diff options
author | Huang Qiyu <huangqy.fnst@cn.fujitsu.com> | 2018-01-31 16:56:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-06 10:54:37 +0000 |
commit | 9dc417ef8f94b51140fe2befcd492f6ea9726a4a (patch) | |
tree | 36a282127dde887144c4b73bdee7a5cbe258b76a /meta/recipes-extended/tar | |
parent | 2fe6961b3d6786c4acd666f78b8b2105bfa0b9d1 (diff) | |
download | openembedded-core-contrib-9dc417ef8f94b51140fe2befcd492f6ea9726a4a.tar.gz |
tar: 1.29 -> 1.30
1.Upgrade tar from 1.29 to 1.30.
2.Modify musl_dirent.patch, since the data has been changed.
3.Delete CVE-2016-6321.patch, since it is integrated upstream.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-extended/tar')
-rw-r--r-- | meta/recipes-extended/tar/tar/CVE-2016-6321.patch | 66 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar/musl_dirent.patch | 4 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar_1.30.bb (renamed from meta/recipes-extended/tar/tar_1.29.bb) | 5 |
3 files changed, 4 insertions, 71 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2016-6321.patch b/meta/recipes-extended/tar/tar/CVE-2016-6321.patch deleted file mode 100644 index 6d35bcc513..0000000000 --- a/meta/recipes-extended/tar/tar/CVE-2016-6321.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> -Date: Sat, 29 Oct 2016 21:04:40 -0700 -Subject: [PATCH] When extracting, skip ".." members - -* NEWS: Document this. -* src/extract.c (extract_archive): Skip members whose names -contain "..". - -CVE: CVE-2016-6321 -Upstream-Status: Backport - -Cherry picked from commit: 7340f67 When extracting, skip ".." members - -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> ---- - NEWS | 8 +++++++- - src/extract.c | 8 ++++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index 501164a..fc97cfc 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,6 +1,12 @@ --GNU tar NEWS - User visible changes. 2016-05-16 -+GNU tar NEWS - User visible changes. 2016-10-29 - Please send GNU tar bug reports to <bug-tar@gnu.org> - -+* Member names containing '..' components are now skipped when extracting. -+ -+This fixes tar's behavior to match its documentation, and is a bit -+safer when extracting untrusted archives over old files (an unsafe -+practice that the tar manual has long recommended against). -+ - - version 1.29 - Sergey Poznyakoff, 2016-05-16 - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { --- -1.9.1 - diff --git a/meta/recipes-extended/tar/tar/musl_dirent.patch b/meta/recipes-extended/tar/tar/musl_dirent.patch index b0dc16c3dd..2d98ed1310 100644 --- a/meta/recipes-extended/tar/tar/musl_dirent.patch +++ b/meta/recipes-extended/tar/tar/musl_dirent.patch @@ -14,6 +14,6 @@ Index: tar-1.28/m4/d-ino.m4 - linux*-gnu*) gl_cv_struct_dirent_d_ino="guessing yes" ;; + linux*-gnu*|linux*-musl*) + gl_cv_struct_dirent_d_ino="guessing yes" ;; + # Guess no on native Windows. + mingw*) gl_cv_struct_dirent_d_ino="guessing no" ;; # If we don't know, assume the worst. - *) gl_cv_struct_dirent_d_ino="guessing no" ;; - esac diff --git a/meta/recipes-extended/tar/tar_1.29.bb b/meta/recipes-extended/tar/tar_1.30.bb index f22d9c9388..e743a6d0d0 100644 --- a/meta/recipes-extended/tar/tar_1.29.bb +++ b/meta/recipes-extended/tar/tar_1.30.bb @@ -8,10 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI += "file://remove-gets.patch \ file://musl_dirent.patch \ - file://CVE-2016-6321.patch \ " -SRC_URI[md5sum] = "955cd533955acb1804b83fd70218da51" -SRC_URI[sha256sum] = "236b11190c0a3a6885bdb8d61424f2b36a5872869aa3f7f695dea4b4843ae2f2" +SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65" +SRC_URI[sha256sum] = "87592b86cb037c554375f5868bdd3cc57748aef38d6cb741c81065f0beac63b7" do_install_append_libc-musl() { rm -f ${D}${libdir}/charset.alias |