From 3837f294227f8d12fd9d954bf1a44dd65b2df1e0 Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Thu, 26 Mar 2015 02:18:09 -0700
Subject: cpio: fix CVE-2015-1197

Additional directory traversal vulnerability via symlinks
cpio CVE-2015-1197

Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

And fix the indent in SRC_URI.

[YOCTO #7182]

(From OE-Core rev: af18ce070bd1c73f3619d6370928fe7e2e06ff5e)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/cpio/cpio_2.11.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-extended/cpio/cpio_2.11.bb')

diff --git a/meta/recipes-extended/cpio/cpio_2.11.bb b/meta/recipes-extended/cpio/cpio_2.11.bb
index c42db6f352..053888f1c0 100644
--- a/meta/recipes-extended/cpio/cpio_2.11.bb
+++ b/meta/recipes-extended/cpio/cpio_2.11.bb
@@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
 PR = "r5"
 
 SRC_URI += "file://remove-gets.patch \
-	    file://fix-memory-overrun.patch \
+        file://fix-memory-overrun.patch \
+        file://cpio-CVE-2015-1197.patch \
            "
 
 SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c"
-- 
cgit v1.2.3-54-g00ecf