cpio: fix CVE-2015-1197

Additional directory traversal vulnerability via symlinks cpio CVE-2015-1197 Initial report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669 Upstream report: https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html And fix the indent in SRC_URI. [YOCTO #7182] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Robert Yang <liezhi.yang@windriver.com> 2015-03-26 02:18:09 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-03-29 23:07:14 +0100
commit: af18ce070bd1c73f3619d6370928fe7e2e06ff5e (patch)
tree: 8c57514834a01deff418d953c431be66a1ca6e4e /meta/recipes-extended/cpio/cpio_2.11.bb
parent: 4c389880dc9c6221344f7aed221fe8356e8c2056 (diff)
download: openembedded-core-contrib-af18ce070bd1c73f3619d6370928fe7e2e06ff5e.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-extended/cpio/cpio_2.11.bb b/meta/recipes-extended/cpio/cpio_2.11.bb
index c42db6f352..053888f1c0 100644
--- a/meta/recipes-extended/cpio/cpio_2.11.bb
+++ b/meta/recipes-extended/cpio/cpio_2.11.bb
@@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
 PR = "r5"
 
 SRC_URI += "file://remove-gets.patch \
-	    file://fix-memory-overrun.patch \
+        file://fix-memory-overrun.patch \
+        file://cpio-CVE-2015-1197.patch \
            "
 
 SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c"
author	Robert Yang <liezhi.yang@windriver.com>	2015-03-26 02:18:09 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-03-29 23:07:14 +0100
commit	af18ce070bd1c73f3619d6370928fe7e2e06ff5e (patch)
tree	8c57514834a01deff418d953c431be66a1ca6e4e /meta/recipes-extended/cpio/cpio_2.11.bb
parent	4c389880dc9c6221344f7aed221fe8356e8c2056 (diff)
download	openembedded-core-contrib-af18ce070bd1c73f3619d6370928fe7e2e06ff5e.tar.gz