aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cpio/cpio_2.12.bb
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-11-29 11:42:14 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-02-25 22:13:07 +0000
commitc0a3874799224c9ae0d6d7dc4d0a0acf364ccdab (patch)
treeec48ffaa6e6854a6ec1891a28854528de65440d3 /meta/recipes-extended/cpio/cpio_2.12.bb
parent3eb59559ecd2e93fb590a330b47de1db0750fc0b (diff)
downloadopenembedded-core-contrib-c0a3874799224c9ae0d6d7dc4d0a0acf364ccdab.tar.gz
cpio: fix crash when appending to archives
The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory bug when appending to an existing archive, which is an operation we perform when building an image. (From OE-Core rev: 046e3e1fca925febf47b3fdd5d4e9ee2e1fad868) (From OE-Core rev: 2ff6ab2e2944c6a53523b4b1611e1d22f6393500) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-extended/cpio/cpio_2.12.bb')
-rw-r--r--meta/recipes-extended/cpio/cpio_2.12.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb
index 69d36983e3..6ba8337e5d 100644
--- a/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0001-Fix-CVE-2015-1197.patch \
file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
+ file://0001-Fix-segfault-with-append.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-22 10:25:15 +0000