencyAndre McCurdy2018-06-151-2/+0
| | | | | | | | (From OE-Core rev: 7dad119dd0ee82b14a82b2a0b5a89f790e3bc007) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: move contents of cpio_v2.inc into the cpio recipeAndre McCurdy2018-06-152-45/+38
| | | | | | | | | | Merge contents of cpio_v2.inc into the only recipe which uses it. (From OE-Core rev: 162ff3871779d646dadc7e7287f4667641d6e612) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5Richard Purdie2017-03-075-308/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: use require instead of include when file should existPaul Eggleton2017-01-091-1/+1
| | | | | | | | | | | | If the file is expected to exist, then we should always be using require so that if it doesn't we get an error rather than some other more obscure failure later on. (From OE-Core rev: 603ae6eb487489e65da69c68e532cb767ccc1fc2) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Add native variantMariano Lopez2016-05-301-0/+2
| | | | | | | | (From OE-Core rev: fb3457a454b045abf1fa6b560b8f96257a4405c1) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add "CVE:" tag to current patches in OE-coreMariano Lopez2016-01-112-0/+2
| | | | | | | | | | | | | | The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. (From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: update to 2.12Alexander Kanavin2015-12-1612-443/+78
| | | | | | | | | | | | | | | | | | | | Drop backported patches: Fix-symlink-bad-length-test-for-64-bit-architectures.patch fix-memory-overrun.patch fix-testcase-symlink-bad-lengths.patch 0001-fix-testcase-of-symlink-bad-length.patch statdef.patch is fixing code that doesn't exist anymore. The problem handled by remove-gets.patch has been fixed differently. The CVE-2015-1197 has been ignored by upstream and had to be rebased: http://lists.gnu.org/archive/html/bug-cpio/2015-09/msg00007.html (From OE-Core rev: feeaa86eb8b1071d56eb6d7ad7120aa389c736a0) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix test case of symlink-bad-lengthChen Qi2015-12-122-0/+58
| | | | | | | | (From OE-Core rev: 7e2f2bc55a1b367503ab75ac6863f56d662c34cc) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix testcase symlink-bad-lengths [ LIN8-947 ]Jun Zhang2015-11-162-0/+34
| | | | | | | | | | * fix the output of stderr & stdout to meet latest cpio (From OE-Core rev: 80d12c734ad0c1d86ee5b0c6639c4e840dc6dfad) Signed-off-by: Jun Zhang <jun.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Fix symlink-bad-length test for 64-bit [ LIN8-947 ] architectures.Jun Zhang2015-11-162-0/+37
| | | | | | | | | | | | | * src/util.c: Return non-zero exit code if EOF is hit prematurely. Backport commit: http://git.savannah.gnu.org/cgit/cpio.git/commit/src/util.c?id=f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 (From OE-Core rev: 21c9952d269ef2d76c0f8698642cbce8f7d5f796) Signed-off-by: Jun Zhang <jun.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix install if bindir == base_bindirDominic Sacré2015-09-231-3/+5
| | | | | | | | | | | | Don't try to move binaries onto themselves if ${bindir} and ${base_bindir} are the same, as is the case on systems with a merged /usr directory. (From OE-Core rev: 29e4d21a7101428ac44e60411883952b041fcbc1) Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix Upstream-Status statementsRoss Burton2015-09-121-1/+1
| | | | | | | | | | Fix a variety of problems such as typos, bad punctuations, or incorrect Upstream-Status values. (From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Fix charset.alias for muslKhem Raj2015-04-212-1/+32
| | | | | | | | | | This is same gnulib fix replicated across needed recipes Change-Id: I756713407111a726eae98e26c9c1ff64981371c0 (From OE-Core rev: fbe6d2c12aa9f7956bc87efeb68cb64b26b60c7a) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix CVE-2015-1197Robert Yang2015-03-312-1/+156
| | | | | | | | | | | | | | | | | | | Additional directory traversal vulnerability via symlinks cpio CVE-2015-1197 Initial report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669 Upstream report: https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html And fix the indent in SRC_URI. [YOCTO #7182] (From OE-Core rev: af18ce070bd1c73f3619d6370928fe7e2e06ff5e) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix bug CVE-2014-9112 for cpio-2.11Bian Naimeng2014-12-112-1/+222
| | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 9a32da05f5a9bc62c592fd2d6057dc052e363261) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix bug CVE-2014-9112 for cpio-2.8Bian Naimeng2014-12-112-3/+221
| | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 732fc8de55a9c7987608162879959c03423de907) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add texinfo.bbclass; recipes that use texinfo utils at build-time inherit it.Max Eliaser2014-05-021-1/+1
| | | | | | | | | | | | | The class itself currently does nothing. The idea is to mark all recipes that make use of the texinfo utilities. In the future, this class could be used to suppress the generation/formatting of documentation for performance, explicitly track dependencies on these utilities, and eliminate Yocto's current dependency on the host system's texinfo utilities. (From OE-Core rev: e6fb2f9afe2ba6b676c46d1eb297ca9cc532d405) Signed-off-by: Max Eliaser <max.eliaser@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Split RMT from cpioMark Hatle2012-12-063-4/+11
| | | | | | | | | | | | After the recent change of the libexecdir definition, the update-alternatives for the libexec rmt broke. Fix this by moving rmt from libexec to /sbin. Also split the rmt app from cpio as it's likely not useful to many users. (From OE-Core rev: 487d58a98cd9fe4b368f0e7d119f8ff7ac852781) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub,guile,cpio,tar,wget: Fix gnulib for absense of gets in eglibcKhem Raj2012-07-172-1/+24
| | | | | | | | | | eglibc 2.16 does not export gets anymore (From OE-Core rev: 497d8d82b8e7e04a457a7fdd689c657903218c0d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: use new update-alternativesMark Hatle2012-05-303-21/+12
| | | | | | | (From OE-Core rev: 6dee3050a4a0c4f3cc9fec23a0bc02155d680863) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Fix unpackaged files warningsRichard Purdie2012-03-162-1/+2
| | | | | | | | | WARNING: For recipe cpio, the following files/directories were installed but not shipped in any package: WARNING: /usr/bin (From OE-Core rev: da88ac4b30a367641451167868bd8fc48010f646) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gplv2 recipes update upstream status of patchesNitin A Kamble2011-05-232-0/+4
| | | | | | | | | | | | grep-2.5.1a: update upstream status of patches tar-1.17: update upstream-status of patches at-3.1.12: update upstream-status for patches cpio-2.8: update upstream-status for patches (From OE-Core rev: fbc0fdbbb759b37d97de6f28daf04055531fbe0b) Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Add Upstream-Status to various recipe patchesScott Garman2011-05-171-2/+6
| | | | | | | | | | | | | | | | | | | Add Upstream-Status tag to patches for the following recipes: openssh dbus-glib expat opensp sgml-common at cpio (GPLv3 version) libpam icu (From OE-Core rev: 0702602332ad63c2cfaa207516497bb0b75bfdf3) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Fix the Upstream-Status formatNitin A Kamble2011-05-111-1/+1
| | | | | | | (From OE-Core rev: d7237140554ad076be12edf915d6d15206c9b8c7) Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio-2.8 (GPLv2) bug fixNitin A Kamble2011-04-282-2/+29
| | | | | | | | | This fixes bug [YOCTO #982] (From OE-Core rev: 9e917c6f48f3d6b1734e716b92506a1149c19b7e) Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Fix the SHA256 Checksum for the src tarballSaul Wold2011-03-081-1/+1
| | | | | | | (From OE-Core rev: b8550ac3f30bd983191afe0f1afe3c6c45a54bca) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-extended: Add Summary informationMark Hatle2010-12-161-1/+3
| | | | | | Add Summary information and update descriptions as necessary. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* SRC_URI Checksums AdditionalsSaul Wold2010-12-091-2/+2
| | | | Signed-off-by: Saul Wold <sgw@linux.intel.com>
* cpio: add version 2.11 (GPLv3)Scott Garman2010-09-272-0/+22
| | | | | | | This is the most recent version of cpio. Recipe derived from OpenEmbedded's recipe for cpio v2.5. Signed-off-by: Scott Garman <scott.a.garman@intel.com>
* Major layout change to the packages directoryRichard Purdie2010-08-274-0/+95
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>